123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 |
- class TicketPolicy < ApplicationPolicy
- def show?
- access?('read')
- end
- def create?
- access?('create')
- end
- def update?
- access?('change')
- end
- def destroy?
- return true if user.permissions?('admin')
- # This might look like a bug is actually just defining
- # what exception is being raised and shown to the user.
- return false if !access?('delete')
- not_authorized('admin permission required')
- end
- def full?
- access?('full')
- end
- def follow_up?
- return true if user.permissions?('ticket.agent') # agents can always reopen tickets, regardless of group configuration
- return true if record.group.follow_up_possible != 'new_ticket' # check if the setting for follow_up_possible is disabled
- return true if record.state.name != 'closed' # check if the ticket state is already closed
- raise Exceptions::UnprocessableEntity, 'Cannot follow-up on a closed ticket. Please create a new ticket.'
- end
- def agent_read_access?
- agent_access?('read')
- end
- private
- def access?(access)
- return true if agent_access?(access)
- customer_access?
- end
- def agent_access?(access)
- return false if !user.permissions?('ticket.agent')
- return true if owner?
- user.group_access?(record.group.id, access)
- end
- def owner?
- record.owner_id == user.id
- end
- def customer_access?
- return false if !user.permissions?('ticket.customer')
- return true if customer?
- shared_organization?
- end
- def customer?
- record.customer_id == user.id
- end
- def shared_organization?
- return false if record.organization_id.blank?
- return false if user.organization_id.blank?
- return false if record.organization_id != user.organization_id
- record.organization.shared?
- end
- end
|