Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Branch: develop
Branches Tags
zammad
/
lib
/
validations
/
data_privacy_task_validator.rb

data_privacy_task_validator.rb 2.1 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. class Validations::DataPrivacyTaskValidator < ActiveModel::Validator
    4. 

  4. 

  5.   attr_reader :record
    6. 

  6. 

  7.   delegate :deletable, to: :record
    8. 

  8. 

  9.   def validate(record)
    10. 

  10.     @record = record
    11. 

  11. 

  12.     check_for_deletable_type
    13. 

  13.     check_for_existing_task
    14. 

  14.     check_for_user
    15. 

  15.   end
    16. 

  16. 

  17.   private
    18. 

  18. 

  19.   def check_for_deletable_type
    20. 

  20.     return if !record.deletable_type_changed?
    21. 

  21.     return if [User, Ticket].any? { deletable.is_a?(_1) }
    22. 

  22. 

  23.     record.errors.add(:base, __('Data privacy task allows to delete a user or a ticket only.'))
    24. 

  24.   end
    25. 

  25. 

  26.   def check_for_user
    27. 

  27.     return if !record.deletable_id_changed?
    28. 

  28.     return if !deletable.is_a?(User)
    29. 

  29. 

  30.     check_for_system_user
    31. 

  31.     check_for_current_user
    32. 

  32.     check_for_last_admin
    33. 

  33.   end
    34. 

  34. 

  35.   def check_for_system_user
    36. 

  36.     return if deletable.id != 1
    37. 

  37. 

  38.     record.errors.add(:base, __('It is not possible to delete the system user.'))
    39. 

  39.   end
    40. 

  40. 

  41.   def check_for_current_user
    42. 

  42.     return if deletable.id != UserInfo.current_user_id
    43. 

  43. 

  44.     record.errors.add(:base, __('It is not possible to delete your current account.'))
    45. 

  45.   end
    46. 

  46. 

  47.   def check_for_last_admin
    48. 

  48.     return if !last_admin?
    49. 

  49. 

  50.     record.errors.add(:base, __('It is not possible to delete the last account with admin permissions.'))
    51. 

  51.   end
    52. 

  52. 

  53.   def check_for_existing_task
    54. 

  54.     return if !record.deletable_id_changed?
    55. 

  55.     return if !tasks_exists?
    56. 

  56. 

  57.     record.errors.add(:base, __('Selected object is already queued for deletion.'))
    58. 

  58.   end
    59. 

  59. 

  60.   def tasks_exists?
    61. 

  61.     DataPrivacyTask
    62. 

  62.       .where.not(id:    record.id)
    63. 

  63.       .where.not(state: 'failed')
    64. 

  64.       .exists? deletable: deletable
    65. 

  65.   end
    66. 

  66. 

  67.   def last_admin?
    68. 

  68.     return false if !deletable_is_admin?
    69. 

  69. 

  70.     future_admin_ids.blank?
    71. 

  71.   end
    72. 

  72. 

  73.   def future_admin_ids
    74. 

  74.     other_admin_ids - existing_jobs_admin_ids
    75. 

  75.   end
    76. 

  76. 

  77.   def other_admin_ids
    78. 

  78.     admin_users.where.not(id: deletable.id).pluck(:id)
    79. 

  79.   end
    80. 

  80. 

  81.   def deletable_is_admin?
    82. 

  82.     admin_users.exists?(id: deletable.id)
    83. 

  83.   end
    84. 

  84. 

  85.   def existing_jobs_admin_ids
    86. 

  86.     DataPrivacyTask.where(
    87. 

  87.       deletable_id:   other_admin_ids,
    88. 

  88.       deletable_type: 'User'
    89. 

  89.     ).pluck(:deletable_id)
    90. 

  90.   end
    91. 

  91. 

  92.   def admin_users
    93. 

  93.     User.with_permissions('admin')
    94. 

  94.   end
    95. 

  95. end
    96.