From 615eaf580eb68a15e195338bf62d11e25f45907b Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Fri, 11 Mar 2016 21:30:54 +0800
Subject: [PATCH] mapping policy

---
 app/policies/mapping_policy.rb | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 app/policies/mapping_policy.rb

diff --git a/app/policies/mapping_policy.rb b/app/policies/mapping_policy.rb
new file mode 100644
index 00000000..44e7bfd7
--- /dev/null
+++ b/app/policies/mapping_policy.rb
@@ -0,0 +1,31 @@
+class MappingPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      # TODO base this on the map policy
+      # it would be nice if we could also base this on the mappable, but that
+      # gets really complicated. Devin thinks it's OK to SHOW a mapping for
+      # a private topic, since you can't see the private topic anyways
+      scope.joins(:maps).where('maps.permission IN ("public", "commons") OR user_id = ?', user.id)
+    end
+  end
+
+  def show?
+    map = policy(record.map, user)
+    mappable = policy(record.mappable, user)
+    map.show? && mappable.show?
+  end
+
+  def create?
+    map = policy(record.map, user)
+    map.edit?
+  end
+
+  def update?
+    map = policy(record.map, user)
+    map.update?
+  end
+
+  def destroy?
+    record.user == user || admin_override
+  end
+end