trabajo-afectivo/app/models/object_manager/element/backend.rb

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/

class ObjectManager::Element::Backend

  attr_reader :user, :attribute, :record

  def initialize(user:, attribute:, record:)
    @user      = user
    @attribute = attribute
    @record    = record
  end

  def visible?
    return true if attribute.data_option[:permission].blank?
    return false if user.blank?

    attribute.data_option[:permission].any? do |permission|
      authorized?(permission)
    end
  end

  def authorized?(permission)
    user.permissions?(permission)
  end

  def data
    data = default_data

    data[:screen] = screens if attribute.screens.present?

    return data if attribute.data_option.blank?

    data.merge(attribute.data_option.symbolize_keys)
  end

  def default_data
    {
      name:    attribute.name,
      display: attribute.display,
      tag:     attribute.data_type,
      # :null     => attribute.null,
    }
  end

  def screens
    @screens ||= attribute.screens.transform_values do |permission_options|
      screen_value(permission_options)
    end
  end

  def screen_value(permission_options)
    return permission_options['-all-'] if permission_options['-all-']
    return {} if user.blank?

    screen_permission_options(permission_options)
  end

  def screen_permission_options(permission_options)
    booleans = [true, false]
    permission_options.each_with_object({}) do |(permission, options), result|

      next if !authorized?(permission)

      options.each do |key, value|
        next if booleans.include?(result[key]) && !value

        result[key] = value
      end
    end
  end
end
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00			`# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/`

Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`class ObjectManager::Element::Backend`

			`attr_reader :user, :attribute, :record`

			`def initialize(user:, attribute:, record:)`
			`@user = user`
			`@attribute = attribute`
			`@record = record`
			`end`

			`def visible?`
			`return true if attribute.data_option[:permission].blank?`
			`return false if user.blank?`

			`attribute.data_option[:permission].any? do \|permission\|`
			`authorized?(permission)`
			`end`
			`end`

			`def authorized?(permission)`
			`user.permissions?(permission)`
			`end`

			`def data`
			`data = default_data`

			`data[:screen] = screens if attribute.screens.present?`

			`return data if attribute.data_option.blank?`

			`data.merge(attribute.data_option.symbolize_keys)`
			`end`

			`def default_data`
			`{`
			`name: attribute.name,`
			`display: attribute.display,`
			`tag: attribute.data_type,`
Maintenance: Bump rubocop from 1.18.4 to 1.19.0 2021-08-13 06:03:57 +00:00			`# :null => attribute.null,`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`}`
			`end`

			`def screens`
Maintenance: Add assets level to have different data sets based on permissions 2021-09-22 14:57:27 +00:00			`@screens \|\|= attribute.screens.transform_values do \|permission_options\|`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`screen_value(permission_options)`
			`end`
			`end`

			`def screen_value(permission_options)`
			`return permission_options['-all-'] if permission_options['-all-']`
			`return {} if user.blank?`

			`screen_permission_options(permission_options)`
			`end`

			`def screen_permission_options(permission_options)`
Maintenance: Updated rubocop(-* gems) to latest version (0.92.0). 2020-09-30 09:07:01 +00:00			`booleans = [true, false]`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00			`permission_options.each_with_object({}) do \|(permission, options), result\|`

			`next if !authorized?(permission)`

			`options.each do \|key, value\|`
Maintenance: Updated rubocop(-* gems) to latest version (0.92.0). 2020-09-30 09:07:01 +00:00			`next if booleans.include?(result[key]) && !value`
Fixes #967 - Access to my own Tickets (where I'm customer of) in a Group im not Agent. 2020-08-20 07:10:08 +00:00
			`result[key] = value`
			`end`
			`end`
			`end`
			`end`