mapping policy
This commit is contained in:
Devin Howard
parent
d8cc588efb
commit
615eaf580e
31
app/policies/mapping_policy.rb
Normal file
31
app/policies/mapping_policy.rb
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
class MappingPolicy < ApplicationPolicy
|
||||
class Scope < Scope
|
||||
def resolve
|
||||
# TODO base this on the map policy
|
||||
# it would be nice if we could also base this on the mappable, but that
|
||||
# gets really complicated. Devin thinks it's OK to SHOW a mapping for
|
||||
# a private topic, since you can't see the private topic anyways
|
||||
scope.joins(:maps).where('maps.permission IN ("public", "commons") OR user_id = ?', user.id)
|
||||
end
|
||||
end
|
||||
|
||||
def show?
|
||||
map = policy(record.map, user)
|
||||
mappable = policy(record.mappable, user)
|
||||
map.show? && mappable.show?
|
||||
end
|
||||
|
||||
def create?
|
||||
map = policy(record.map, user)
|
||||
map.edit?
|
||||
end
|
||||
|
||||
def update?
|
||||
map = policy(record.map, user)
|
||||
map.update?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
record.user == user || admin_override
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue