12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- class Controllers::LinksControllerPolicy < Controllers::ApplicationControllerPolicy
- default_permit!('admin.tag')
- def add?
- object_target_update? && object_source_show?
- end
- def remove?
- object_target_update?
- end
- private
- def object_target_update?
- object_policy(record.params[:link_object_target], id: record.params[:link_object_target_value])
- .update?
- end
- def object_source_show?
- object_policy(record.params[:link_object_source], number: record.params[:link_object_source_number])
- .show?
- end
- def object_policy(object_name, id: nil, number: nil)
- case [object_name, id, number]
- in ['Ticket', id, nil]
- ticket_policy(:id, id)
- in ['Ticket', nil, number]
- ticket_policy(:number, number)
- in ['KnowledgeBase::Answer::Translation', *_]
- kb_answer_policy(id.presence || number.presence)
- end
- end
- def kb_answer_policy(id)
- answer_id = KnowledgeBase::Answer::Translation.find(id).answer_id
- answer = KnowledgeBase::Answer.find(answer_id)
- KnowledgeBase::AnswerPolicy.new(user, answer)
- end
- def ticket_policy(key, id)
- ticket = Ticket.find_by!(key => id)
- TicketPolicy.new(user, ticket)
- end
- end
|