group_policy.rb 838 B

123456789101112131415161718192021222324252627282930313233
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. class GroupPolicy < ApplicationPolicy
  3. def show?
  4. return true if admin?
  5. return true if user.group_access?(record, 'read')
  6. if user.permissions?('ticket.customer')
  7. return group_is_customer_group? || group_has_customer_tickets?
  8. end
  9. false
  10. end
  11. private
  12. def admin?
  13. user.permissions?('admin.group')
  14. end
  15. def group_is_customer_group?
  16. create_group_ids = Setting.get('customer_ticket_create_group_ids')
  17. return create_group_ids.include?(record.id) if create_group_ids.present?
  18. true # All groups allowed if 'customer_ticket_create_group_ids' is empty.
  19. end
  20. def group_has_customer_tickets?
  21. # Check if user is customer for any tickets in this group.
  22. Ticket.exists?(customer: user, group: record)
  23. end
  24. end