trabajo-afectivo/app/policies/user_policy.rb

44 lines
1 KiB
Ruby
Raw Permalink Normal View History

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
class UserPolicy < ApplicationPolicy
def show?
return true if user.permissions?('admin.*')
return true if own_account?
return true if user.permissions?('ticket.agent')
# check same organization for customers
return false if !user.permissions?('ticket.customer')
same_organization?
end
def update?
# full access for admins
return true if user.permissions?('admin.user')
# forbid non-agents to change users
return false if !user.permissions?('ticket.agent')
# allow agents to change customers only
return false if record.permissions?(['admin.user', 'ticket.agent'])
record.permissions?('ticket.customer')
end
def destroy?
user.permissions?('admin.user')
end
private
def own_account?
record.id == user.id
end
def same_organization?
return false if record.organization_id.blank?
return false if user.organization_id.blank?
record.organization_id == user.organization_id
end
end