mirror of
https://github.com/lingble/chatwoot.git
synced 2025-11-02 03:57:52 +00:00
ca83a27e95
1. Add permission filter service to separate permission filtering logic from conversation queries 2. Implement hierarchical permissions with cleaner logic: - conversation_manage gives access to all conversations - conversation_unassigned_manage gives access to unassigned and user's conversations - conversation_participating_manage gives access only to user's conversations --------- Co-authored-by: Pranav <pranav@chatwoot.com>
22 lines
792 B
Ruby
22 lines
792 B
Ruby
class Api::V1::Accounts::Contacts::ConversationsController < Api::V1::Accounts::Contacts::BaseController
|
|
def index
|
|
# Start with all conversations for this contact
|
|
conversations = Current.account.conversations.includes(
|
|
:assignee, :contact, :inbox, :taggings
|
|
).where(contact_id: @contact.id)
|
|
|
|
# Apply permission-based filtering using the existing service
|
|
conversations = Conversations::PermissionFilterService.new(
|
|
conversations,
|
|
Current.user,
|
|
Current.account
|
|
).perform
|
|
|
|
# Only allow conversations from inboxes the user has access to
|
|
inbox_ids = Current.user.assigned_inboxes.pluck(:id)
|
|
conversations = conversations.where(inbox_id: inbox_ids)
|
|
|
|
@conversations = conversations.order(last_activity_at: :desc).limit(20)
|
|
end
|
|
end
|