2017-06-16 20:43:09 +00:00
|
|
|
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
module HasRoles
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
2020-02-20 13:34:03 +00:00
|
|
|
included do
|
|
|
|
has_and_belongs_to_many :roles,
|
|
|
|
before_add: %i[validate_agent_limit_by_role validate_roles],
|
|
|
|
after_add: %i[cache_update check_notifications push_ticket_create_screen_for_role_change],
|
|
|
|
before_remove: :last_admin_check_by_role,
|
|
|
|
after_remove: %i[cache_update push_ticket_create_screen_for_role_change]
|
|
|
|
end
|
|
|
|
|
2017-06-16 20:43:09 +00:00
|
|
|
# Checks a given Group( ID) for given access(es) for the instance associated roles.
|
|
|
|
#
|
|
|
|
# @example Group ID param
|
|
|
|
# user.role_access?(1, 'read')
|
|
|
|
# #=> true
|
|
|
|
#
|
|
|
|
# @example Group param
|
|
|
|
# user.role_access?(group, 'read')
|
|
|
|
# #=> true
|
|
|
|
#
|
|
|
|
# @example Access list
|
|
|
|
# user.role_access?(group, ['read', 'create'])
|
|
|
|
# #=> true
|
|
|
|
#
|
|
|
|
# @return [Boolean]
|
|
|
|
def role_access?(group_id, access)
|
2017-06-20 15:13:42 +00:00
|
|
|
return false if !groups_access_permission?
|
|
|
|
|
2017-06-16 20:43:09 +00:00
|
|
|
group_id = self.class.ensure_group_id_parameter(group_id)
|
|
|
|
access = self.class.ensure_group_access_list_parameter(access)
|
|
|
|
|
2019-07-04 11:16:55 +00:00
|
|
|
RoleGroup.eager_load(:group, :role).exists?(
|
2017-06-16 20:43:09 +00:00
|
|
|
role_id: roles.pluck(:id),
|
|
|
|
group_id: group_id,
|
|
|
|
access: access,
|
|
|
|
groups: {
|
|
|
|
active: true
|
|
|
|
},
|
2018-12-19 17:31:51 +00:00
|
|
|
roles: {
|
2017-06-16 20:43:09 +00:00
|
|
|
active: true
|
|
|
|
}
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2020-02-20 13:34:03 +00:00
|
|
|
def push_ticket_create_screen_for_role_change(role)
|
|
|
|
return if Setting.get('import_mode')
|
|
|
|
|
|
|
|
permission = Permission.lookup(name: 'ticket.agent')
|
|
|
|
return if !role.permissions.exists?(id: permission.id)
|
|
|
|
|
|
|
|
push_ticket_create_screen_background_job
|
|
|
|
end
|
|
|
|
|
2017-06-16 20:43:09 +00:00
|
|
|
# methods defined here are going to extend the class, not the instance of it
|
|
|
|
class_methods do
|
|
|
|
|
2017-06-20 15:13:42 +00:00
|
|
|
# Lists instances having the given access(es) to the given Group through Roles.
|
2017-06-16 20:43:09 +00:00
|
|
|
#
|
|
|
|
# @example Group ID param
|
2017-06-20 15:13:42 +00:00
|
|
|
# User.role_access(1, 'read')
|
2017-06-16 20:43:09 +00:00
|
|
|
# #=> [1, 3, ...]
|
|
|
|
#
|
|
|
|
# @example Group param
|
2017-06-20 15:13:42 +00:00
|
|
|
# User.role_access(group, 'read')
|
2017-06-16 20:43:09 +00:00
|
|
|
# #=> [1, 3, ...]
|
|
|
|
#
|
|
|
|
# @example Access list
|
2017-06-20 15:13:42 +00:00
|
|
|
# User.role_access(group, ['read', 'create'])
|
2017-06-16 20:43:09 +00:00
|
|
|
# #=> [1, 3, ...]
|
|
|
|
#
|
|
|
|
# @return [Array<Integer>]
|
2017-06-20 15:13:42 +00:00
|
|
|
def role_access(group_id, access)
|
2017-06-16 20:43:09 +00:00
|
|
|
group_id = ensure_group_id_parameter(group_id)
|
|
|
|
access = ensure_group_access_list_parameter(access)
|
|
|
|
|
2019-07-04 11:16:55 +00:00
|
|
|
role_ids = RoleGroup.eager_load(:role).where(group_id: group_id, access: access, roles: { active: true }).pluck(:role_id)
|
2017-06-16 20:43:09 +00:00
|
|
|
join_table = reflect_on_association(:roles).join_table
|
2017-06-20 15:13:42 +00:00
|
|
|
joins(:roles).where(active: true, join_table => { role_id: role_ids }).distinct.select(&:groups_access_permission?)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Lists IDs of instances having the given access(es) to the given Group through Roles.
|
|
|
|
#
|
|
|
|
# @example Group ID param
|
|
|
|
# User.role_access_ids(1, 'read')
|
|
|
|
# #=> [1, 3, ...]
|
|
|
|
#
|
|
|
|
# @example Group param
|
|
|
|
# User.role_access_ids(group, 'read')
|
|
|
|
# #=> [1, 3, ...]
|
|
|
|
#
|
|
|
|
# @example Access list
|
|
|
|
# User.role_access_ids(group, ['read', 'create'])
|
|
|
|
# #=> [1, 3, ...]
|
|
|
|
#
|
|
|
|
# @return [Array<Integer>]
|
|
|
|
def role_access_ids(group_id, access)
|
|
|
|
role_access(group_id, access).collect(&:id)
|
2017-06-16 20:43:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def ensure_group_id_parameter(group_or_id)
|
|
|
|
return group_or_id if group_or_id.is_a?(Integer)
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2017-06-16 20:43:09 +00:00
|
|
|
group_or_id.id
|
|
|
|
end
|
|
|
|
|
|
|
|
def ensure_group_access_list_parameter(access)
|
|
|
|
access = [access] if access.is_a?(String)
|
|
|
|
access.push('full') if !access.include?('full')
|
|
|
|
access
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|