metamaps--metamaps/app/policies/mapping_policy.rb

52 lines
1.4 KiB
Ruby
Raw Normal View History

2016-09-24 03:00:46 +00:00
# frozen_string_literal: true
2017-11-25 19:23:47 +00:00
2016-03-11 13:30:54 +00:00
class MappingPolicy < ApplicationPolicy
class Scope < Scope
def resolve
# TODO: base this on the map policy
2016-03-11 13:30:54 +00:00
# it would be nice if we could also base this on the mappable, but that
# gets really complicated. Devin thinks it's OK to SHOW a mapping for
# a private topic, since you can't see the private topic anyways
visible = %w(public commons)
2016-03-12 15:41:32 +00:00
permission = 'maps.permission IN (?)'
return scope.joins(:map).where(permission, visible) unless user
# if this is getting changed, the policy_scope for messages should also be changed
# as it is based entirely on the map to which it belongs
scope.joins(:map).where(permission, visible)
.or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
.or(scope.joins(:map).where('maps.user_id = ?', user.id))
2016-03-11 13:30:54 +00:00
end
end
def index?
true
end
2016-03-11 13:30:54 +00:00
def show?
map_policy.show? && mappable_policy.try(:show?)
2016-03-11 13:30:54 +00:00
end
def create?
record.map.present? && map_policy.update?
2016-03-11 13:30:54 +00:00
end
def update?
2016-03-14 03:09:27 +00:00
record.mappable_type == 'Topic' && map_policy.update?
2016-03-11 13:30:54 +00:00
end
def destroy?
2016-03-14 03:09:27 +00:00
map_policy.update? || admin_override
end
# Helpers
def map_policy
@map_policy ||= Pundit.policy(user, record.map)
end
def mappable_policy
@mappable_policy ||= Pundit.policy(user, record.mappable)
2016-03-11 13:30:54 +00:00
end
end