123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- class Controllers::AttachmentsControllerPolicy < Controllers::ApplicationControllerPolicy
- def show?
- store_object_policy(store_object_owner, allow_kb_preview_token: true)&.show?
- end
- def destroy?
- store_object_policy(store_object_owner)&.destroy?
- end
- def user_required?
- false
- end
- def custom_exception
- ActiveRecord::RecordNotFound.new
- end
- private
- def download_file
- record.send(:download_file)
- end
- def store_object_class
- download_file
- &.store_object
- &.name
- &.safe_constantize
- end
- def store_object_policy(target, allow_kb_preview_token: false)
- if allow_kb_preview_token &&
- attached_to_kb?(target) &&
- (token = record.session[:kb_preview_token])
- token_user = Token.check action: 'KnowledgeBasePreview', token: token
- end
- Pundit.policy token_user || user, target
- end
- def attached_to_kb?(target)
- return true if target.is_a?(KnowledgeBase::Answer::Translation::Content)
- return true if target.is_a?(KnowledgeBase::Answer)
- false
- end
- def store_object_owner
- store_object_class
- &.find download_file.o_id
- end
- end
|