From bef21341c6a1ae7cccd2f89705087661746c9c25 Mon Sep 17 00:00:00 2001
From: Connor Turland <connorturland@gmail.com>
Date: Sat, 12 Mar 2016 11:10:30 +1100
Subject: [PATCH] pundit: fixing up topics and synapses

---
 app/controllers/synapses_controller.rb |  8 ++++----
 app/controllers/topics_controller.rb   | 16 ++++++++--------
 app/models/synapse.rb                  |  4 ++++
 app/models/topic.rb                    |  7 +++++++
 app/policies/synapse_policy.rb         |  2 +-
 app/policies/topic_policy.rb           |  2 +-
 6 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/app/controllers/synapses_controller.rb b/app/controllers/synapses_controller.rb
index f242ad38..4440872f 100644
--- a/app/controllers/synapses_controller.rb
+++ b/app/controllers/synapses_controller.rb
@@ -10,7 +10,7 @@ class SynapsesController < ApplicationController
   # GET /synapses/1.json
   def show
     @synapse = Synapse.find(params[:id])
-    authorize! @synapse
+    authorize @synapse
 
     render json: @synapse
   end
@@ -20,7 +20,7 @@ class SynapsesController < ApplicationController
   def create
     @synapse = Synapse.new(synapse_params)
     @synapse.desc = "" if @synapse.desc.nil?
-    authorize! @synapse
+    authorize @synapse
 
     respond_to do |format|
       if @synapse.save
@@ -36,7 +36,7 @@ class SynapsesController < ApplicationController
   def update
     @synapse = Synapse.find(params[:id])
     @synapse.desc = "" if @synapse.desc.nil?
-    authorize! @synapse
+    authorize @synapse
 
     respond_to do |format|
       if @synapse.update_attributes(synapse_params)
@@ -50,7 +50,7 @@ class SynapsesController < ApplicationController
   # DELETE synapses/:id
   def destroy
     @synapse = Synapse.find(params[:id])
-    authorize! @synapse
+    authorize @synapse
     @synapse.delete
       
     respond_to do |format|
diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb
index 0d58d912..1b1e9b3c 100644
--- a/app/controllers/topics_controller.rb
+++ b/app/controllers/topics_controller.rb
@@ -20,12 +20,12 @@ class TopicsController < ApplicationController
     # GET topics/:id
     def show
         @topic = Topic.find(params[:id])
-        authorize! @topic
+        authorize @topic
 
         respond_to do |format|
             format.html { 
-                @alltopics = ([@topic] + policy_scope(@topic.relatives))
-                @allsynapses = policy_scope(@topic.synapses)
+                @alltopics = ([@topic] + policy_scope(Topic.relatives(@topic.id)))
+                @allsynapses = policy_scope(Synapse.for_topic(@topic.id))
 
                 @allcreators = @alltopics.map(&:user).uniq
                 @allcreators += @allsynapses.map(&:user).uniq
@@ -39,7 +39,7 @@ class TopicsController < ApplicationController
     # GET topics/:id/network
     def network
         @topic = Topic.find(params[:id])
-        authorize! @topic
+        authorize @topic
 
         @alltopics = [@topic] + policy_scope(@topic.relatives)
         @allsynapses = policy_scope(@topic.synapses)
@@ -83,7 +83,7 @@ class TopicsController < ApplicationController
     # GET topics/:id/relatives
     def relatives
       @topic = Topic.find(params[:id])
-      authorize! @topic
+      authorize @topic
 
       topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
 
@@ -117,7 +117,7 @@ class TopicsController < ApplicationController
   # POST /topics.json
   def create
     @topic = Topic.new(topic_params)
-    authorize! @topic
+    authorize @topic
 
     respond_to do |format|
       if @topic.save
@@ -132,7 +132,7 @@ class TopicsController < ApplicationController
   # PUT /topics/1.json
   def update
     @topic = Topic.find(params[:id])
-    authorize! @topic
+    authorize @topic
 
     respond_to do |format|
       if @topic.update_attributes(topic_params)
@@ -146,7 +146,7 @@ class TopicsController < ApplicationController
   # DELETE topics/:id
   def destroy
     @topic = Topic.find(params[:id])
-    authorize! @topic
+    authorize @topic
 
     @topic.delete
     respond_to do |format|
diff --git a/app/models/synapse.rb b/app/models/synapse.rb
index d545a25c..540376bb 100644
--- a/app/models/synapse.rb
+++ b/app/models/synapse.rb
@@ -16,6 +16,10 @@ class Synapse < ActiveRecord::Base
 
   validates :category, inclusion: { in: ['from-to', 'both'], allow_nil: true }
 
+  scope :for_topic, ->(topic_id = nil) { 
+    where("node1_id = ? OR node2_id = ?", topic_id, topic_id) 
+  } 
+
   # :nocov:
   def user_name
     user.name
diff --git a/app/models/topic.rb b/app/models/topic.rb
index 0039040e..0f312823 100644
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@@ -41,6 +41,13 @@ class Topic < ActiveRecord::Base
 
   belongs_to :metacode
 
+  scope :relatives, ->(topic_id = nil) { 
+    includes(:synapses1)
+    .includes(:synapses2)
+    .where('synapses.node1_id = ? OR synapses.node2_id = ?', topic_id, topic_id)
+    .references(:synapses)
+  }
+
   def user_name
     user.name
   end
diff --git a/app/policies/synapse_policy.rb b/app/policies/synapse_policy.rb
index 12f9c8ca..85de12da 100644
--- a/app/policies/synapse_policy.rb
+++ b/app/policies/synapse_policy.rb
@@ -1,7 +1,7 @@
 class SynapsePolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
-      scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id)
+      scope.where('synapses.permission IN (?) OR synapses.user_id = ?', ["public", "commons"], user.id)
     end
   end
 
diff --git a/app/policies/topic_policy.rb b/app/policies/topic_policy.rb
index 97fefdcc..43d4ec98 100644
--- a/app/policies/topic_policy.rb
+++ b/app/policies/topic_policy.rb
@@ -1,7 +1,7 @@
 class TopicPolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
-      scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id)
+      scope.where('topics.permission IN (?) OR topics.user_id = ?', ["public", "commons"], user.id)
     end
   end