user_context.rb 935 B

1234567891011121314151617181920212223242526272829303132333435
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. # We need a special UserContext when authorizing in controller context
  3. # because of Token authentication which has it's own permissions
  4. # See: https://github.com/varvet/pundit#additional-context
  5. # We use a Delegator here to have transparent / DuckType access
  6. # to the underlying User instance in the Policy
  7. class UserContext < Delegator
  8. def initialize(user, token = nil) # rubocop:disable Lint/MissingSuper
  9. @user = user
  10. @token = token
  11. end
  12. def __getobj__
  13. @user
  14. end
  15. def permissions?(permissions)
  16. permissions!(permissions)
  17. true
  18. rescue Exceptions::Forbidden
  19. false
  20. end
  21. def permissions!(permissions)
  22. raise Exceptions::Forbidden, __('Authentication required') if !@user
  23. if @token
  24. return @token.with_context(user: @user) { permissions!(permissions) }
  25. end
  26. @user.permissions!(permissions)
  27. end
  28. end