59 lines
1 KiB
Ruby
59 lines
1 KiB
Ruby
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
class Controllers::MonitoringControllerPolicy < Controllers::ApplicationControllerPolicy
|
|
|
|
def health_check?
|
|
token_or_permission?
|
|
end
|
|
|
|
def status?
|
|
token_or_permission?
|
|
end
|
|
|
|
def amount_check?
|
|
token_or_permission?
|
|
end
|
|
|
|
def token?
|
|
permission_and_permission_active?
|
|
end
|
|
|
|
def restart_failed_jobs?
|
|
permission_and_permission_active?
|
|
end
|
|
|
|
private
|
|
|
|
def user_required?
|
|
false
|
|
end
|
|
|
|
def token_or_permission?
|
|
return true if user.present? && monitoring_admin!
|
|
return true if valid_token_param?
|
|
|
|
not_authorized
|
|
end
|
|
|
|
def permission_and_permission_active?
|
|
user_required!
|
|
monitoring_admin!
|
|
return true if permission_active?
|
|
|
|
not_authorized
|
|
end
|
|
|
|
def valid_token_param?
|
|
Setting.get('monitoring_token') == record.params[:token]
|
|
end
|
|
|
|
def permission_active?
|
|
Permission.exists?(name: 'admin.monitoring', active: true)
|
|
end
|
|
|
|
def monitoring_admin!
|
|
user.permissions!('admin.monitoring')
|
|
true
|
|
end
|
|
end
|