2021-06-01 12:20:20 +00:00
|
|
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
|
2020-03-19 09:39:51 +00:00
|
|
|
module ApplicationController::Authorizes
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
include Pundit
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def authorize!(record = policy_record, query = nil)
|
|
|
|
authorize(record, query)
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorized?(record = policy_record, query = nil)
|
|
|
|
authorize!(record, query)
|
|
|
|
true
|
2021-02-04 08:28:41 +00:00
|
|
|
rescue Exceptions::Forbidden, Pundit::NotAuthorizedError
|
2020-03-19 09:39:51 +00:00
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def policy_record
|
|
|
|
# check permissions in matching Pundit policy
|
|
|
|
# Controllers namspace is used (See: https://github.com/varvet/pundit#policy-namespacing)
|
|
|
|
# [:controllers, self] => Controllers::RolesControllerPolicy
|
|
|
|
[:controllers, self]
|
|
|
|
end
|
|
|
|
|
|
|
|
def pundit_user
|
2021-04-01 15:14:25 +00:00
|
|
|
@pundit_user ||= begin
|
|
|
|
if current_user_on_behalf
|
|
|
|
UserContext.new(current_user_on_behalf)
|
|
|
|
else
|
|
|
|
UserContext.new(current_user_real, @_token)
|
|
|
|
end
|
|
|
|
end
|
2020-03-19 09:39:51 +00:00
|
|
|
end
|
|
|
|
end
|