2021-06-01 12:20:20 +00:00
|
|
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
|
2020-03-19 09:39:51 +00:00
|
|
|
class Controllers::TaskbarControllerPolicy < Controllers::ApplicationControllerPolicy
|
|
|
|
|
|
|
|
def show?
|
|
|
|
own?
|
|
|
|
end
|
|
|
|
|
|
|
|
def update?
|
|
|
|
own?
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy?
|
|
|
|
own?
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def own?
|
|
|
|
taskbar = Taskbar.find(record.params[:id])
|
|
|
|
return true if taskbar.user_id == user.id
|
|
|
|
|
|
|
|
# current implementation requires this exception type
|
|
|
|
# should be replaced by unified way
|
|
|
|
raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.'
|
|
|
|
end
|
|
|
|
end
|