effective_permission.rb 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. class KnowledgeBase
  3. class EffectivePermission
  4. def initialize(user, object)
  5. @user = user
  6. @object = object
  7. end
  8. def access_effective
  9. return 'none' if !@user
  10. @user.roles.reduce('none') do |memo, role|
  11. access = access_role_effective(role)
  12. return 'editor' if access == 'editor'
  13. access_role_reducer(memo, access)
  14. end
  15. end
  16. private
  17. def access_role_reducer(memo, access)
  18. case access
  19. when 'reader'
  20. 'reader'
  21. when 'public_reader'
  22. memo == 'reader' ? memo : access
  23. when 'none'
  24. memo
  25. end
  26. end
  27. def permissions
  28. @permissions ||= @object.permissions_effective
  29. end
  30. def access_role_effective(role)
  31. permission = permissions.find { |elem| elem.role == role }
  32. return default_role_access(role) if !permission
  33. calculate_role(role, permission)
  34. end
  35. def calculate_role(role, permission)
  36. if permission.access == 'editor' && role.with_permission?('knowledge_base.editor')
  37. 'editor'
  38. elsif %w[editor reader].include?(permission.access) && role.with_permission?(%w[knowledge_base.editor knowledge_base.reader])
  39. 'reader'
  40. elsif @object.public_content?
  41. 'public_reader'
  42. else
  43. 'none'
  44. end
  45. end
  46. def default_role_access(role)
  47. if role.with_permission?('knowledge_base.editor')
  48. 'editor'
  49. elsif role.with_permission?('knowledge_base.reader')
  50. 'reader'
  51. else
  52. 'none'
  53. end
  54. end
  55. end
  56. end