diff --git a/app/assets/javascripts/app/controllers/widget/mention.coffee b/app/assets/javascripts/app/controllers/widget/mention.coffee index be4731dfb..6e5d34b3b 100644 --- a/app/assets/javascripts/app/controllers/widget/mention.coffee +++ b/app/assets/javascripts/app/controllers/widget/mention.coffee @@ -43,6 +43,7 @@ class App.WidgetMention extends App.Controller user = App.User.find(mention.user_id) continue if !user + continue if !user.active if mention.user_id is App.Session.get().id subscribed = true @@ -50,7 +51,13 @@ class App.WidgetMention extends App.Controller # no break because we need to check if user is subscribed continue if counter > 10 - mention.avatar = user.avatar('30', '', '') + css = '' + mention.access = true + if !@object.isAccessibleBy(user, 'read') + css = 'avatar--inactive' + mention.access = false + + mention.avatar = user.avatar('30', '', css) mentions.push(mention) counter++ diff --git a/app/assets/javascripts/app/models/ticket.coffee b/app/assets/javascripts/app/models/ticket.coffee index c5b12856a..fdcdb2e63 100644 --- a/app/assets/javascripts/app/models/ticket.coffee +++ b/app/assets/javascripts/app/models/ticket.coffee @@ -324,7 +324,31 @@ class App.Ticket extends App.Model return @userGroupAccess(permission) userGroupAccess: (permission) -> - user = App.User.current() + user = App.User.current() + return @isAccessibleByGroup(user, permission) + + userIsCustomer: -> + user = App.User.current() + return true if user.id is @customer_id + false + + userIsOwner: -> + user = App.User.current() + return @isAccessibleByOwner(user) + + currentView: -> + return 'agent' if App.User.current()?.permission('ticket.agent') && @userGroupAccess('read') + return 'customer' if App.User.current()?.permission('ticket.customer') + return + + isAccessibleByOwner: (user) -> + return false if !user + return true if user.id is @owner_id + false + + isAccessibleByGroup: (user, permission) -> + return false if !user + group_ids = user.allGroupIds(permission) return false if !@group_id @@ -334,17 +358,8 @@ class App.Ticket extends App.Model return false - userIsCustomer: -> - user = App.User.current() - return true if user.id is @customer_id - false - - userIsOwner: -> - user = App.User.current() - return true if user.id is @owner_id - false - - currentView: -> - return 'agent' if App.User.current()?.permission('ticket.agent') && @userGroupAccess('read') - return 'customer' if App.User.current()?.permission('ticket.customer') - return + isAccessibleBy: (user, permission) -> + return false if !user + return false if !user.permission('ticket.agent') + return true if @isAccessibleByOwner(user) + return @isAccessibleByGroup(user, permission) diff --git a/app/assets/javascripts/app/models/user.coffee b/app/assets/javascripts/app/models/user.coffee index 859b752b1..c07c0f993 100644 --- a/app/assets/javascripts/app/models/user.coffee +++ b/app/assets/javascripts/app/models/user.coffee @@ -269,13 +269,13 @@ class App.User extends App.Model ### allGroupIds: (permission = 'full') -> group_ids = [] - user_group_ids = App.Session.get('group_ids') + user_group_ids = @group_ids if user_group_ids for local_group_id, local_permission of user_group_ids if _.include(local_permission, permission) || _.include(local_permission, 'full') group_ids.push local_group_id - user_role_ids = App.Session.get('role_ids') + user_role_ids = @role_ids if user_role_ids for role_id in user_role_ids if App.Role.exists(role_id) diff --git a/app/assets/javascripts/app/views/widget/mention.jst.eco b/app/assets/javascripts/app/views/widget/mention.jst.eco index 4f4d1a952..8ad11e359 100644 --- a/app/assets/javascripts/app/views/widget/mention.jst.eco +++ b/app/assets/javascripts/app/views/widget/mention.jst.eco @@ -9,6 +9,6 @@