pundit: fixing up topics and synapses

app/controllers/synapses_controller.rb

@@ -10,7 +10,7 @@ class SynapsesController < ApplicationController
   # GET /synapses/1.json
   def show
     @synapse = Synapse.find(params[:id])
-    authorize! @synapse
+    authorize @synapse
 
     render json: @synapse
   end
@@ -20,7 +20,7 @@ class SynapsesController < ApplicationController
   def create
     @synapse = Synapse.new(synapse_params)
     @synapse.desc = "" if @synapse.desc.nil?
-    authorize! @synapse
+    authorize @synapse
 
     respond_to do |format|
       if @synapse.save
@@ -36,7 +36,7 @@ class SynapsesController < ApplicationController
   def update
     @synapse = Synapse.find(params[:id])
     @synapse.desc = "" if @synapse.desc.nil?
-    authorize! @synapse
+    authorize @synapse
 
     respond_to do |format|
       if @synapse.update_attributes(synapse_params)
@@ -50,7 +50,7 @@ class SynapsesController < ApplicationController
   # DELETE synapses/:id
   def destroy
     @synapse = Synapse.find(params[:id])
-    authorize! @synapse
+    authorize @synapse
     @synapse.delete
       
     respond_to do |format|

app/controllers/topics_controller.rb

@@ -20,12 +20,12 @@ class TopicsController < ApplicationController
     # GET topics/:id
     def show
         @topic = Topic.find(params[:id])
-        authorize! @topic
+        authorize @topic
 
         respond_to do |format|
             format.html { 
-                @alltopics = ([@topic] + policy_scope(@topic.relatives))
-                @allsynapses = policy_scope(@topic.synapses)
+                @alltopics = ([@topic] + policy_scope(Topic.relatives(@topic.id)))
+                @allsynapses = policy_scope(Synapse.for_topic(@topic.id))
 
                 @allcreators = @alltopics.map(&:user).uniq
                 @allcreators += @allsynapses.map(&:user).uniq
@@ -39,7 +39,7 @@ class TopicsController < ApplicationController
     # GET topics/:id/network
     def network
         @topic = Topic.find(params[:id])
-        authorize! @topic
+        authorize @topic
 
         @alltopics = [@topic] + policy_scope(@topic.relatives)
         @allsynapses = policy_scope(@topic.synapses)
@@ -83,7 +83,7 @@ class TopicsController < ApplicationController
     # GET topics/:id/relatives
     def relatives
       @topic = Topic.find(params[:id])
-      authorize! @topic
+      authorize @topic
 
       topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
 
@@ -117,7 +117,7 @@ class TopicsController < ApplicationController
   # POST /topics.json
   def create
     @topic = Topic.new(topic_params)
-    authorize! @topic
+    authorize @topic
 
     respond_to do |format|
       if @topic.save
@@ -132,7 +132,7 @@ class TopicsController < ApplicationController
   # PUT /topics/1.json
   def update
     @topic = Topic.find(params[:id])
-    authorize! @topic
+    authorize @topic
 
     respond_to do |format|
       if @topic.update_attributes(topic_params)
@@ -146,7 +146,7 @@ class TopicsController < ApplicationController
   # DELETE topics/:id
   def destroy
     @topic = Topic.find(params[:id])
-    authorize! @topic
+    authorize @topic
 
     @topic.delete
     respond_to do |format|

app/models/synapse.rb

@@ -14,6 +14,10 @@ class Synapse < ActiveRecord::Base
 
   validates :category, inclusion: { in: ['from-to', 'both'], allow_nil: true }
 
+  scope :for_topic, ->(topic_id = nil) { 
+    where("node1_id = ? OR node2_id = ?", topic_id, topic_id) 
+  } 
+
   # :nocov:
   def user_name
     user.name

app/models/topic.rb

@@ -41,6 +41,13 @@ class Topic < ActiveRecord::Base
 
   belongs_to :metacode
 
+  scope :relatives, ->(topic_id = nil) { 
+    includes(:synapses1)
+    .includes(:synapses2)
+    .where('synapses.node1_id = ? OR synapses.node2_id = ?', topic_id, topic_id)
+    .references(:synapses)
+  }
+
   def user_name
     user.name
   end

app/policies/synapse_policy.rb

@@ -1,7 +1,7 @@
 class SynapsePolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
-      scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id)
+      scope.where('synapses.permission IN (?) OR synapses.user_id = ?', ["public", "commons"], user.id)
     end
   end
 

app/policies/topic_policy.rb

@@ -1,7 +1,7 @@
 class TopicPolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
-      scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id)
+      scope.where('topics.permission IN (?) OR topics.user_id = ?', ["public", "commons"], user.id)
     end
   end