checks_access.rb 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class Ticket
  3. module ChecksAccess
  4. extend ActiveSupport::Concern
  5. # Checks the given access of a given user for a ticket.
  6. #
  7. # @param [User] The user that will be checked for given access.
  8. # @param [String] The access that should get checked.
  9. #
  10. # @example
  11. # ticket.access?(user, 'read')
  12. # #=> true
  13. #
  14. # @return [Boolean]
  15. def access?(user, access)
  16. # check customer
  17. if user.permissions?('ticket.customer')
  18. # access ok if its own ticket
  19. return true if customer_id == user.id
  20. # check organization ticket access
  21. return false if organization_id.blank?
  22. return false if user.organization_id.blank?
  23. return false if organization_id != user.organization_id
  24. return organization.shared?
  25. end
  26. # check agent
  27. # access if requestor is owner
  28. return true if owner_id == user.id
  29. # access if requestor is in group
  30. user.group_access?(group.id, access)
  31. end
  32. # Checks the given access of a given user for a ticket and fails with an exception.
  33. #
  34. # @param (see Ticket#access?)
  35. #
  36. # @example
  37. # ticket.access!(user, 'read')
  38. #
  39. # @raise [NotAuthorized] Gets raised if given user doesn't have the given access.
  40. #
  41. # @return [nil]
  42. def access!(user, access)
  43. return if access?(user, access)
  44. raise Exceptions::NotAuthorized
  45. end
  46. end
  47. end