2016-03-11 13:30:54 +00:00
|
|
|
class MappingPolicy < ApplicationPolicy
|
|
|
|
|
class Scope < Scope
|
|
|
|
|
def resolve
|
|
|
|
|
# TODO base this on the map policy
|
|
|
|
|
# it would be nice if we could also base this on the mappable, but that
|
|
|
|
|
# gets really complicated. Devin thinks it's OK to SHOW a mapping for
|
|
|
|
|
# a private topic, since you can't see the private topic anyways
|
2016-03-12 15:41:32 +00:00
|
|
|
visible = ['public', 'commons']
|
|
|
|
|
permission = 'maps.permission IN (?)'
|
|
|
|
|
if user
|
|
|
|
|
scope.joins(:maps).where(permission + ' OR maps.user_id = ?', visible, user.id)
|
|
|
|
|
else
|
|
|
|
|
scope.where(permission, visible)
|
|
|
|
|
end
|
2016-03-11 13:30:54 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def show?
|
2016-03-14 03:09:27 +00:00
|
|
|
map_policy.show? && mappable_policy.show?
|
2016-03-11 13:30:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def create?
|
2016-03-14 03:09:27 +00:00
|
|
|
map_policy.update?
|
2016-03-11 13:30:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update?
|
2016-03-14 03:09:27 +00:00
|
|
|
record.mappable_type == 'Topic' && map_policy.update?
|
2016-03-11 13:30:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def destroy?
|
2016-03-14 03:09:27 +00:00
|
|
|
map_policy.update? || admin_override
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Helpers
|
|
|
|
|
|
|
|
|
|
def map_policy
|
|
|
|
|
@map_policy ||= Pundit.policy(user, record.map)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def mappable_policy
|
|
|
|
|
@mappable_policy ||= Pundit.policy(user, record.mappable)
|
2016-03-11 13:30:54 +00:00
|
|
|
end
|
|
|
|
|
end
|
