metamaps--metamaps/app/policies/message_policy.rb

39 lines
1 KiB
Ruby
Raw Normal View History

2016-09-24 03:00:46 +00:00
# frozen_string_literal: true
2017-11-06 16:15:18 +00:00
2016-03-23 23:29:26 +00:00
class MessagePolicy < ApplicationPolicy
class Scope < Scope
def resolve
visible = %w(public commons)
2016-03-23 23:29:26 +00:00
permission = 'maps.permission IN (?)'
return scope.joins(:map).where(permission, visible) unless user
# if this is getting changed, the policy_scope for mappings should also be changed
# as it is based entirely on the map to which it belongs
scope.joins(:map).where(permission, visible)
.or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
.or(scope.joins(:map).where('maps.user_id = ?', user.id))
2016-03-23 23:29:26 +00:00
end
end
delegate :show?, to: :resource_policy
2016-03-23 23:29:26 +00:00
def create?
2016-12-14 18:23:40 +00:00
# we have currently decided to let any map that is visible to someone be commented on by them
record.resource.present? && resource_policy.show?
2016-03-23 23:29:26 +00:00
end
def update?
record.user == user
end
def destroy?
record.user == user || admin_override
end
# Helpers
def resource_policy
@resource_policy ||= Pundit.policy(user, record.resource)
end
end