diff --git a/Gemfile.lock b/Gemfile.lock index c0f35d695..714943da7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -385,7 +385,7 @@ GEM public_suffix (4.0.6) puma (4.3.11) nio4r (~> 2.0) - pundit (2.1.1) + pundit (2.2.0) activesupport (>= 3.0.0) pundit-matchers (1.7.0) rspec-rails (>= 3.0.0) diff --git a/app/controllers/application_controller/authorizes.rb b/app/controllers/application_controller/authorizes.rb index 5c57ef9e7..44b591c64 100644 --- a/app/controllers/application_controller/authorizes.rb +++ b/app/controllers/application_controller/authorizes.rb @@ -2,7 +2,7 @@ module ApplicationController::Authorizes extend ActiveSupport::Concern - include Pundit + include Pundit::Authorization private diff --git a/app/controllers/knowledge_base/public/categories_controller.rb b/app/controllers/knowledge_base/public/categories_controller.rb index f0653998a..f86314cc0 100644 --- a/app/controllers/knowledge_base/public/categories_controller.rb +++ b/app/controllers/knowledge_base/public/categories_controller.rb @@ -7,7 +7,7 @@ class KnowledgeBase::Public::CategoriesController < KnowledgeBase::Public::BaseC @categories = categories_filter(@knowledge_base.categories.root) @object_locales = find_locales(@knowledge_base) - authorize(@categories, policy_class: KnowledgeBase::Public::CategoryPolicy) + authorize(@categories, policy_class: Controllers::KnowledgeBase::Public::CategoriesControllerPolicy) rescue Pundit::NotAuthorizedError raise ActiveRecord::RecordNotFound end diff --git a/app/policies/knowledge_base/public/category_policy.rb b/app/policies/controllers/knowledge_base/public/categories_controller_policy.rb similarity index 58% rename from app/policies/knowledge_base/public/category_policy.rb rename to app/policies/controllers/knowledge_base/public/categories_controller_policy.rb index 0c34374db..5ffc3e2fa 100644 --- a/app/policies/knowledge_base/public/category_policy.rb +++ b/app/policies/controllers/knowledge_base/public/categories_controller_policy.rb @@ -1,9 +1,9 @@ # Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/ -class KnowledgeBase::Public::CategoryPolicy < ApplicationPolicy +class Controllers::KnowledgeBase::Public::CategoriesControllerPolicy < ApplicationPolicy def index? return true if user&.permissions?('knowledge_base.editor') - return true if record.any? + return true if record.present? false end