| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
- class Organization
- module ChecksAccess
- extend ActiveSupport::Concern
- # Checks the given access of a given user for an organization.
- #
- # @param [User] The user that will be checked for given access.
- # @param [String] The access that should get checked.
- #
- # @example
- # organization.access?(user, 'read')
- # #=> true
- #
- # @return [Boolean]
- def access?(user, access)
- # check customer
- if user.permissions?('ticket.customer')
- # access ok if its own organization
- return false if access != 'read'
- return false if !user.organization_id
- return id == user.organization_id
- end
- # check agent
- return true if user.permissions?('admin')
- return true if user.permissions?('ticket.agent')
- false
- end
- # Checks the given access of a given user for an organization and fails with an exception.
- #
- # @param (see Organization#access?)
- #
- # @example
- # organization.access!(user, 'read')
- #
- # @raise [NotAuthorized] Gets raised if given user doesn't have the given access.
- #
- # @return [nil]
- def access!(user, access)
- return if access?(user, access)
- raise Exceptions::NotAuthorized
- end
- end
- end
|
