metamaps--metamaps/app/policies/synapse_policy.rb

# frozen_string_literal: true

class SynapsePolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
      return scope.where(permission: %w[public commons]) unless user

      scope.where(permission: %w[public commons])
           .or(scope.where(defer_to_map_id: user.all_accessible_maps.map(&:id)))
           .or(scope.where(user_id: user.id))
    end
  end

  def index?
    true # really only for the API. should be policy scoped!
  end

  def create?
    if record.try(:topic1) && record.try(:topic2)
      topic1_show? && topic2_show? && user.present?
    else
      # allows us to use policy(Synapse).create?
      user.present?
    end
  end

  def show?
    topic1_show? && topic2_show? && synapse_show?
  end

  def update?
    if user.blank?
      false
    elsif record.defer_to_map.present?
      map_policy.update?
    else
      record.permission == 'commons' || record.user == user
    end
  end

  def destroy?
    record.user == user || admin_override
  end

  # Helpers

  def map_policy
    @map_policy ||= Pundit.policy(user, record.defer_to_map)
  end

  def topic1_show?
    @topic1_policy ||= Pundit.policy(user, record&.topic1)
    @topic1_policy&.show? != false
  end

  def topic2_show?
    @topic2_policy ||= Pundit.policy(user, record&.topic2)
    @topic2_policy&.show? != false
  end

  def synapse_show?
    if record.defer_to_map.present?
      map_policy&.show?
    else
      record.permission == 'commons' || record.permission == 'public' || record.user == user
    end
  end
end
automatic rubocop updates 2016-09-24 03:00:46 +00:00			`# frozen_string_literal: true`
automatic rubocop fixes (#1162) 2017-11-25 19:23:47 +00:00
synapse policy 2016-02-13 09:28:21 +00:00			`class SynapsePolicy < ApplicationPolicy`
			`class Scope < Scope`
			`def resolve`
update rubocop to 0.48.1. We still want to match Code Climate though (#1168) 2018-01-20 22:10:26 +00:00			`return scope.where(permission: %w[public commons]) unless user`
more rubocop updates 2016-09-24 04:27:34 +00:00
update rubocop to 0.48.1. We still want to match Code Climate though (#1168) 2018-01-20 22:10:26 +00:00			`scope.where(permission: %w[public commons])`
Some topics and synapses were hidden from users erroneously (#944) * ensure topics and synapses have their permission match the map they're deferring to * update permission of topics and synapses as map perm changes, when defer_to_map * try enabling count threshold on rubocop * remove unused mk_permission functions * change _count methods to use delegate to save lines in map.rb model rubocop topic.rb 2016-12-06 21:46:46 +00:00			`.or(scope.where(defer_to_map_id: user.all_accessible_maps.map(&:id)))`
more rubocop updates 2016-09-24 04:27:34 +00:00			`.or(scope.where(user_id: user.id))`
synapse policy 2016-02-13 09:28:21 +00:00			`end`
			`end`

rails 5 + api v2 + raml api docs (#593) * update Gemfile to rails 5 and ruby 2.3.0 * fiddle with javascripts and add sprockets manifest file * update config directory for rails 5 * fix some errors with controllers/serializers * fix travis and rspec * new serializers renamed to serializers * module Api::V1 * reusable embedding code * add index/collections/paging. overriding most of snorlax now \|:) * raml api documentation + rspec tests to verify schemas/examples * add sorting by ?sort and searching by ?q. Add pagination Link headers * api v1 => v2 * fill out synapse api * alphabetize map policy * fix page thing * fill out maps api * formParameters => properties, and fiddle with map api * more raml 1.0 stuff i'm learning about * deprecate v1 api * rails 5 uses ApplicationRecord class for app-wide model config * Update topic spec for api v2 * workaround for user_preference.rb issue * get ready for token api docs. also TODO is mapping api docs * spec out mapping api * map/mapping/synapse spec, plus other bugs * awesome, token specs/apis are done * add sanity checks to the api tests * more cleanup * devise fix * fix starred map error 2016-09-21 17:22:40 +00:00			`def index?`
			`true # really only for the API. should be policy scoped!`
			`end`

synapse policy 2016-02-13 09:28:21 +00:00			`def create?`
make synapse permissions depend on topic1 and topic2 (#839) * deep change to synapse policy - is this ok? * make synapse policy resilient to nil topic1/topic2/map * use a transaction to handle authorization vs invalid record in synapse controller * more synapse controller tests * inline documentation * fix policy(Synapse).create? 2016-10-28 03:03:59 +00:00			`if record.try(:topic1) && record.try(:topic2)`
			`topic1_show? && topic2_show? && user.present?`
			`else`
			`# allows us to use policy(Synapse).create?`
			`user.present?`
			`end`
synapse policy 2016-02-13 09:28:21 +00:00			`end`

			`def show?`
make synapse permissions depend on topic1 and topic2 (#839) * deep change to synapse policy - is this ok? * make synapse policy resilient to nil topic1/topic2/map * use a transaction to handle authorization vs invalid record in synapse controller * more synapse controller tests * inline documentation * fix policy(Synapse).create? 2016-10-28 03:03:59 +00:00			`topic1_show? && topic2_show? && synapse_show?`
synapse policy 2016-02-13 09:28:21 +00:00			`end`

			`def update?`
automatic rubocop fixes (#1162) 2017-11-25 19:23:47 +00:00			`if user.blank?`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`false`
			`elsif record.defer_to_map.present?`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`map_policy.update?`
			`else`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`record.permission == 'commons' \|\| record.user == user`
			`end`
synapse policy 2016-02-13 09:28:21 +00:00			`end`

			`def destroy?`
consistent permissions 2016-03-11 13:32:18 +00:00			`record.user == user \|\| admin_override`
synapse policy 2016-02-13 09:28:21 +00:00			`end`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00
			`# Helpers`
make synapse permissions depend on topic1 and topic2 (#839) * deep change to synapse policy - is this ok? * make synapse policy resilient to nil topic1/topic2/map * use a transaction to handle authorization vs invalid record in synapse controller * more synapse controller tests * inline documentation * fix policy(Synapse).create? 2016-10-28 03:03:59 +00:00
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`def map_policy`
			`@map_policy \|\|= Pundit.policy(user, record.defer_to_map)`
			`end`
make synapse permissions depend on topic1 and topic2 (#839) * deep change to synapse policy - is this ok? * make synapse policy resilient to nil topic1/topic2/map * use a transaction to handle authorization vs invalid record in synapse controller * more synapse controller tests * inline documentation * fix policy(Synapse).create? 2016-10-28 03:03:59 +00:00
			`def topic1_show?`
null check in synapse policy 2017-11-13 15:11:48 +00:00			`@topic1_policy \|\|= Pundit.policy(user, record&.topic1)`
			`@topic1_policy&.show? != false`
make synapse permissions depend on topic1 and topic2 (#839) * deep change to synapse policy - is this ok? * make synapse policy resilient to nil topic1/topic2/map * use a transaction to handle authorization vs invalid record in synapse controller * more synapse controller tests * inline documentation * fix policy(Synapse).create? 2016-10-28 03:03:59 +00:00			`end`

			`def topic2_show?`
null check in synapse policy 2017-11-13 15:11:48 +00:00			`@topic2_policy \|\|= Pundit.policy(user, record&.topic2)`
			`@topic2_policy&.show? != false`
make synapse permissions depend on topic1 and topic2 (#839) * deep change to synapse policy - is this ok? * make synapse policy resilient to nil topic1/topic2/map * use a transaction to handle authorization vs invalid record in synapse controller * more synapse controller tests * inline documentation * fix policy(Synapse).create? 2016-10-28 03:03:59 +00:00			`end`

			`def synapse_show?`
			`if record.defer_to_map.present?`
			`map_policy&.show?`
			`else`
			`record.permission == 'commons' \|\| record.permission == 'public' \|\| record.user == user`
			`end`
			`end`
synapse policy 2016-02-13 09:28:21 +00:00			`end`