trabajo-afectivo/app/policies/activity_stream_policy/scope.rb

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/

class ActivityStreamPolicy < ApplicationPolicy
  class Scope < ApplicationPolicy::Scope
    def resolve
      if customer?
        scope.where(id: nil)
      elsif group_ids.blank?
        scope.where(permission_id: permission_ids, group_id: nil)
      else
        scope.where(permission_id: [*permission_ids, nil], group_id: [*group_ids, nil])
          .where.not('permission_id IS NULL AND group_id IS NULL')
      end
    end

    private

    def customer?
      !user.permissions?(%w[admin ticket.agent])
    end

    def permission_ids
      @permission_ids ||= user.permissions_with_child_ids
    end

    def group_ids
      @group_ids ||= user.group_ids_access('read')
    end
  end
end
Refactoring: Migrate user permission handling to Pundit policies. 2021-07-23 13:07:16 +00:00			`# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/`

			`class ActivityStreamPolicy < ApplicationPolicy`
			`class Scope < ApplicationPolicy::Scope`
			`def resolve`
			`if customer?`
			`scope.where(id: nil)`
			`elsif group_ids.blank?`
			`scope.where(permission_id: permission_ids, group_id: nil)`
			`else`
			`scope.where(permission_id: [permission_ids, nil], group_id: [group_ids, nil])`
			`.where.not('permission_id IS NULL AND group_id IS NULL')`
			`end`
			`end`

			`private`

			`def customer?`
			`!user.permissions?(%w[admin ticket.agent])`
			`end`

			`def permission_ids`
			`@permission_ids \|\|= user.permissions_with_child_ids`
			`end`

			`def group_ids`
			`@group_ids \|\|= user.group_ids_access('read')`
			`end`
			`end`
			`end`