aboutsummaryrefslogtreecommitdiffstats
path: root/app/policies/application_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/application_policy.rb')
-rw-r--r--app/policies/application_policy.rb24
1 files changed, 20 insertions, 4 deletions
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index 07138b38e..4a2d760fb 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -1,11 +1,21 @@
class ApplicationPolicy
attr_reader :user, :record
- def initialize(user, record)
- @user = user
+ def initialize(user_context, record)
+ @user = user_context.user
+ @referential = user_context.context[:referential]
@record = record
end
+ attr_accessor :referential
+ def referential
+ @referential ||= record_referential
+ end
+
+ def record_referential
+ record.referential if record.respond_to?(:referential)
+ end
+
def index?
false
end
@@ -38,8 +48,14 @@ class ApplicationPolicy
Pundit.policy_scope!(user, record.class)
end
- def organisation_match?(via_referential: false)
- eval("user.organisation == record#{'.referential' if via_referential}.organisation")
+ def organisation_match?
+ user.organisation == organisation
+ end
+
+ def organisation
+ # When sending permission to react UI, we don't have access to record object for edit & destroy.. actions
+ organisation = record.is_a?(Symbol) ? nil : record.try(:organisation)
+ organisation or referential.try :organisation
end
class Scope
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 07:45:02 +0000