Maintenance: Improved article view for agent customer.

app/policies/ticket/article_policy.rb

@@ -55,9 +55,9 @@ class Ticket::ArticlePolicy < ApplicationPolicy
   end
 
   def access?(query)
-    return false if record.internal == true && !user.permissions?('ticket.agent')
-
     ticket = Ticket.lookup(id: record.ticket_id)
+    return false if record.internal == true && !TicketPolicy.new(user, ticket).agent_read_access?
+
     Pundit.authorize(user, ticket, query)
   end
 end

app/policies/ticket_policy.rb

@@ -41,6 +41,10 @@ class TicketPolicy < ApplicationPolicy
     raise Exceptions::UnprocessableEntity, 'Cannot follow-up on a closed ticket. Please create a new ticket.'
   end
 
+  def agent_read_access?
+    agent_access?('read')
+  end
+
   private
 
   def access?(access)

spec/factories/role.rb

@@ -8,6 +8,10 @@ FactoryBot.define do
       permissions { Permission.where(name: 'ticket.agent') }
     end
 
+    trait :customer do
+      permissions { Permission.where(name: 'ticket.customer') }
+    end
+
     trait :admin do
       permissions { Permission.where(name: 'admin') }
     end

spec/policies/ticket/article_policy_spec.rb

@@ -29,6 +29,15 @@ describe Ticket::ArticlePolicy do
       it { is_expected.to permit_actions(%i[show]) }
     end
 
+    context 'when agent and customer but no agent group access' do
+      let(:user) do
+        customer_role = create(:role, :customer)
+        create(:agent_and_customer, roles: [customer_role])
+      end
+
+      it { is_expected.not_to permit_actions(%i[show]) }
+    end
+
     context 'when customer' do
       let(:user) { ticket_customer }