2016-02-13 09:28:09 +00:00
|
|
|
class ApplicationPolicy
|
|
|
|
|
attr_reader :user, :record
|
|
|
|
|
|
|
|
|
|
def initialize(user, record)
|
|
|
|
|
@user = user
|
|
|
|
|
@record = record
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def index?
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def show?
|
|
|
|
|
scope.where(:id => record.id).exists?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def create?
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def new?
|
|
|
|
|
create?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update?
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def edit?
|
|
|
|
|
update?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def destroy?
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
2016-03-11 13:25:24 +00:00
|
|
|
# TODO update this function to enable some flag in the interface
|
|
|
|
|
# so that admins usually can't do super admin stuff unless they
|
|
|
|
|
# explicitly say they want to (E.g. seeing/editing/deleting private
|
|
|
|
|
# maps - they should be able to, but not by accident)
|
|
|
|
|
def admin_override
|
2016-03-11 22:37:32 +00:00
|
|
|
user && user.admin
|
2016-03-11 13:25:24 +00:00
|
|
|
end
|
|
|
|
|
|
2016-02-13 09:28:09 +00:00
|
|
|
def scope
|
|
|
|
|
Pundit.policy_scope!(user, record.class)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
class Scope
|
|
|
|
|
attr_reader :user, :scope
|
|
|
|
|
|
|
|
|
|
def initialize(user, scope)
|
|
|
|
|
@user = user
|
|
|
|
|
@scope = scope
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def resolve
|
|
|
|
|
scope
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
