diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb index f3267447e..53db59afb 100644 --- a/app/controllers/organizations_controller.rb +++ b/app/controllers/organizations_controller.rb @@ -50,7 +50,7 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} # only allow customer to fetch his own organization organizations = [] - if is_role('Customer') && !is_role('Admin') && !is_role('Agent') + if is_role(Z_ROLENAME_CUSTOMER) && !is_role('Admin') && !is_role('Agent') if current_user.organization_id organizations = Organization.where( :id => current_user.organization_id ) end @@ -80,7 +80,7 @@ curl http://localhost/api/v1/organizations/#{id}.json -v -u #{login}:#{password} def show # only allow customer to fetch his own organization - if is_role('Customer') && !is_role('Admin') && !is_role('Agent') + if is_role(Z_ROLENAME_CUSTOMER) && !is_role('Admin') && !is_role('Agent') if !current_user.organization_id render :json => {} return diff --git a/app/controllers/sessions/collection_base.rb b/app/controllers/sessions/collection_base.rb index 11e8012cd..a282ab3af 100644 --- a/app/controllers/sessions/collection_base.rb +++ b/app/controllers/sessions/collection_base.rb @@ -24,7 +24,7 @@ module ExtraCollection Group.all.each {|item| assets = item.assets(assets) } - if !user.is_role('Customer') + if !user.is_role(Z_ROLENAME_CUSTOMER) collections[ Organization.to_app_model ] = [] Organization.all.each {|item| assets = item.assets(assets) diff --git a/app/controllers/sessions/collection_ticket.rb b/app/controllers/sessions/collection_ticket.rb index 3b23d3c9f..6a91072bb 100644 --- a/app/controllers/sessions/collection_ticket.rb +++ b/app/controllers/sessions/collection_ticket.rb @@ -24,7 +24,7 @@ module ExtraCollection Ticket::Article::Sender.all.each {|item| assets = item.assets(assets) } - if !user.is_role('Customer') + if !user.is_role(Z_ROLENAME_CUSTOMER) # all signatures collections[ Signature.to_app_model ] = [] diff --git a/app/controllers/tickets_controller.rb b/app/controllers/tickets_controller.rb index a434f2bf0..c7e7fff1f 100644 --- a/app/controllers/tickets_controller.rb +++ b/app/controllers/tickets_controller.rb @@ -241,7 +241,7 @@ class TicketsController < ApplicationController articles.each {|article| # ignore internal article if customer is requesting - next if article.internal == true && is_role('Customer') + next if article.internal == true && is_role(Z_ROLENAME_CUSTOMER) # load article ids article_ids.push article.id diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 546879a55..b3944ad6a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -15,7 +15,7 @@ class UsersController < ApplicationController def index # only allow customer to fetch him self - if is_role('Customer') && !is_role('Admin') && !is_role('Agent') + if is_role(Z_ROLENAME_CUSTOMER) && !is_role('Admin') && !is_role('Agent') users = User.where( :id => current_user.id ) else users = User.all @@ -94,7 +94,7 @@ class UsersController < ApplicationController # everybody else will go as customer per default else - role_ids.push Role.where( :name => 'Customer' ).first.id + role_ids.push Role.where( :name => Z_ROLENAME_CUSTOMER ).first.id end user.role_ids = role_ids user.group_ids = group_ids @@ -260,7 +260,7 @@ class UsersController < ApplicationController # @response_message 401 Invalid session. def search - if is_role('Customer') && !is_role('Admin') && !is_role('Agent') + if is_role(Z_ROLENAME_CUSTOMER) && !is_role('Admin') && !is_role('Agent') response_access_deny return end @@ -727,7 +727,7 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content return true if is_role('Agent') # allow to update customer by him self - return true if is_role('Customer') && params[:id].to_i == current_user.id + return true if is_role(Z_ROLENAME_CUSTOMER) && params[:id].to_i == current_user.id response_access_deny return false diff --git a/app/models/user/permission.rb b/app/models/user/permission.rb index 960cfdb5e..b27dd0458 100644 --- a/app/models/user/permission.rb +++ b/app/models/user/permission.rb @@ -18,7 +18,7 @@ returns def permission (data) # check customer - if data[:current_user].is_role('Customer') + if data[:current_user].is_role(Z_ROLENAME_CUSTOMER) # access ok if its own user return true if self.id == data[:current_user].id