pundit: fixing up topics and synapses

2016-03-12 11:10:30 +11:00 · 2016-03-12 11:10:30 +11:00 · bef21341c6
commit bef21341c6
parent 09a7b336bf
6 changed files with 25 additions and 14 deletions
--- a/app/controllers/synapses_controller.rb
+++ b/app/controllers/synapses_controller.rb
@ -10,7 +10,7 @@ class SynapsesController < ApplicationController
  # GET /synapses/1.json
  def show
    @synapse = Synapse.find(params[:id])
-    authorize! @synapse
+    authorize @synapse

    render json: @synapse
  end
@ -20,7 +20,7 @@ class SynapsesController < ApplicationController
  def create
    @synapse = Synapse.new(synapse_params)
    @synapse.desc = "" if @synapse.desc.nil?
-    authorize! @synapse
+    authorize @synapse

    respond_to do |format|
      if @synapse.save
@ -36,7 +36,7 @@ class SynapsesController < ApplicationController
  def update
    @synapse = Synapse.find(params[:id])
    @synapse.desc = "" if @synapse.desc.nil?
-    authorize! @synapse
+    authorize @synapse

    respond_to do |format|
      if @synapse.update_attributes(synapse_params)
@ -50,7 +50,7 @@ class SynapsesController < ApplicationController
  # DELETE synapses/:id
  def destroy
    @synapse = Synapse.find(params[:id])
-    authorize! @synapse
+    authorize @synapse
    @synapse.delete
      
    respond_to do |format|
--- a/app/controllers/topics_controller.rb
+++ b/app/controllers/topics_controller.rb
@ -20,12 +20,12 @@ class TopicsController < ApplicationController
    # GET topics/:id
    def show
        @topic = Topic.find(params[:id])
-        authorize! @topic
+        authorize @topic

        respond_to do |format|
            format.html { 
-                @alltopics = ([@topic] + policy_scope(@topic.relatives))
-                @allsynapses = policy_scope(@topic.synapses)
+                @alltopics = ([@topic] + policy_scope(Topic.relatives(@topic.id)))
+                @allsynapses = policy_scope(Synapse.for_topic(@topic.id))

                @allcreators = @alltopics.map(&:user).uniq
                @allcreators += @allsynapses.map(&:user).uniq
@ -39,7 +39,7 @@ class TopicsController < ApplicationController
    # GET topics/:id/network
    def network
        @topic = Topic.find(params[:id])
-        authorize! @topic
+        authorize @topic

        @alltopics = [@topic] + policy_scope(@topic.relatives)
        @allsynapses = policy_scope(@topic.synapses)
@ -83,7 +83,7 @@ class TopicsController < ApplicationController
    # GET topics/:id/relatives
    def relatives
      @topic = Topic.find(params[:id])
-      authorize! @topic
+      authorize @topic

      topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []

@ -117,7 +117,7 @@ class TopicsController < ApplicationController
  # POST /topics.json
  def create
    @topic = Topic.new(topic_params)
-    authorize! @topic
+    authorize @topic

    respond_to do |format|
      if @topic.save
@ -132,7 +132,7 @@ class TopicsController < ApplicationController
  # PUT /topics/1.json
  def update
    @topic = Topic.find(params[:id])
-    authorize! @topic
+    authorize @topic

    respond_to do |format|
      if @topic.update_attributes(topic_params)
@ -146,7 +146,7 @@ class TopicsController < ApplicationController
  # DELETE topics/:id
  def destroy
    @topic = Topic.find(params[:id])
-    authorize! @topic
+    authorize @topic

    @topic.delete
    respond_to do |format|
--- a/app/models/synapse.rb
+++ b/app/models/synapse.rb
@ -16,6 +16,10 @@ class Synapse < ActiveRecord::Base

  validates :category, inclusion: { in: ['from-to', 'both'], allow_nil: true }

+  scope :for_topic, ->(topic_id = nil) { 
+    where("node1_id = ? OR node2_id = ?", topic_id, topic_id) 
+  } 
+
  # :nocov:
  def user_name
    user.name
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@ -41,6 +41,13 @@ class Topic < ActiveRecord::Base

  belongs_to :metacode

+  scope :relatives, ->(topic_id = nil) { 
+    includes(:synapses1)
+    .includes(:synapses2)
+    .where('synapses.node1_id = ? OR synapses.node2_id = ?', topic_id, topic_id)
+    .references(:synapses)
+  }
+
  def user_name
    user.name
  end
--- a/app/policies/synapse_policy.rb
+++ b/app/policies/synapse_policy.rb
@ -1,7 +1,7 @@
 class SynapsePolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
-      scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id)
+      scope.where('synapses.permission IN (?) OR synapses.user_id = ?', ["public", "commons"], user.id)
    end
  end

--- a/app/policies/topic_policy.rb
+++ b/app/policies/topic_policy.rb
@ -1,7 +1,7 @@
 class TopicPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
-      scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id)
+      scope.where('topics.permission IN (?) OR topics.user_id = ?', ["public", "commons"], user.id)
    end
  end