application_controller_policy.rb 979 B

123456789101112131415161718192021222324252627282930313233343536373839
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class Controllers::ApplicationControllerPolicy < ApplicationPolicy
  3. class_attribute(:action_permissions_map, default: {})
  4. def self.inherited(subclass)
  5. super
  6. subclass.action_permissions_map = action_permissions_map.deep_dup
  7. end
  8. def self.default_permit!(permissions)
  9. action_permissions_map.default = permissions
  10. end
  11. def self.permit!(actions, to:)
  12. Array(actions).each do |action|
  13. action_permissions_map[:"#{action}?"] = to
  14. end
  15. end
  16. def method_missing(missing_method, *)
  17. case (permission = action_permissions_map[missing_method])
  18. when String, Array
  19. user.permissions!(permission)
  20. when Proc
  21. user.permissions!(instance_exec(&permission))
  22. else
  23. super
  24. end
  25. rescue Exceptions::Forbidden => e
  26. not_authorized(e)
  27. end
  28. def respond_to_missing?(missing_method, *)
  29. action_permissions_map[missing_method] || super
  30. end
  31. end