| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 |
- class TicketPolicy < ApplicationPolicy
- def show?
- access?('read')
- end
- def create?
- ensure_group!
- access?('create')
- end
- def update?
- access?('change')
- end
- def destroy?
- return true if user.permissions?('admin')
- # This might look like a bug is actually just defining
- # what exception is being raised and shown to the user.
- return false if !access?('delete')
- not_authorized('admin permission required')
- end
- def full?
- access?('full')
- end
- def ensure_group!
- return if record.group_id
- raise Exceptions::UnprocessableEntity, "Group can't be blank"
- end
- def follow_up?
- return true if user.permissions?('ticket.agent') # agents can always reopen tickets, regardless of group configuration
- return true if record.group.follow_up_possible != 'new_ticket' # check if the setting for follow_up_possible is disabled
- return true if record.state.name != 'closed' # check if the ticket state is already closed
- raise Exceptions::UnprocessableEntity, 'Cannot follow-up on a closed ticket. Please create a new ticket.'
- end
- def agent_read_access?
- agent_access?('read')
- end
- private
- def access?(access)
- return true if agent_access?(access)
- customer_access?
- end
- def agent_access?(access)
- return false if !user.permissions?('ticket.agent')
- return true if owner?
- user.group_access?(record.group.id, access)
- end
- def owner?
- record.owner_id == user.id
- end
- def customer_access?
- return false if !user.permissions?('ticket.customer')
- return true if customer?
- shared_organization?
- end
- def customer?
- record.customer_id == user.id
- end
- def shared_organization?
- return false if record.organization_id.blank?
- return false if user.organization_id.blank?
- return false if record.organization_id != user.organization_id
- record.organization.shared?
- end
- end
|
