effective_permission.rb 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. # Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
  2. class KnowledgeBase
  3. class EffectivePermission
  4. def initialize(user, object)
  5. @user = user
  6. @object = object
  7. end
  8. def access_effective
  9. return 'none' if !@user
  10. @user.roles.reduce('none') do |memo, role|
  11. access = access_role_effective(role)
  12. return access if access == 'editor'
  13. memo == 'reader' ? memo : access
  14. end
  15. end
  16. private
  17. def permissions
  18. @permissions ||= @object.permissions_effective
  19. end
  20. def access_role_effective(role)
  21. permission = permissions.find { |elem| elem.role == role }
  22. return default_role_access(role) if !permission
  23. calculate_role(role, permission)
  24. end
  25. def calculate_role(role, permission)
  26. if permission.access == 'editor' && role.with_permission?('knowledge_base.editor')
  27. 'editor'
  28. elsif %w[editor reader].include?(permission.access) && role.with_permission?(%w[knowledge_base.editor knowledge_base.reader])
  29. 'reader'
  30. elsif @object.public_content?
  31. 'public_reader'
  32. else
  33. 'none'
  34. end
  35. end
  36. def default_role_access(role)
  37. if role.with_permission?('knowledge_base.editor')
  38. 'editor'
  39. elsif role.with_permission?('knowledge_base.reader')
  40. 'reader'
  41. else
  42. 'none'
  43. end
  44. end
  45. end
  46. end