Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Branch: stable-5.4
Branches Tags
zammad
/
app
/
policies
/
store_policy.rb

store_policy.rb 925 B
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. class StorePolicy < ApplicationPolicy
    4. 

  4. 

  5.   # Store objects are authorized based on the policy of the object that "owns" them,
    6. 

  6.   #   like the ticket or knowledge base answer they are attached to.
    7. 

  7.   # If no owner class or record can be found, forbid access by default.
    8. 

  8. 

  9.   def show?
    10. 

  10.     store_object_policy(store_object_owner)&.show?
    11. 

  11.   end
    12. 

  12. 

  13.   def destroy?
    14. 

  14.     store_object_policy(store_object_owner)&.destroy?
    15. 

  15.   end
    16. 

  16. 

  17.   def user_required?
    18. 

  18.     false
    19. 

  19.   end
    20. 

  20. 

  21.   def custom_exception
    22. 

  22.     ActiveRecord::RecordNotFound.new
    23. 

  23.   end
    24. 

  24. 

  25.   private
    26. 

  26. 

  27.   def store_object_class
    28. 

  28.     record.store_object&.name&.safe_constantize
    29. 

  29.   end
    30. 

  30. 

  31.   def store_object_policy(target)
    32. 

  32.     Pundit.policy user, target
    33. 

  33.   end
    34. 

  34. 

  35.   def store_object_owner
    36. 

  36.     if store_object_class == UploadCache
    37. 

  37.       return UploadCache.new(record.o_id)
    38. 

  38.     end
    39. 

  39. 

  40.     store_object_class&.find record.o_id
    41. 

  41.   end
    42. 

  42. end
    43.