| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
- class Auth
- class RequestCache < ActiveSupport::CurrentAttributes
- attribute :request_cache
- def self.fetch_value(name)
- self.request_cache ||= {}
- return self.request_cache[name] if !self.request_cache[name].nil?
- self.request_cache[name] = yield
- end
- def self.clear
- self.request_cache = {}
- end
- def self.permissions?(authorizable, auth_query)
- begin
- authorizable_key = authorizable.to_global_id.to_s
- rescue
- return instance.permissions?(authorizable, auth_query)
- end
- auth_query_key = Array(auth_query).join('|')
- fetch_value("permissions/#{authorizable_key}_#{auth_query_key}") do
- instance.permissions?(authorizable, auth_query)
- end
- end
- def permissions?(authorizable, auth_query)
- verbatim, wildcards = acceptable_permissions_for(auth_query)
- authorizable.permissions.where(name: verbatim).then do |base_query|
- wildcards.reduce(base_query) do |query, name|
- query.or(authorizable.permissions.where('permissions.name LIKE ?', name.sub('.*', '.%')))
- end
- end.exists?
- end
- private
- def acceptable_permissions_for(auth_query)
- Array(auth_query)
- .reject { |name| Permission.lookup(name: name)&.active == false } # See "chain-of-ancestry quirk" in spec file
- .flat_map { |name| Permission.with_parents(name) }.uniq
- .partition { |name| name.end_with?('.*') }.reverse
- end
- end
- end
|
