glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

switch messages to use pundit

Browse source
This commit is contained in:
Connor Turland 2016-03-23 16:29:26 -07:00
parent baa5439f0f
commit c4890274f2
3 changed files with 43 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/messages_controller.rb
View file

@ -1,10 +1,12 @@
class MessagesController < ApplicationController class MessagesController < ApplicationController
before_filter :require_user, except: [:show] before_action :require_user, except: [:show]
after_action :verify_authorized
# GET /messages/1.json # GET /messages/1.json
def show def show
@message = Message.find(params[:id]) @message = Message.find(params[:id])
authorize @message
respond_to do |format| respond_to do |format|
format.json { render json: @message } format.json { render json: @message }
@ -15,8 +17,8 @@ class MessagesController < ApplicationController
# POST /messages.json # POST /messages.json
def create def create
@message = Message.new(message_params) @message = Message.new(message_params)
@message.user = current_user @message.user = current_user
authorize @message
respond_to do |format| respond_to do |format|
if @message.save if @message.save
@ -31,6 +33,7 @@ class MessagesController < ApplicationController
# PUT /messages/1.json # PUT /messages/1.json
def update def update
@message = Message.find(params[:id]) @message = Message.find(params[:id])
authorize @message
respond_to do |format| respond_to do |format|
if @message.update_attributes(message_params) if @message.update_attributes(message_params)
@ -45,6 +48,8 @@ class MessagesController < ApplicationController
# DELETE /messages/1.json # DELETE /messages/1.json
def destroy def destroy
@message = Message.find(params[:id]) @message = Message.find(params[:id])
authorize @message
@message.destroy @message.destroy
respond_to do |format| respond_to do |format|

35
app/models/message.rb
View file

@ -16,39 +16,4 @@ class Message < ActiveRecord::Base
json json
end end
##### PERMISSIONS ######
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns false if user not allowed to 'show' Topic, Synapse, or Map
def authorize_to_show(user)
if (self.resource && self.resource.permission == "private" && self.resource.user != user)
return false
end
return self
end
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
def authorize_to_edit(user)
if !user
return false
elsif (self.user != user)
return false
end
return self
end
# returns Boolean if user allowed to view Topic, Synapse, or Map
def authorize_to_view(user)
if (self.resource && self.resource.permission == "private" && self.resource.user != user)
return false
end
return true
end
end end

36
app/policies/message_policy.rb Normal file
View file

@ -0,0 +1,36 @@
class MessagePolicy < ApplicationPolicy
class Scope < Scope
def resolve
visible = ['public', 'commons']
permission = 'maps.permission IN (?)'
if user
scope.joins(:maps).where(permission + ' OR maps.user_id = ?', visible, user.id)
else
scope.where(permission, visible)
end
end
end
def show?
resource_policy.show?
end
def create?
record.resource.present? && resource_policy.update?
end
def update?
record.user == user
end
def destroy?
record.user == user || admin_override
end
# Helpers
def resource_policy
@resource_policy ||= Pundit.policy(user, record.resource)
end
end