metamaps--metamaps/app/policies/mapping_policy.rb

# frozen_string_literal: true
class MappingPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
      # TODO: base this on the map policy
      # it would be nice if we could also base this on the mappable, but that
      # gets really complicated. Devin thinks it's OK to SHOW a mapping for
      # a private topic, since you can't see the private topic anyways
      visible = %w(public commons)
      permission = 'maps.permission IN (?)'
      return scope.joins(:map).where(permission, visible) unless user

      # if this is getting changed, the policy_scope for messages should also be changed
      # as it is based entirely on the map to which it belongs
      scope.joins(:map).where(permission, visible)
           .or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
           .or(scope.joins(:map).where('maps.user_id = ?', user.id))
    end
  end

  def index?
    true
  end

  def show?
    map_policy.show? && mappable_policy.try(:show?)
  end

  def create?
    record.map.present? && map_policy.update?
  end

  def update?
    record.mappable_type == 'Topic' && map_policy.update?
  end

  def destroy?
    map_policy.update? || admin_override
  end

  # Helpers

  def map_policy
    @map_policy ||= Pundit.policy(user, record.map)
  end

  def mappable_policy
    @mappable_policy ||= Pundit.policy(user, record.mappable)
  end
end
automatic rubocop updates 2016-09-24 03:00:46 +00:00			`# frozen_string_literal: true`
mapping policy 2016-03-11 13:30:54 +00:00			`class MappingPolicy < ApplicationPolicy`
			`class Scope < Scope`
			`def resolve`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`# TODO: base this on the map policy`
mapping policy 2016-03-11 13:30:54 +00:00			`# it would be nice if we could also base this on the mappable, but that`
			`# gets really complicated. Devin thinks it's OK to SHOW a mapping for`
			`# a private topic, since you can't see the private topic anyways`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`visible = %w(public commons)`
handle not logged in scenarios 2016-03-12 15:41:32 +00:00			`permission = 'maps.permission IN (?)'`
multiple policy issues (#771) * multiple policy errors * make some things more explicit 2016-10-17 05:20:48 +00:00			`return scope.joins(:map).where(permission, visible) unless user`

			`# if this is getting changed, the policy_scope for messages should also be changed`
			`# as it is based entirely on the map to which it belongs`
			`scope.joins(:map).where(permission, visible)`
			`.or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))`
			`.or(scope.joins(:map).where('maps.user_id = ?', user.id))`
mapping policy 2016-03-11 13:30:54 +00:00			`end`
			`end`

rails 5 + api v2 + raml api docs (#593) * update Gemfile to rails 5 and ruby 2.3.0 * fiddle with javascripts and add sprockets manifest file * update config directory for rails 5 * fix some errors with controllers/serializers * fix travis and rspec * new serializers renamed to serializers * module Api::V1 * reusable embedding code * add index/collections/paging. overriding most of snorlax now \|:) * raml api documentation + rspec tests to verify schemas/examples * add sorting by ?sort and searching by ?q. Add pagination Link headers * api v1 => v2 * fill out synapse api * alphabetize map policy * fix page thing * fill out maps api * formParameters => properties, and fiddle with map api * more raml 1.0 stuff i'm learning about * deprecate v1 api * rails 5 uses ApplicationRecord class for app-wide model config * Update topic spec for api v2 * workaround for user_preference.rb issue * get ready for token api docs. also TODO is mapping api docs * spec out mapping api * map/mapping/synapse spec, plus other bugs * awesome, token specs/apis are done * add sanity checks to the api tests * more cleanup * devise fix * fix starred map error 2016-09-21 17:22:40 +00:00			`def index?`
			`true`
			`end`

mapping policy 2016-03-11 13:30:54 +00:00			`def show?`
fix 2 bugs on develop (#565) * fix js bug * if mappable is nil it causes an error 2016-07-02 08:32:02 +00:00			`map_policy.show? && mappable_policy.try(:show?)`
mapping policy 2016-03-11 13:30:54 +00:00			`end`

			`def create?`
avoid pundit error if no map specified with a mapping 2016-03-14 06:37:01 +00:00			`record.map.present? && map_policy.update?`
mapping policy 2016-03-11 13:30:54 +00:00			`end`

			`def update?`
update mapping policy 2016-03-14 03:09:27 +00:00			`record.mappable_type == 'Topic' && map_policy.update?`
mapping policy 2016-03-11 13:30:54 +00:00			`end`

			`def destroy?`
update mapping policy 2016-03-14 03:09:27 +00:00			`map_policy.update? \|\| admin_override`
			`end`

			`# Helpers`

			`def map_policy`
			`@map_policy \|\|= Pundit.policy(user, record.map)`
			`end`

			`def mappable_policy`
			`@mappable_policy \|\|= Pundit.policy(user, record.mappable)`
mapping policy 2016-03-11 13:30:54 +00:00			`end`
			`end`