From 59c944a945800f887f5b598c612db9517f806f01 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Wed, 21 Dec 2016 01:00:25 +0100 Subject: [PATCH] Fixed issue #499 - Improved error handling. Fixed Ticket::Overviews.all - use permissions not, not longer role names to decide if user is agent or customer. --- app/models/ticket/overviews.rb | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/app/models/ticket/overviews.rb b/app/models/ticket/overviews.rb index 05f502deb..1c9074aa0 100644 --- a/app/models/ticket/overviews.rb +++ b/app/models/ticket/overviews.rb @@ -16,32 +16,31 @@ returns =end def self.all(data) + current_user = data[:current_user] # get customer overviews - if data[:current_user].role?('Customer') - role_id = Role.lookup(name: 'Customer').id - overviews = if data[:current_user].organization_id && data[:current_user].organization.shared - Overview.where(role_id: role_id, active: true).order(:prio) + if current_user.permissions?('ticket.customer') + overviews = if current_user.organization_id && current_user.organization.shared + Overview.where(role_id: current_user.role_ids, active: true).order(:prio) else - Overview.where(role_id: role_id, organization_shared: false, active: true).order(:prio) + Overview.where(role_id: current_user.role_ids, organization_shared: false, active: true).order(:prio) end overviews_list = [] overviews.each { |overview| user_ids = overview.user_ids - next if !user_ids.empty? && !user_ids.include?(data[:current_user].id) + next if !user_ids.empty? && !user_ids.include?(current_user.id) overviews_list.push overview } return overviews_list end # get agent overviews - return if !data[:current_user].role?('Agent') - role_id = Role.lookup(name: 'Agent').id - overviews = Overview.where(role_id: role_id, active: true).order(:prio) + return [] if !current_user.permissions?('ticket.agent') + overviews = Overview.where(role_id: current_user.role_ids, active: true).order(:prio) overviews_list = [] overviews.each { |overview| user_ids = overview.user_ids - next if !user_ids.empty? && !user_ids.include?(data[:current_user].id) + next if !user_ids.empty? && !user_ids.include?(current_user.id) overviews_list.push overview } overviews_list @@ -86,6 +85,7 @@ returns overviews = Ticket::Overviews.all( current_user: user, ) + return [] if overviews.blank? # get only tickets with permissions access_condition = Ticket.access_condition(user)