| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
- class Ticket
- class Article
- module ChecksAccess
- extend ActiveSupport::Concern
- # Checks the given access of a given user for a ticket article.
- #
- # @param [User] The user that will be checked for given access.
- # @param [String] The access that should get checked.
- #
- # @example
- # article.access?(user, 'read')
- # #=> true
- #
- # @return [Boolean]
- def access?(user, access)
- if user.permissions?('ticket.customer')
- return false if internal == true
- end
- ticket = Ticket.lookup(id: ticket_id)
- ticket.access?(user, access)
- end
- # Checks the given access of a given user for a ticket article and fails with an exception.
- #
- # @param (see Ticket::Article#access?)
- #
- # @example
- # article.access!(user, 'read')
- #
- # @raise [NotAuthorized] Gets raised if given user doesn't have the given access.
- #
- # @return [nil]
- def access!(user, access)
- return if access?(user, access)
- raise Exceptions::NotAuthorized
- end
- end
- end
- end
|
