From b236f4c689acff80cbc98e2f615419bf277d1bd3 Mon Sep 17 00:00:00 2001
From: Connor Turland <connorturland@gmail.com>
Date: Sun, 13 Mar 2016 02:41:32 +1100
Subject: [PATCH] handle not logged in scenarios

---
 app/policies/map_policy.rb     | 6 ++++--
 app/policies/mapping_policy.rb | 9 +++++++--
 app/policies/synapse_policy.rb | 8 +++++++-
 app/policies/topic_policy.rb   | 8 +++++++-
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/app/policies/map_policy.rb b/app/policies/map_policy.rb
index 1594e6d9..65f721bf 100644
--- a/app/policies/map_policy.rb
+++ b/app/policies/map_policy.rb
@@ -1,10 +1,12 @@
 class MapPolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
+      visible = ['public', 'commons']
+      permission = 'maps.permission IN (?)'
       if user
-        scope.where('maps.permission IN (?) OR maps.user_id = ?', ["public", "commons"], user.id)
+        scope.where(permission + ' OR maps.user_id = ?', visible, user.id)
       else
-        scope.where('maps.permission IN (?)', ["public", "commons"])
+        scope.where(permission, visible)
       end
     end
   end
diff --git a/app/policies/mapping_policy.rb b/app/policies/mapping_policy.rb
index 787b5794..ed93bc66 100644
--- a/app/policies/mapping_policy.rb
+++ b/app/policies/mapping_policy.rb
@@ -5,8 +5,13 @@ class MappingPolicy < ApplicationPolicy
       # it would be nice if we could also base this on the mappable, but that
       # gets really complicated. Devin thinks it's OK to SHOW a mapping for
       # a private topic, since you can't see the private topic anyways
-      scope.joins(:maps).where('maps.permission IN (?) OR maps.user_id = ?',
-                                 ["public", "commons"], user.id)
+      visible = ['public', 'commons']
+      permission = 'maps.permission IN (?)'
+      if user
+        scope.joins(:maps).where(permission + ' OR maps.user_id = ?', visible, user.id)
+      else
+        scope.where(permission, visible)
+      end 
     end
   end
 
diff --git a/app/policies/synapse_policy.rb b/app/policies/synapse_policy.rb
index e8d49548..042c9a75 100644
--- a/app/policies/synapse_policy.rb
+++ b/app/policies/synapse_policy.rb
@@ -1,7 +1,13 @@
 class SynapsePolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
-      scope.where('synapses.permission IN (?) OR synapses.user_id = ?', ["public", "commons"], user.id)
+      visible = ['public', 'commons']
+      permission = 'synapses.permission IN (?)'
+      if user
+        scope.where(permission + ' OR synapses.user_id = ?', visible, user.id)
+      else
+        scope.where(permission, visible)
+      end
     end
   end
 
diff --git a/app/policies/topic_policy.rb b/app/policies/topic_policy.rb
index 43d4ec98..335a2ed2 100644
--- a/app/policies/topic_policy.rb
+++ b/app/policies/topic_policy.rb
@@ -1,7 +1,13 @@
 class TopicPolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
-      scope.where('topics.permission IN (?) OR topics.user_id = ?', ["public", "commons"], user.id)
+      visible = ['public', 'commons']
+      permission = 'topics.permission IN (?)'
+      if user
+        scope.where(permission + ' OR topics.user_id = ?', visible, user.id)
+      else
+        scope.where(permission, visible)
+      end
     end
   end