authorizes.rb 931 B

123456789101112131415161718192021222324252627282930313233343536
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. module ApplicationController::Authorizes
  3. extend ActiveSupport::Concern
  4. include Pundit::Authorization
  5. private
  6. def authorize!(record = policy_record, query = nil)
  7. authorize(record, query)
  8. end
  9. def authorized?(record = policy_record, query = nil)
  10. authorize!(record, query)
  11. true
  12. rescue Exceptions::Forbidden, Pundit::NotAuthorizedError
  13. false
  14. end
  15. def policy_record
  16. # check permissions in matching Pundit policy
  17. # Controllers namspace is used (See: https://github.com/varvet/pundit#policy-namespacing)
  18. # [:controllers, self] => Controllers::RolesControllerPolicy
  19. [:controllers, self]
  20. end
  21. def pundit_user
  22. @pundit_user ||= begin
  23. if current_user_on_behalf
  24. UserContext.new(current_user_on_behalf)
  25. else
  26. UserContext.new(current_user_real, @_token)
  27. end
  28. end
  29. end
  30. end