zammad/app/models/permission.rb

# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/

class Permission < ApplicationModel
  include ChecksClientNotification
  include ChecksHtmlSanitized
  include HasCollectionUpdate

  has_and_belongs_to_many :roles
  store                   :preferences

  validates :name, presence: true

  # This is added to handle migrations from before the columns were modified.
  # For example when upgrading from pre-6.4.
  # Otherwise older migrations fail since those columnsa are not yet available.
  with_options if: -> { respond_to?(:label) && respond_to?(:description) } do
    validates :label, length: { maximum: 255 }
    validates :description, length: { maximum: 500 }
  end

  sanitized_html :description

  # Returns permission name with parent permission names
  #
  # @return [String]
  #
  # @example
  #   Permission.with_parents('some_key.sub_key')
  #   #=> ['some_key.sub_key', 'some_key']
  def self.with_parents(key)
    key
      .split('.')
      .each_with_object([]) do |elem, memo|
        memo << if (previous = memo.last)
                  "#{previous}.#{elem}"
                else
                  elem
                end
      end
  end

  def to_s
    name
  end

  def self.join_with(object, permissions)
    return object if !object.method_defined?(:permissions?)

    permissions = with_parents(permissions)

    object
      .joins(roles: :permissions)
      .where(roles: { active: true }, permissions: { name: permissions, active: true })
  end
end