trabajo-afectivo/lib/user_context.rb

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/

# We need a special UserContext when authorizing in controller context
# because of Token authentication which has it's own permissions
# See: https://github.com/varvet/pundit#additional-context
# We use a Delegator here to have transparent / DuckType access
# to the underlying User instance in the Policy
class UserContext < Delegator

  def initialize(user, token = nil) # rubocop:disable Lint/MissingSuper
    @user  = user
    @token = token
  end

  def __getobj__
    @user
  end

  def permissions!(permissions)
    raise Exceptions::Forbidden, 'Authentication required' if !@user
    raise Exceptions::Forbidden, 'Not authorized (user)!' if !@user.permissions?(permissions)
    return if !@token
    return if @token.with_context(user: @user) { permissions?(permissions) }

    raise Exceptions::Forbidden, 'Not authorized (token)!'
  end

  def permissions?(permissions)
    permissions!(permissions)
    true
  rescue Exceptions::Forbidden
    false
  end
end
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00			`# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/`

Fixes #3186 - Endpoint api/v1/ticket_articles/by_ticket ignores X-On-Behalf-Of 2020-09-14 06:34:42 +00:00			`# We need a special UserContext when authorizing in controller context`
			`# because of Token authentication which has it's own permissions`
			`# See: https://github.com/varvet/pundit#additional-context`
			`# We use a Delegator here to have transparent / DuckType access`
			`# to the underlying User instance in the Policy`
			`class UserContext < Delegator`

Fixes #3468: Not authorized error using Im X-On-Behalf-Of. 2021-04-01 15:14:25 +00:00			`def initialize(user, token = nil) # rubocop:disable Lint/MissingSuper`
Fixes #3186 - Endpoint api/v1/ticket_articles/by_ticket ignores X-On-Behalf-Of 2020-09-14 06:34:42 +00:00			`@user = user`
			`@token = token`
			`end`

			`def __getobj__`
			`@user`
			`end`

			`def permissions!(permissions)`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden, 'Authentication required' if !@user`
			`raise Exceptions::Forbidden, 'Not authorized (user)!' if !@user.permissions?(permissions)`
Fixes #3186 - Endpoint api/v1/ticket_articles/by_ticket ignores X-On-Behalf-Of 2020-09-14 06:34:42 +00:00			`return if !@token`
			`return if @token.with_context(user: @user) { permissions?(permissions) }`

Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden, 'Not authorized (token)!'`
Fixes #3186 - Endpoint api/v1/ticket_articles/by_ticket ignores X-On-Behalf-Of 2020-09-14 06:34:42 +00:00			`end`

			`def permissions?(permissions)`
			`permissions!(permissions)`
			`true`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`rescue Exceptions::Forbidden`
Fixes #3186 - Endpoint api/v1/ticket_articles/by_ticket ignores X-On-Behalf-Of 2020-09-14 06:34:42 +00:00			`false`
			`end`
			`end`