metamaps--metamaps/app/policies/synapse_policy.rb

46 lines
1 KiB
Ruby
Raw Permalink Normal View History

2016-02-13 09:28:21 +00:00
class SynapsePolicy < ApplicationPolicy
class Scope < Scope
def resolve
2016-03-12 15:41:32 +00:00
visible = ['public', 'commons']
permission = 'synapses.permission IN (?)'
if user
scope.where(permission + ' OR synapses.defer_to_map_id IN (?) OR synapses.user_id = ?', visible, user.shared_maps.map(&:id), user.id)
2016-03-12 15:41:32 +00:00
else
scope.where(permission, visible)
end
2016-02-13 09:28:21 +00:00
end
end
def create?
2016-02-28 09:24:00 +00:00
user.present?
# todo add validation against whether you can see both topics
2016-02-13 09:28:21 +00:00
end
def show?
if record.defer_to_map.present?
map_policy.show?
else
record.permission == 'commons' || record.permission == 'public' || record.user == user
end
2016-02-13 09:28:21 +00:00
end
def update?
if not user.present?
false
elsif record.defer_to_map.present?
map_policy.update?
else
record.permission == 'commons' || record.user == user
end
2016-02-13 09:28:21 +00:00
end
def destroy?
2016-03-11 13:32:18 +00:00
record.user == user || admin_override
2016-02-13 09:28:21 +00:00
end
# Helpers
def map_policy
@map_policy ||= Pundit.policy(user, record.defer_to_map)
end
2016-02-13 09:28:21 +00:00
end