From dc6ccd20223709c087d7ef6784772cfd597ee381 Mon Sep 17 00:00:00 2001 From: Connor Turland Date: Sat, 12 Mar 2016 11:10:30 +1100 Subject: [PATCH] pundit: fixing up topics and synapses --- app/controllers/synapses_controller.rb | 8 ++++---- app/controllers/topics_controller.rb | 16 ++++++++-------- app/models/synapse.rb | 4 ++++ app/models/topic.rb | 7 +++++++ app/policies/synapse_policy.rb | 2 +- app/policies/topic_policy.rb | 2 +- 6 files changed, 25 insertions(+), 14 deletions(-) diff --git a/app/controllers/synapses_controller.rb b/app/controllers/synapses_controller.rb index f242ad38..4440872f 100644 --- a/app/controllers/synapses_controller.rb +++ b/app/controllers/synapses_controller.rb @@ -10,7 +10,7 @@ class SynapsesController < ApplicationController # GET /synapses/1.json def show @synapse = Synapse.find(params[:id]) - authorize! @synapse + authorize @synapse render json: @synapse end @@ -20,7 +20,7 @@ class SynapsesController < ApplicationController def create @synapse = Synapse.new(synapse_params) @synapse.desc = "" if @synapse.desc.nil? - authorize! @synapse + authorize @synapse respond_to do |format| if @synapse.save @@ -36,7 +36,7 @@ class SynapsesController < ApplicationController def update @synapse = Synapse.find(params[:id]) @synapse.desc = "" if @synapse.desc.nil? - authorize! @synapse + authorize @synapse respond_to do |format| if @synapse.update_attributes(synapse_params) @@ -50,7 +50,7 @@ class SynapsesController < ApplicationController # DELETE synapses/:id def destroy @synapse = Synapse.find(params[:id]) - authorize! @synapse + authorize @synapse @synapse.delete respond_to do |format| diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb index 0d58d912..1b1e9b3c 100644 --- a/app/controllers/topics_controller.rb +++ b/app/controllers/topics_controller.rb @@ -20,12 +20,12 @@ class TopicsController < ApplicationController # GET topics/:id def show @topic = Topic.find(params[:id]) - authorize! @topic + authorize @topic respond_to do |format| format.html { - @alltopics = ([@topic] + policy_scope(@topic.relatives)) - @allsynapses = policy_scope(@topic.synapses) + @alltopics = ([@topic] + policy_scope(Topic.relatives(@topic.id))) + @allsynapses = policy_scope(Synapse.for_topic(@topic.id)) @allcreators = @alltopics.map(&:user).uniq @allcreators += @allsynapses.map(&:user).uniq @@ -39,7 +39,7 @@ class TopicsController < ApplicationController # GET topics/:id/network def network @topic = Topic.find(params[:id]) - authorize! @topic + authorize @topic @alltopics = [@topic] + policy_scope(@topic.relatives) @allsynapses = policy_scope(@topic.synapses) @@ -83,7 +83,7 @@ class TopicsController < ApplicationController # GET topics/:id/relatives def relatives @topic = Topic.find(params[:id]) - authorize! @topic + authorize @topic topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : [] @@ -117,7 +117,7 @@ class TopicsController < ApplicationController # POST /topics.json def create @topic = Topic.new(topic_params) - authorize! @topic + authorize @topic respond_to do |format| if @topic.save @@ -132,7 +132,7 @@ class TopicsController < ApplicationController # PUT /topics/1.json def update @topic = Topic.find(params[:id]) - authorize! @topic + authorize @topic respond_to do |format| if @topic.update_attributes(topic_params) @@ -146,7 +146,7 @@ class TopicsController < ApplicationController # DELETE topics/:id def destroy @topic = Topic.find(params[:id]) - authorize! @topic + authorize @topic @topic.delete respond_to do |format| diff --git a/app/models/synapse.rb b/app/models/synapse.rb index beda8976..4807d7ab 100644 --- a/app/models/synapse.rb +++ b/app/models/synapse.rb @@ -14,6 +14,10 @@ class Synapse < ActiveRecord::Base validates :category, inclusion: { in: ['from-to', 'both'], allow_nil: true } + scope :for_topic, ->(topic_id = nil) { + where("node1_id = ? OR node2_id = ?", topic_id, topic_id) + } + # :nocov: def user_name user.name diff --git a/app/models/topic.rb b/app/models/topic.rb index 0039040e..0f312823 100644 --- a/app/models/topic.rb +++ b/app/models/topic.rb @@ -41,6 +41,13 @@ class Topic < ActiveRecord::Base belongs_to :metacode + scope :relatives, ->(topic_id = nil) { + includes(:synapses1) + .includes(:synapses2) + .where('synapses.node1_id = ? OR synapses.node2_id = ?', topic_id, topic_id) + .references(:synapses) + } + def user_name user.name end diff --git a/app/policies/synapse_policy.rb b/app/policies/synapse_policy.rb index 12f9c8ca..85de12da 100644 --- a/app/policies/synapse_policy.rb +++ b/app/policies/synapse_policy.rb @@ -1,7 +1,7 @@ class SynapsePolicy < ApplicationPolicy class Scope < Scope def resolve - scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id) + scope.where('synapses.permission IN (?) OR synapses.user_id = ?', ["public", "commons"], user.id) end end diff --git a/app/policies/topic_policy.rb b/app/policies/topic_policy.rb index 97fefdcc..43d4ec98 100644 --- a/app/policies/topic_policy.rb +++ b/app/policies/topic_policy.rb @@ -1,7 +1,7 @@ class TopicPolicy < ApplicationPolicy class Scope < Scope def resolve - scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id) + scope.where('topics.permission IN (?) OR topics.user_id = ?', ["public", "commons"], user.id) end end