mentions_controller_policy.rb 579 B

1234567891011121314151617181920212223242526272829
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. class Controllers::MentionsControllerPolicy < Controllers::ApplicationControllerPolicy
  3. def index?
  4. object_accessible?
  5. end
  6. def create?
  7. object_accessible?
  8. end
  9. def destroy?
  10. mentioned_user?
  11. end
  12. private
  13. def object_accessible?
  14. Mention.mentionable? record.mentionable_object, user
  15. rescue Exceptions::UnprocessableEntity => e
  16. not_authorized(e)
  17. end
  18. def mentioned_user?
  19. mention = Mention.find_by id: record.params[:id]
  20. mention&.user_id == user.id
  21. end
  22. end