45 lines
1,003 B
Ruby
45 lines
1,003 B
Ruby
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
class Controllers::SettingsControllerPolicy < Controllers::ApplicationControllerPolicy
|
|
default_permit!('admin.*')
|
|
|
|
def show?
|
|
user.permissions!('admin.*')
|
|
authorized_for_setting?(:show?)
|
|
end
|
|
|
|
def update?
|
|
updateable?
|
|
end
|
|
|
|
def update_image?
|
|
updateable?
|
|
end
|
|
|
|
private
|
|
|
|
def setting
|
|
@setting ||= Setting.lookup(id: record.params[:id])
|
|
end
|
|
|
|
def authorized_for_setting?(query)
|
|
Pundit.authorize(user, setting, query)
|
|
true
|
|
rescue Pundit::NotAuthorizedError
|
|
not_authorized("required #{setting.preferences[:permission].inspect}")
|
|
end
|
|
|
|
def updateable?
|
|
return false if !user.permissions?('admin.*')
|
|
return false if !authorized_for_setting?(:update?)
|
|
|
|
service_enabled?
|
|
end
|
|
|
|
def service_enabled?
|
|
return true if !Setting.get('system_online_service')
|
|
return true if !setting.preferences[:online_service_disable]
|
|
|
|
not_authorized('service disabled')
|
|
end
|
|
end
|