2016-09-24 03:00:46 +00:00
|
|
|
# frozen_string_literal: true
|
2017-11-25 19:23:47 +00:00
|
|
|
|
2016-03-23 23:29:26 +00:00
|
|
|
class MessagePolicy < ApplicationPolicy
|
|
|
|
class Scope < Scope
|
|
|
|
def resolve
|
2016-07-26 00:14:23 +00:00
|
|
|
visible = %w(public commons)
|
2016-03-23 23:29:26 +00:00
|
|
|
permission = 'maps.permission IN (?)'
|
2016-10-17 05:20:48 +00:00
|
|
|
return scope.joins(:map).where(permission, visible) unless user
|
|
|
|
|
|
|
|
# if this is getting changed, the policy_scope for mappings should also be changed
|
|
|
|
# as it is based entirely on the map to which it belongs
|
|
|
|
scope.joins(:map).where(permission, visible)
|
|
|
|
.or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
|
|
|
|
.or(scope.joins(:map).where('maps.user_id = ?', user.id))
|
2016-03-23 23:29:26 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-07-26 00:14:23 +00:00
|
|
|
delegate :show?, to: :resource_policy
|
2016-03-23 23:29:26 +00:00
|
|
|
|
|
|
|
def create?
|
2016-12-14 18:23:40 +00:00
|
|
|
# we have currently decided to let any map that is visible to someone be commented on by them
|
|
|
|
record.resource.present? && resource_policy.show?
|
2016-03-23 23:29:26 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def update?
|
|
|
|
record.user == user
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy?
|
|
|
|
record.user == user || admin_override
|
|
|
|
end
|
|
|
|
|
|
|
|
# Helpers
|
|
|
|
|
|
|
|
def resource_policy
|
|
|
|
@resource_policy ||= Pundit.policy(user, record.resource)
|
|
|
|
end
|
|
|
|
end
|