trabajo-afectivo/app/policies/ticket_policy.rb

# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/

class TicketPolicy < ApplicationPolicy

  def show?
    access?('read')
  end

  def create?
    ensure_group!
    access?('create')
  end

  def update?
    access?('change')
  end

  def destroy?
    return true if user.permissions?('admin')

    # This might look like a bug is actually just defining
    # what exception is being raised and shown to the user.
    return false if !access?('delete')

    not_authorized('admin permission required')
  end

  def full?
    access?('full')
  end

  def ensure_group!
    return if record.group_id

    raise Exceptions::UnprocessableEntity, __("Group can't be blank")
  end

  def follow_up?
    return true if user.permissions?('ticket.agent') # agents can always reopen tickets, regardless of group configuration
    return true if record.group.follow_up_possible != 'new_ticket' # check if the setting for follow_up_possible is disabled
    return true if record.state.name != 'closed' # check if the ticket state is already closed

    raise Exceptions::UnprocessableEntity, __('Cannot follow-up on a closed ticket. Please create a new ticket.')
  end

  def agent_read_access?
    agent_access?('read')
  end

  private

  def access?(access)
    return true if agent_access?(access)

    customer_access?
  end

  def agent_access?(access)
    return false if !user.permissions?('ticket.agent')
    return true if owner?

    user.group_access?(record.group.id, access)
  end

  def owner?
    record.owner_id == user.id
  end

  def customer_access?
    return false if !user.permissions?('ticket.customer')
    return true if customer?

    shared_organization?
  end

  def customer?
    record.customer_id == user.id
  end

  def shared_organization?
    return false if record.organization_id.blank?
    return false if user.organization_id.blank?
    return false if record.organization_id != user.organization_id

    record.organization.shared?
  end
end
Maintenance: Update copyright header. 2022-01-01 13:38:12 +00:00			`# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/`
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`class TicketPolicy < ApplicationPolicy`

			`def show?`
			`access?('read')`
			`end`

			`def create?`
Fixes #2568 - Change-Right allows creation of new tickets. 2020-11-13 14:10:24 +00:00			`ensure_group!`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`access?('create')`
			`end`

			`def update?`
			`access?('change')`
			`end`

			`def destroy?`
			`return true if user.permissions?('admin')`

			`# This might look like a bug is actually just defining`
			`# what exception is being raised and shown to the user.`
			`return false if !access?('delete')`

			`not_authorized('admin permission required')`
			`end`

			`def full?`
			`access?('full')`
			`end`

Fixes #2568 - Change-Right allows creation of new tickets. 2020-11-13 14:10:24 +00:00			`def ensure_group!`
			`return if record.group_id`

Fixes #2709, fixes #2666, fixes #2665, fixes #556, fixes #3275 - Refactoring: Implement new translation toolchain based on gettext. - Translations are no longer fetched from the cloud. - Instead, they are extracted from the codebase and stored in i18n/zammad.pot. - Translations will be managed via a public Weblate instance soon. - The translated .po files are fed to the database as before. - It is now possible to change "translation" strings for en-us locally via the admin GUI. - It is no longer possible to submit local changes. 2021-11-15 15:58:19 +00:00			`raise Exceptions::UnprocessableEntity, __("Group can't be blank")`
Fixes #2568 - Change-Right allows creation of new tickets. 2020-11-13 14:10:24 +00:00			`end`

Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`def follow_up?`
			`return true if user.permissions?('ticket.agent') # agents can always reopen tickets, regardless of group configuration`
			`return true if record.group.follow_up_possible != 'new_ticket' # check if the setting for follow_up_possible is disabled`
			`return true if record.state.name != 'closed' # check if the ticket state is already closed`

Fixes #2709, fixes #2666, fixes #2665, fixes #556, fixes #3275 - Refactoring: Implement new translation toolchain based on gettext. - Translations are no longer fetched from the cloud. - Instead, they are extracted from the codebase and stored in i18n/zammad.pot. - Translations will be managed via a public Weblate instance soon. - The translated .po files are fed to the database as before. - It is now possible to change "translation" strings for en-us locally via the admin GUI. - It is no longer possible to submit local changes. 2021-11-15 15:58:19 +00:00			`raise Exceptions::UnprocessableEntity, __('Cannot follow-up on a closed ticket. Please create a new ticket.')`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`end`

Maintenance: Improved article view for agent customer. 2020-10-29 14:43:14 +00:00			`def agent_read_access?`
			`agent_access?('read')`
			`end`

Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`private`

			`def access?(access)`
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`return true if agent_access?(access)`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`customer_access?`
			`end`

			`def agent_access?(access)`
			`return false if !user.permissions?('ticket.agent')`
			`return true if owner?`

			`user.group_access?(record.group.id, access)`
			`end`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`def owner?`
			`record.owner_id == user.id`
			`end`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`def customer_access?`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`return false if !user.permissions?('ticket.customer')`
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`return true if customer?`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`shared_organization?`
			`end`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`def customer?`
			`record.customer_id == user.id`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`end`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Refactoring: Use more explicit methods to reason about code. 2020-09-08 12:51:34 +00:00			`def shared_organization?`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`return false if record.organization_id.blank?`
			`return false if user.organization_id.blank?`
			`return false if record.organization_id != user.organization_id`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`record.organization.shared?`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`end`
			`end`