Added permission lookup.

This commit is contained in:
Martin Edenhofer 2012-11-14 02:21:44 +01:00
parent ff9b7ad990
commit 5835e719c6

View file

@ -462,13 +462,23 @@ class TicketsController < ApplicationController
query = params[:term] query = params[:term]
limit = params[:limit] || 15 limit = params[:limit] || 15
conditions = []
if current_user.is_role('Agent')
group_ids = Group.select( 'groups.id' ).joins(:users).
where( 'groups_users.user_id = ?', current_user.id ).
where( 'groups.active = ?', true ).
map( &:id )
conditions = [ 'group_id IN (?)', group_ids ]
else
if !current_user.organization || !current_user.organization.shared
conditions = [ 'customer_id = ?', current_user.id ]
else
conditions = [ '( customer_id = ? OR organization_id = ? )', current_user.id, current_user.organization.shared ]
end
end
# do query # do query
tickets_all = Ticket.find( tickets_all = Ticket.where(conditions).where( '( title LIKE ? OR number LIKE ? )', "%#{query}%", "%#{query}%" ).limit(limit).order(:created_at)
:all,
:limit => limit,
:conditions => ['title LIKE ? OR number LIKE ?', "%#{query}%", "%#{query}%" ],
:order => 'created_at'
)
# build result list # build result list
tickets = [] tickets = []