trabajo-afectivo/lib/user_context.rb

35 lines
1 KiB
Ruby
Raw Permalink Normal View History

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
# We need a special UserContext when authorizing in controller context
# because of Token authentication which has it's own permissions
# See: https://github.com/varvet/pundit#additional-context
# We use a Delegator here to have transparent / DuckType access
# to the underlying User instance in the Policy
class UserContext < Delegator
def initialize(user, token = nil) # rubocop:disable Lint/MissingSuper
@user = user
@token = token
end
def __getobj__
@user
end
def permissions!(permissions)
raise Exceptions::Forbidden, 'Authentication required' if !@user
raise Exceptions::Forbidden, 'Not authorized (user)!' if !@user.permissions?(permissions)
return if !@token
return if @token.with_context(user: @user) { permissions?(permissions) }
raise Exceptions::Forbidden, 'Not authorized (token)!'
end
def permissions?(permissions)
permissions!(permissions)
true
rescue Exceptions::Forbidden
false
end
end