permissions.rb 16 KB


  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. Permission.create_if_not_exists(
  3. name: 'admin',
  4. label: __('Admin interface'),
  5. description: __('Configure your system.'),
  6. preferences: { prio: 1000 }
  7. )
  8. Permission.create_if_not_exists(
  9. name: 'admin.user',
  10. label: __('Users'),
  11. description: __('Manage all users of your system.'),
  12. preferences: { prio: 1010 }
  13. )
  14. Permission.create_if_not_exists(
  15. name: 'admin.group',
  16. label: __('Groups'),
  17. description: __('Manage groups of your system.'),
  18. preferences: { prio: 1020 }
  19. )
  20. Permission.create_if_not_exists(
  21. name: 'admin.role',
  22. label: __('Roles'),
  23. description: __('Manage roles of your system.'),
  24. preferences: { prio: 1030 }
  25. )
  26. Permission.create_if_not_exists(
  27. name: 'admin.organization',
  28. label: __('Organizations'),
  29. description: __('Manage all organizations of your system.'),
  30. preferences: { prio: 1040 }
  31. )
  32. Permission.create_if_not_exists(
  33. name: 'admin.overview',
  34. label: __('Overviews'),
  35. description: __('Manage ticket overviews of your system.'),
  36. preferences: { prio: 1050 }
  37. )
  38. Permission.create_if_not_exists(
  39. name: 'admin.text_module',
  40. label: __('Text modules'),
  41. description: __('Manage text modules of your system.'),
  42. preferences: { prio: 1060 }
  43. )
  44. Permission.create_if_not_exists(
  45. name: 'admin.macro',
  46. label: __('Macros'),
  47. description: __('Manage ticket macros of your system.'),
  48. preferences: { prio: 1070 }
  49. )
  50. Permission.create_if_not_exists(
  51. name: 'admin.template',
  52. label: __('Templates'),
  53. description: __('Manage ticket templates of your system.'),
  54. preferences: { prio: 1080 }
  55. )
  56. Permission.create_if_not_exists(
  57. name: 'admin.tag',
  58. label: __('Tags'),
  59. description: __('Manage ticket tags of your system.'),
  60. preferences: { prio: 1090 }
  61. )
  62. Permission.create_if_not_exists(
  63. name: 'admin.calendar',
  64. label: __('Calendars'),
  65. description: __('Manage calendars of your system.'),
  66. preferences: { prio: 1100 }
  67. )
  68. Permission.create_if_not_exists(
  69. name: 'admin.sla',
  70. label: __('SLAs'),
  71. description: __('Manage Service Level Agreements of your system.'),
  72. preferences: { prio: 1110 }
  73. )
  74. Permission.create_if_not_exists(
  75. name: 'admin.trigger',
  76. label: __('Trigger'),
  77. description: __('Manage triggers of your system.'),
  78. preferences: { prio: 1120 }
  79. )
  80. Permission.create_if_not_exists(
  81. name: 'admin.public_links',
  82. label: __('Public Links'),
  83. description: __('Manage public links of your system.'),
  84. preferences: { prio: 1130 }
  85. )
  86. Permission.create_if_not_exists(
  87. name: 'admin.webhook',
  88. label: __('Webhook'),
  89. description: __('Manage webhooks of your system.'),
  90. preferences: { prio: 1140 }
  91. )
  92. Permission.create_if_not_exists(
  93. name: 'admin.scheduler',
  94. label: __('Scheduler'),
  95. description: __('Manage schedulers of your system.'),
  96. preferences: { prio: 1150 }
  97. )
  98. Permission.create_if_not_exists(
  99. name: 'admin.report_profile',
  100. label: __('Report Profiles'),
  101. description: __('Manage report profiles of your system.'),
  102. preferences: { prio: 1160 }
  103. )
  104. Permission.create_if_not_exists(
  105. name: 'admin.time_accounting',
  106. label: __('Time Accounting'),
  107. description: __('Manage time accounting settings of your system.'),
  108. preferences: { prio: 1170 }
  109. )
  110. Permission.create_if_not_exists(
  111. name: 'admin.knowledge_base',
  112. label: __('Knowledge Base'),
  113. description: __('Create and set up Knowledge Base.'),
  114. preferences: { prio: 1180 }
  115. )
  116. Permission.create_if_not_exists(
  117. name: 'admin.channel_web',
  118. label: __('Web'),
  119. description: __('Manage web channel of your system.'),
  120. preferences: { prio: 1190 }
  121. )
  122. Permission.create_if_not_exists(
  123. name: 'admin.channel_formular',
  124. label: __('Form'),
  125. description: __('Manage form channel of your system.'),
  126. preferences: { prio: 1200 }
  127. )
  128. Permission.create_if_not_exists(
  129. name: 'admin.channel_email',
  130. label: __('Email'),
  131. description: __('Manage email channel of your system.'),
  132. preferences: { prio: 1210 }
  133. )
  134. Permission.create_if_not_exists(
  135. name: 'admin.channel_sms',
  136. label: __('SMS'),
  137. description: __('Manage SMS channel of your system.'),
  138. preferences: { prio: 1220 }
  139. )
  140. Permission.create_if_not_exists(
  141. name: 'admin.channel_chat',
  142. label: __('Chat'),
  143. description: __('Manage chat channel of your system.'),
  144. preferences: { prio: 1230 }
  145. )
  146. Permission.create_if_not_exists(
  147. name: 'admin.channel_google',
  148. label: __('Google'),
  149. description: __('Manage Google mail channel of your system.'),
  150. preferences: { prio: 1240 }
  151. )
  152. Permission.create_if_not_exists(
  153. name: 'admin.channel_microsoft365',
  154. label: __('Microsoft 365'),
  155. description: __('Manage Microsoft 365 mail channel of your system.'),
  156. preferences: { prio: 1250 }
  157. )
  158. Permission.create_if_not_exists(
  159. name: 'admin.channel_twitter',
  160. label: __('Twitter'),
  161. description: __('Manage Twitter channel of your system.'),
  162. preferences: { prio: 1260 }
  163. )
  164. Permission.create_if_not_exists(
  165. name: 'admin.channel_facebook',
  166. label: __('Facebook'),
  167. description: __('Manage Facebook channel of your system.'),
  168. preferences: { prio: 1270 }
  169. )
  170. Permission.create_if_not_exists(
  171. name: 'admin.channel_telegram',
  172. label: __('Telegram'),
  173. description: __('Manage Telegram channel of your system.'),
  174. preferences: { prio: 1280 }
  175. )
  176. Permission.create_if_not_exists(
  177. name: 'admin.channel_whatsapp',
  178. label: __('WhatsApp'),
  179. description: __('Manage WhatsApp channel of your system.'),
  180. preferences: { prio: 1290 }
  181. )
  182. Permission.create_if_not_exists(
  183. name: 'admin.branding',
  184. label: __('Branding'),
  185. description: __('Manage branding settings of your system.'),
  186. preferences: { prio: 1300 }
  187. )
  188. Permission.create_if_not_exists(
  189. name: 'admin.setting_system',
  190. label: __('System'),
  191. description: __('Manage core system settings.'),
  192. preferences: { prio: 1310 }
  193. )
  194. Permission.create_if_not_exists(
  195. name: 'admin.security',
  196. label: __('Security'),
  197. description: __('Manage security settings of your system.'),
  198. preferences: { prio: 1320 }
  199. )
  200. Permission.create_if_not_exists(
  201. name: 'admin.ticket',
  202. label: __('Ticket'),
  203. description: __('Manage ticket settings of your system.'),
  204. preferences: { prio: 1330 }
  205. )
  206. Permission.create_if_not_exists(
  207. name: 'admin.ticket_auto_assignment',
  208. label: __('Ticket Auto Assignment'),
  209. description: __('Manage ticket auto assignment settings of your system.'),
  210. preferences: { prio: 1331 }
  211. )
  212. Permission.create_if_not_exists(
  213. name: 'admin.ticket_duplicate_detection',
  214. label: __('Ticket Duplicate Detection'),
  215. description: __('Manage ticket duplicate detection settings of your system.'),
  216. preferences: { prio: 1332 }
  217. )
  218. Permission.create_if_not_exists(
  219. name: 'admin.integration',
  220. label: __('Integrations'),
  221. description: __('Manage integrations of your system.'),
  222. preferences: { prio: 1340 }
  223. )
  224. Permission.create_if_not_exists(
  225. name: 'admin.api',
  226. label: __('API'),
  227. description: __('Manage API of your system.'),
  228. preferences: { prio: 1350 }
  229. )
  230. Permission.create_if_not_exists(
  231. name: 'admin.object',
  232. label: __('Objects'),
  233. description: __('Manage object attributes of your system.'),
  234. preferences: { prio: 1360 }
  235. )
  236. Permission.create_if_not_exists(
  237. name: 'admin.ticket_state',
  238. label: __('Ticket States'),
  239. description: __('Manage ticket states of your system.'),
  240. preferences: { prio: 1370 }
  241. )
  242. Permission.create_if_not_exists(
  243. name: 'admin.ticket_priority',
  244. label: __('Ticket Priorities'),
  245. description: __('Manage ticket priorities of your system.'),
  246. preferences: { prio: 1380 }
  247. )
  248. Permission.create_if_not_exists(
  249. name: 'admin.core_workflow',
  250. label: __('Core Workflows'),
  251. description: __('Manage core workflows of your system.'),
  252. preferences: { prio: 1390 }
  253. )
  254. Permission.create_if_not_exists(
  255. name: 'admin.translation',
  256. label: __('Translations'),
  257. description: __('Manage translations of your system.'),
  258. preferences: { prio: 1400 }
  259. )
  260. Permission.create_if_not_exists(
  261. name: 'admin.data_privacy',
  262. label: __('Data Privacy'),
  263. description: __('Delete existing data of your system.'),
  264. preferences: { prio: 1410 }
  265. )
  266. Permission.create_if_not_exists(
  267. name: 'admin.maintenance',
  268. label: __('Maintenance'),
  269. description: __('Manage maintenance mode of your system.'),
  270. preferences: { prio: 1420 }
  271. )
  272. Permission.create_if_not_exists(
  273. name: 'admin.monitoring',
  274. label: __('Monitoring'),
  275. description: __('Manage monitoring of your system.'),
  276. preferences: { prio: 1430 }
  277. )
  278. Permission.create_if_not_exists(
  279. name: 'admin.package',
  280. label: __('Packages'),
  281. description: __('Manage packages of your system.'),
  282. preferences: { prio: 1440 }
  283. )
  284. Permission.create_if_not_exists(
  285. name: 'admin.session',
  286. label: __('Sessions'),
  287. description: __('Manage active user sessions of your system.'),
  288. preferences: { prio: 1450 }
  289. )
  290. Permission.create_if_not_exists(
  291. name: 'admin.system_report',
  292. label: __('System Report'),
  293. description: __('Manage system report of your system.'),
  294. preferences: { prio: 1460 }
  295. )
  296. Permission.create_if_not_exists(
  297. name: 'admin.checklist',
  298. label: __('Checklists'),
  299. description: __('Manage ticket checklists of your system.'),
  300. preferences: { prio: 1465 }
  301. )
  302. Permission.create_if_not_exists(
  303. name: 'chat',
  304. label: __('Chat'),
  305. description: __('Access to the chat interface.'),
  306. preferences: {
  307. prio: 1470,
  308. disabled: true,
  309. },
  310. )
  311. Permission.create_if_not_exists(
  312. name: 'chat.agent',
  313. label: __('Agent chat'),
  314. description: __('Access the agent chat features.'),
  315. preferences: { prio: 1480 }
  316. )
  317. Permission.create_if_not_exists(
  318. name: 'cti',
  319. label: __('Phone'),
  320. description: __('Access to the phone interface.'),
  321. preferences: {
  322. prio: 1490,
  323. disabled: true
  324. },
  325. )
  326. Permission.create_if_not_exists(
  327. name: 'cti.agent',
  328. label: __('Agent phone'),
  329. description: __('Access the agent phone features.'),
  330. preferences: { prio: 1500 }
  331. )
  332. Permission.create_if_not_exists(
  333. name: 'knowledge_base',
  334. label: __('Knowledge Base'),
  335. description: __('Access to the knowledge base interface.'),
  336. preferences: {
  337. prio: 1510,
  338. disabled: true,
  339. }
  340. )
  341. Permission.create_if_not_exists(
  342. name: 'knowledge_base.editor',
  343. label: __('Knowledge Base Editor'),
  344. description: __('Access the knowledge base editor features.'),
  345. preferences: { prio: 1520 }
  346. )
  347. Permission.create_if_not_exists(
  348. name: 'knowledge_base.reader',
  349. label: __('Knowledge Base Reader'),
  350. description: __('Access the knowledge base reader features.'),
  351. allow_signup: true,
  352. preferences: { prio: 1530 }
  353. )
  354. Permission.create_if_not_exists(
  355. name: 'report',
  356. label: __('Report'),
  357. description: __('Access to the report interface.'),
  358. preferences: { prio: 1540 }
  359. )
  360. Permission.create_if_not_exists(
  361. name: 'ticket',
  362. label: __('Ticket'),
  363. description: __('Access to the ticket interface.'),
  364. preferences: {
  365. prio: 1550,
  366. disabled: true
  367. },
  368. )
  369. Permission.create_if_not_exists(
  370. name: 'ticket.agent',
  371. label: __('Agent tickets'),
  372. description: __('Access the tickets as agent based on group access.'),
  373. preferences: {
  374. prio: 1560,
  375. plugin: ['groups']
  376. },
  377. )
  378. Permission.create_if_not_exists(
  379. name: 'ticket.customer',
  380. label: __('Customer tickets'),
  381. description: __('Access tickets as customer.'),
  382. allow_signup: true,
  383. preferences: { prio: 1570 }
  384. )
  385. Permission.create_if_not_exists(
  386. name: 'user_preferences',
  387. label: __('Profile settings'),
  388. description: __('Manage personal settings.'),
  389. allow_signup: true,
  390. preferences: { prio: 1580 }
  391. )
  392. Permission.create_if_not_exists(
  393. name: 'user_preferences.appearance',
  394. label: __('Appearance'),
  395. description: __('Manage personal appearance settings.'),
  396. allow_signup: true,
  397. preferences: { prio: 1590 }
  398. )
  399. Permission.create_if_not_exists(
  400. name: 'user_preferences.language',
  401. label: __('Language'),
  402. description: __('Manage personal language settings.'),
  403. allow_signup: true,
  404. preferences: { prio: 1600 }
  405. )
  406. Permission.create_if_not_exists(
  407. name: 'user_preferences.avatar',
  408. label: __('Avatar'),
  409. description: __('Manage personal avatar settings.'),
  410. allow_signup: true,
  411. preferences: { prio: 1610 }
  412. )
  413. Permission.create_if_not_exists(
  414. name: 'user_preferences.out_of_office',
  415. label: __('Out of Office'),
  416. description: __('Manage personal out of office settings.'),
  417. preferences: {
  418. prio: 1620,
  419. required: ['ticket.agent'],
  420. },
  421. allow_signup: true,
  422. )
  423. Permission.create_if_not_exists(
  424. name: 'user_preferences.password',
  425. label: __('Password'),
  426. description: __('Change personal account password.'),
  427. allow_signup: true,
  428. preferences: { prio: 1630 }
  429. )
  430. Permission.create_if_not_exists(
  431. name: 'user_preferences.two_factor_authentication',
  432. label: __('Two-factor Authentication'),
  433. description: __('Manage personal two-factor authentication methods.'),
  434. allow_signup: true,
  435. preferences: { prio: 1640 }
  436. )
  437. Permission.create_if_not_exists(
  438. name: 'user_preferences.device',
  439. label: __('Devices'),
  440. description: __('Manage personal devices and sessions.'),
  441. allow_signup: true,
  442. preferences: { prio: 1650 }
  443. )
  444. Permission.create_if_not_exists(
  445. name: 'user_preferences.access_token',
  446. label: __('Token Access'),
  447. description: __('Manage personal API tokens.'),
  448. allow_signup: true,
  449. preferences: { prio: 1660 }
  450. )
  451. Permission.create_if_not_exists(
  452. name: 'user_preferences.linked_accounts',
  453. label: __('Linked Accounts'),
  454. description: __('Manage personal linked accounts.'),
  455. allow_signup: true,
  456. preferences: { prio: 1670 }
  457. )
  458. Permission.create_if_not_exists(
  459. name: 'user_preferences.notifications',
  460. label: __('Notifications'),
  461. description: __('Manage personal notifications settings.'),
  462. preferences: {
  463. prio: 1680,
  464. required: ['ticket.agent'],
  465. },
  466. allow_signup: true,
  467. )
  468. Permission.create_if_not_exists(
  469. name: 'user_preferences.overview_sorting',
  470. label: __('Overviews'),
  471. description: __('Manage personal overviews.'),
  472. preferences: {
  473. prio: 1690,
  474. required: ['ticket.agent'],
  475. },
  476. allow_signup: true,
  477. )
  478. Permission.create_if_not_exists(
  479. name: 'user_preferences.calendar',
  480. label: __('Calendar'),
  481. description: __('Manage personal calendar.'),
  482. preferences: {
  483. prio: 1700,
  484. required: ['ticket.agent'],
  485. },
  486. allow_signup: true,
  487. )
  488. admin = Role.find_by(name: 'Admin')
  489. admin.permission_grant('user_preferences')
  490. admin.permission_grant('admin')
  491. admin.permission_grant('report')
  492. admin.permission_grant('knowledge_base.editor')
  493. agent = Role.find_by(name: 'Agent')
  494. agent.permission_grant('user_preferences')
  495. agent.permission_grant('ticket.agent')
  496. agent.permission_grant('chat.agent')
  497. agent.permission_grant('cti.agent')
  498. agent.permission_grant('knowledge_base.reader')
  499. customer = Role.find_by(name: 'Customer')
  500. customer.permission_grant('user_preferences.password')
  501. customer.permission_grant('user_preferences.two_factor_authentication')
  502. customer.permission_grant('user_preferences.language')
  503. customer.permission_grant('user_preferences.linked_accounts')
  504. customer.permission_grant('user_preferences.avatar')
  505. customer.permission_grant('user_preferences.appearance')
  506. customer.permission_grant('ticket.customer')