attachments_controller_policy.rb 759 B

1234567891011121314151617181920212223242526272829303132333435363738394041
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. class Controllers::AttachmentsControllerPolicy < Controllers::ApplicationControllerPolicy
  3. def show?
  4. store_object_policy(store_object_owner)&.show?
  5. end
  6. def destroy?
  7. store_object_policy(store_object_owner)&.destroy?
  8. end
  9. def user_required?
  10. false
  11. end
  12. def custom_exception
  13. ActiveRecord::RecordNotFound.new
  14. end
  15. private
  16. def download_file
  17. record.send(:download_file)
  18. end
  19. def store_object_class
  20. download_file
  21. &.store_object
  22. &.name
  23. &.safe_constantize
  24. end
  25. def store_object_policy(target)
  26. Pundit.policy user, target
  27. end
  28. def store_object_owner
  29. store_object_class
  30. &.find download_file.o_id
  31. end
  32. end