checks_access.rb 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class Organization
  3. module ChecksAccess
  4. extend ActiveSupport::Concern
  5. # Checks the given access of a given user for an organization.
  6. #
  7. # @param [User] The user that will be checked for given access.
  8. # @param [String] The access that should get checked.
  9. #
  10. # @example
  11. # organization.access?(user, 'read')
  12. # #=> true
  13. #
  14. # @return [Boolean]
  15. def access?(user, access)
  16. # check customer
  17. if user.permissions?('ticket.customer')
  18. # access ok if its own organization
  19. return false if access != 'read'
  20. return false if !user.organization_id
  21. return id == user.organization_id
  22. end
  23. # check agent
  24. return true if user.permissions?('admin')
  25. return true if user.permissions?('ticket.agent')
  26. false
  27. end
  28. # Checks the given access of a given user for an organization and fails with an exception.
  29. #
  30. # @param (see Organization#access?)
  31. #
  32. # @example
  33. # organization.access!(user, 'read')
  34. #
  35. # @raise [NotAuthorized] Gets raised if given user doesn't have the given access.
  36. #
  37. # @return [nil]
  38. def access!(user, access)
  39. return if access?(user, access)
  40. raise Exceptions::NotAuthorized
  41. end
  42. end
  43. end