multiple policy issues (#771)
* multiple policy errors * make some things more explicit
This commit is contained in:
parent
332bb2ec08
commit
c0955d7c5e
5 changed files with 21 additions and 13 deletions
|
@ -65,6 +65,11 @@ class User < ApplicationRecord
|
|||
json
|
||||
end
|
||||
|
||||
def all_accessible_maps
|
||||
#TODO: is there a way to keep this an ActiveRecord relation?
|
||||
maps + shared_maps
|
||||
end
|
||||
|
||||
def recentMetacodes
|
||||
array = []
|
||||
self.topics.sort{|a,b| b.created_at <=> a.created_at }.each do |t|
|
||||
|
|
|
@ -8,11 +8,13 @@ class MappingPolicy < ApplicationPolicy
|
|||
# a private topic, since you can't see the private topic anyways
|
||||
visible = %w(public commons)
|
||||
permission = 'maps.permission IN (?)'
|
||||
if user
|
||||
scope.joins(:map).where(permission, visible).or(scope.joins(:map).where(user_id: user.id))
|
||||
else
|
||||
return scope.joins(:map).where(permission, visible) unless user
|
||||
|
||||
# if this is getting changed, the policy_scope for messages should also be changed
|
||||
# as it is based entirely on the map to which it belongs
|
||||
scope.joins(:map).where(permission, visible)
|
||||
end
|
||||
.or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
|
||||
.or(scope.joins(:map).where('maps.user_id = ?', user.id))
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -4,11 +4,13 @@ class MessagePolicy < ApplicationPolicy
|
|||
def resolve
|
||||
visible = %w(public commons)
|
||||
permission = 'maps.permission IN (?)'
|
||||
if user
|
||||
scope.joins(:maps).where(permission + ' OR maps.user_id = ?', visible, user.id)
|
||||
else
|
||||
scope.where(permission, visible)
|
||||
end
|
||||
return scope.joins(:map).where(permission, visible) unless user
|
||||
|
||||
# if this is getting changed, the policy_scope for mappings should also be changed
|
||||
# as it is based entirely on the map to which it belongs
|
||||
scope.joins(:map).where(permission, visible)
|
||||
.or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
|
||||
.or(scope.joins(:map).where('maps.user_id = ?', user.id))
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -3,11 +3,10 @@ class SynapsePolicy < ApplicationPolicy
|
|||
class Scope < Scope
|
||||
def resolve
|
||||
visible = %w(public commons)
|
||||
|
||||
return scope.where(permission: visible) unless user
|
||||
|
||||
scope.where(permission: visible)
|
||||
.or(scope.where(defer_to_map_id: user.shared_maps.map(&:id)))
|
||||
.or(scope.where.not(defer_to_map_id: nil).where(defer_to_map_id: user.all_accessible_maps.map(&:id)))
|
||||
.or(scope.where(user_id: user.id))
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,7 +6,7 @@ class TopicPolicy < ApplicationPolicy
|
|||
return scope.where(permission: visible) unless user
|
||||
|
||||
scope.where(permission: visible)
|
||||
.or(scope.where(defer_to_map_id: user.shared_maps.map(&:id)))
|
||||
.or(scope.where.not(defer_to_map_id: nil).where(defer_to_map_id: user.all_accessible_maps.map(&:id)))
|
||||
.or(scope.where(user_id: user.id))
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue