glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'feature/pundit' into develop

Browse source
This commit is contained in:
Connor Turland 2016-03-12 21:26:06 +11:00
parent 2e6493fd23 a295c61322
commit f58185fd40
30 changed files with 692 additions and 489 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Gemfile
View file

@ -6,7 +6,7 @@ gem 'rails', '4.2.4'
gem 'devise'
gem 'redis'
gem 'pg'
gem 'cancancan'
gem 'pundit'
gem 'formula'
gem 'formtastic'
gem 'json'

5
Gemfile.lock
View file

@ -56,7 +56,6 @@ GEM
builder (3.2.2)
byebug (5.0.0)
columnize (= 0.9.0)
cancancan (1.13.1)
climate_control (0.0.3)
activesupport (>= 3.0)
cocaine (0.5.7)
@ -141,6 +140,8 @@ GEM
pry (~> 0.10)
pry-rails (0.3.4)
pry (>= 0.9.10)
pundit (1.1.0)
activesupport (>= 3.0.0)
quiet_assets (1.1.0)
railties (>= 3.1, < 5.0)
rack (1.6.4)
@ -243,7 +244,6 @@ DEPENDENCIES
best_in_place
better_errors
binding_of_caller
cancancan
coffee-rails
devise
dotenv
@ -260,6 +260,7 @@ DEPENDENCIES
pg
pry-byebug
pry-rails
pundit
quiet_assets
rails (= 4.2.4)
rails3-jquery-autocomplete

7
app/controllers/application_controller.rb
View file

@ -1,4 +1,7 @@
class ApplicationController < ActionController::Base
include Pundit
include PunditExtra
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
protect_from_forgery
before_action :get_invite_link
@ -22,6 +25,10 @@ class ApplicationController < ActionController::Base
stored_location_for(resource) || request.referer || root_path
end
end
def handle_unauthorized
head :forbidden # TODO make this better
end
private

120
app/controllers/main_controller.rb
View file

@ -3,20 +3,20 @@ class MainController < ApplicationController
include MapsHelper
include UsersHelper
include SynapsesHelper
after_action :verify_policy_scoped
respond_to :html, :json
# home page
def home
@current = current_user
@maps = policy_scope(Map).order("updated_at DESC").page(1).per(20)
respond_to do |format|
format.html {
if authenticated?
@maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(1).per(20)
respond_with(@maps, @current)
if not authenticated?
render 'main/home'
else
respond_with(@current)
render 'maps/activemaps'
end
}
end
@ -59,69 +59,35 @@ class MainController < ApplicationController
filterByMetacode = m
end
end
search = '%' + term.downcase + '%'
builder = policy_scope(Topic)
if filterByMetacode
if term == ""
@topics = []
builder = builder.none
else
search = term.downcase + '%'
if user
@topics = Set.new(Topic.where('LOWER("name") like ?', search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
@topics2 = Set.new(Topic.where('LOWER("name") like ?', '%' + search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
@topics3 = Set.new(Topic.where('LOWER("desc") like ?', '%' + search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
@topics4 = Set.new(Topic.where('LOWER("link") like ?', '%' + search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
else
@topics = Set.new(Topic.where('LOWER("name") like ?', search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
@topics2 = Set.new(Topic.where('LOWER("name") like ?', '%' + search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
@topics3 = Set.new(Topic.where('LOWER("desc") like ?', '%' + search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
@topics4 = Set.new(Topic.where('LOWER("link") like ?', '%' + search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
end
#get unique elements only through the magic of Sets
@topics = (@topics + @topics2 + @topics3 + @topics4).to_a
builder = builder.where('LOWER("name") like ? OR
LOWER("desc") like ? OR
LOWER("link") like ?', search, search, search)
builder = builder.where(metacode_id: filterByMetacode.id)
end
elsif desc
search = '%' + term.downcase + '%'
if !user
@topics = Topic.where('LOWER("desc") like ?', search).order('"name"')
elsif user
@topics = Topic.where('LOWER("desc") like ?', search).where('user_id = ?', user).order('"name"')
end
builder = builder.where('LOWER("desc") like ?', search)
elsif link
search = '%' + term.downcase + '%'
if !user
@topics = Topic.where('LOWER("link") like ?', search).order('"name"')
elsif user
@topics = Topic.where('LOWER("link") like ?', search).where('user_id = ?', user).order('"name"')
end
builder = builder.where('LOWER("link") like ?', search)
else #regular case, just search the name
search = term.downcase + '%'
if !user
@topics = Topic.where('LOWER("name") like ?', search).order('"name"')
@topics2 = Topic.where('LOWER("name") like ?', '%' + search).order('"name"')
@topics3 = Topic.where('LOWER("desc") like ?', '%' + search).order('"name"')
@topics4 = Topic.where('LOWER("link") like ?', '%' + search).order('"name"')
@topics = @topics + (@topics2 - @topics)
@topics = @topics + (@topics3 - @topics)
@topics = @topics + (@topics4 - @topics)
elsif user
@topics = Topic.where('LOWER("name") like ?', search).where('user_id = ?', user).order('"name"')
@topics2 = Topic.where('LOWER("name") like ?', '%' + search).where('user_id = ?', user).order('"name"')
@topics3 = Topic.where('LOWER("desc") like ?', '%' + search).where('user_id = ?', user).order('"name"')
@topics4 = Topic.where('LOWER("link") like ?', '%' + search).where('user_id = ?', user).order('"name"')
@topics = @topics + (@topics2 - @topics)
@topics = @topics + (@topics3 - @topics)
@topics = @topics + (@topics4 - @topics)
end
builder = builder.where('LOWER("name") like ? OR
LOWER("desc") like ? OR
LOWER("link") like ?', search, search, search)
end
builder = builder.where(user: user) if user
@topics = builder.order(:name)
else
@topics = []
end
#read this next line as 'delete a topic if its private and you're either 1. logged out or 2. logged in but not the topic creator
@topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
render json: autocomplete_array_json(@topics)
end
@ -141,21 +107,21 @@ class MainController < ApplicationController
term = term[5..-1]
desc = true
end
search = '%' + term.downcase + '%'
query = desc ? 'LOWER("desc") like ?' : 'LOWER("name") like ?'
if !user
# !connor why is the limit 5 done here and not above? also, why not limit after sorting alphabetically?
@maps = Map.where(query, search).limit(5).order('"name"')
elsif user
@maps = Map.where(query, search).where('user_id = ?', user).order('"name"')
builder = policy_scope(Map)
if desc
builder = builder.where('LOWER("desc") like ?', search)
else
builder = builder.where('LOWER("name") like ?', search)
end
builder = builder.where(user: user) if user
@maps = builder.order(:name)
else
@maps = []
end
#read this next line as 'delete a map if its private and you're either 1. logged out or 2. logged in but not the map creator
@maps.to_a.delete_if {|m| m.permission == "private" && (!authenticated? || (authenticated? && current_user.id != m.user_id)) }
render json: autocomplete_map_array_json(@maps)
end
@ -166,7 +132,10 @@ class MainController < ApplicationController
#remove "mapper:" if appended at beginning
term = term[7..-1] if term.downcase[0..6] == "mapper:"
@mappers = User.where('LOWER("name") like ?', term.downcase + '%').order('"name"')
search = term.downcase + '%'
builder = policy_scope(User) # TODO do I need to policy scope? I guess yes to verify_policy_scoped
builder = builder.where('LOWER("name") like ?', search)
@mappers = builder.order(:name)
else
@mappers = []
end
@ -181,7 +150,7 @@ class MainController < ApplicationController
topic2id = params[:topic2id]
if term && !term.empty?
@synapses = Synapse.where('LOWER("desc") like ?', '%' + term.downcase + '%').order('"desc"')
@synapses = policy_scope(Synapse).where('LOWER("desc") like ?', '%' + term.downcase + '%').order('"desc"')
# remove any duplicate synapse types that just differ by
# leading or trailing whitespaces
@ -195,23 +164,18 @@ class MainController < ApplicationController
boolean = true
end
}
#limit to 5 results
@synapses = @synapses.slice(0,5)
elsif topic1id && !topic1id.empty?
@one = Synapse.where('node1_id = ? AND node2_id = ?', topic1id, topic2id)
@two = Synapse.where('node2_id = ? AND node1_id = ?', topic1id, topic2id)
@one = policy_scope(Synapse).where('node1_id = ? AND node2_id = ?', topic1id, topic2id)
@two = policy_scope(Synapse).where('node2_id = ? AND node1_id = ?', topic1id, topic2id)
@synapses = @one + @two
@synapses.sort! {|s1,s2| s1.desc <=> s2.desc }.to_a
#permissions
@synapses.delete_if {|s| s.permission == "private" && !authenticated? }
@synapses.delete_if {|s| s.permission == "private" && authenticated? && current_user.id != s.user_id }
else
@synapses = []
end
#limit to 5 results
@synapses = @synapses.slice(0,5)
render json: autocomplete_synapse_array_json(@synapses)
end
end

12
app/controllers/mappings_controller.rb
View file

@ -1,12 +1,15 @@
class MappingsController < ApplicationController
before_action :require_user, only: [:create, :update, :destroy]
after_action :verify_authorized, except: :index
after_action :verify_policy_scoped, only: :index
respond_to :json
# GET /mappings/1.json
def show
@mapping = Mapping.find(params[:id])
authorize @mapping
render json: @mapping
end
@ -14,6 +17,8 @@ class MappingsController < ApplicationController
# POST /mappings.json
def create
@mapping = Mapping.new(mapping_params)
authorize @mapping
@mapping.user = current_user
if @mapping.save
render json: @mapping, status: :created
@ -25,6 +30,7 @@ class MappingsController < ApplicationController
# PUT /mappings/1.json
def update
@mapping = Mapping.find(params[:id])
authorize @mapping
if @mapping.update_attributes(mapping_params)
head :no_content
@ -36,7 +42,7 @@ class MappingsController < ApplicationController
# DELETE /mappings/1.json
def destroy
@mapping = Mapping.find(params[:id])
@map = @mapping.map
authorize @mapping
@mapping.destroy
@ -46,6 +52,6 @@ class MappingsController < ApplicationController
private
# Never trust parameters from the scary internet, only allow the white list through.
def mapping_params
params.require(:mapping).permit(:id, :xloc, :yloc, :mappable_id, :mappable_type, :map_id, :user_id)
params.require(:mapping).permit(:id, :xloc, :yloc, :mappable_id, :mappable_type, :map_id)
end
end

175
app/controllers/maps_controller.rb
View file

@ -1,67 +1,84 @@
class MapsController < ApplicationController
before_action :require_user, only: [:create, :update, :screenshot, :destroy]
after_action :verify_authorized, except: [:activemaps, :featuredmaps, :mymaps, :usermaps]
after_action :verify_policy_scoped, only: [:activemaps, :featuredmaps, :mymaps, :usermaps]
respond_to :html, :json
autocomplete :map, :name, :full => true, :extra_data => [:user_id]
# GET /explore/active
# GET /explore/featured
# GET /explore/mapper/:id
def index
return redirect_to activemaps_url if request.path == "/explore"
@current = current_user
@maps = []
def activemaps
page = params[:page].present? ? params[:page] : 1
if request.path.index("/explore/active") != nil
@maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(page).per(20)
@request = "active"
elsif request.path.index("/explore/featured") != nil
@maps = Map.where("maps.featured = ? AND maps.permission != ?", true, "private").order("updated_at DESC").page(page).per(20)
@request = "featured"
elsif request.path.index('/explore/mine') != nil # looking for maps by me
return redirect_to activemaps_url if !authenticated?
# don't need to exclude private maps because they all belong to you
@maps = Map.where("maps.user_id = ?", @current.id).order("updated_at DESC").page(page).per(20)
@request = "you"
elsif request.path.index('/explore/mapper/') != nil # looking for maps by a mapper
@user = User.find(params[:id])
@maps = Map.where("maps.user_id = ? AND maps.permission != ?", @user.id, "private").order("updated_at DESC").page(page).per(20)
@request = "mapper"
end
@maps = policy_scope(Map).order("updated_at DESC")
.page(page).per(20)
respond_to do |format|
format.html {
if @request == "active" && authenticated?
redirect_to root_url and return
end
respond_with(@maps, @request, @user)
# root url => main/home. main/home renders maps/activemaps view.
redirect_to root_url and return if authenticated?
respond_with(@maps, @user)
}
format.json { render json: @maps }
end
end
# GET /explore/featured
def featuredmaps
page = params[:page].present? ? params[:page] : 1
@maps = policy_scope(
Map.where("maps.featured = ? AND maps.permission != ?",
true, "private")
).order("updated_at DESC").page(page).per(20)
respond_to do |format|
format.html { respond_with(@maps, @user) }
format.json { render json: @maps }
end
end
# GET /explore/mine
def mymaps
return redirect_to activemaps_url if !authenticated?
page = params[:page].present? ? params[:page] : 1
@maps = policy_scope(
Map.where("maps.user_id = ?", current_user.id)
).order("updated_at DESC").page(page).per(20)
respond_to do |format|
format.html { respond_with(@maps, @user) }
format.json { render json: @maps }
end
end
# GET /explore/mapper/:id
def usermaps
page = params[:page].present? ? params[:page] : 1
@user = User.find(params[:id])
@maps = policy_scope(Map.where(user: @user))
.order("updated_at DESC").page(page).per(20)
respond_to do |format|
format.html { respond_with(@maps, @user) }
format.json { render json: @maps }
end
end
# GET maps/:id
def show
@current = current_user
@map = Map.find(params[:id]).authorize_to_show(@current)
if not @map
redirect_to root_url, notice: "Access denied. That map is private." and return
end
@map = Map.find(params[:id])
authorize @map
respond_to do |format|
format.html {
@allmappers = @map.contributors
@alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) }
@allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) }
@alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
@allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) }
@allmappings = @map.mappings.to_a.delete_if {|m|
object = m.mappable
!object || (object.permission == "private" && (!authenticated? || (authenticated? && @current.id != object.user_id)))
!object || (object.permission == "private" && (!authenticated? || (authenticated? && current_user.id != object.user_id)))
}
respond_with(@allmappers, @allmappings, @allsynapses, @alltopics, @map)
@ -72,20 +89,15 @@ class MapsController < ApplicationController
# GET maps/:id/contains
def contains
@current = current_user
@map = Map.find(params[:id]).authorize_to_show(@current)
if not @map
redirect_to root_url, notice: "Access denied. That map is private." and return
end
@map = Map.find(params[:id])
authorize @map
@allmappers = @map.contributors
@alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) }
@allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) }
@alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
@allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) }
@allmappings = @map.mappings.to_a.delete_if {|m|
object = m.mappable
!object || (object.permission == "private" && (!authenticated? || (authenticated? && @current.id != object.user_id)))
!object || (object.permission == "private" && (!authenticated? || (authenticated? && current_user.id != object.user_id)))
}
@json = Hash.new()
@ -121,6 +133,7 @@ class MapsController < ApplicationController
mapping.xloc = topic[1]
mapping.yloc = topic[2]
@map.topicmappings << mapping
authorize mapping, :create
mapping.save
end
@ -133,6 +146,7 @@ class MapsController < ApplicationController
mapping.map = @map
mapping.mappable = Synapse.find(synapse_id)
@map.synapsemappings << mapping
authorize mapping, :create
mapping.save
end
end
@ -140,6 +154,8 @@ class MapsController < ApplicationController
@map.arranged = true
end
authorize @map
if @map.save
respond_to do |format|
format.json { render :json => @map }
@ -153,13 +169,11 @@ class MapsController < ApplicationController
# PUT maps/:id
def update
@current = current_user
@map = Map.find(params[:id]).authorize_to_edit(@current)
@map = Map.find(params[:id])
authorize @map
respond_to do |format|
if !@map
format.json { render json: "unauthorized" }
elsif @map.update_attributes(map_params)
if @map.update_attributes(map_params)
format.json { head :no_content }
else
format.json { render json: @map.errors, status: :unprocessable_entity }
@ -169,51 +183,42 @@ class MapsController < ApplicationController
# POST maps/:id/upload_screenshot
def screenshot
@current = current_user
@map = Map.find(params[:id]).authorize_to_edit(@current)
@map = Map.find(params[:id])
authorize @map
if @map
png = Base64.decode64(params[:encoded_image]['data:image/png;base64,'.length .. -1])
StringIO.open(png) do |data|
data.class.class_eval { attr_accessor :original_filename, :content_type }
data.original_filename = "map-" + @map.id.to_s + "-screenshot.png"
data.content_type = "image/png"
@map.screenshot = data
end
png = Base64.decode64(params[:encoded_image]['data:image/png;base64,'.length .. -1])
StringIO.open(png) do |data|
data.class.class_eval { attr_accessor :original_filename, :content_type }
data.original_filename = "map-" + @map.id.to_s + "-screenshot.png"
data.content_type = "image/png"
@map.screenshot = data
end
if @map.save
render :json => {:message => "Successfully uploaded the map screenshot."}
else
render :json => {:message => "Failed to upload image."}
end
else
render :json => {:message => "Unauthorized to set map screenshot."}
end
if @map.save
render :json => {:message => "Successfully uploaded the map screenshot."}
else
render :json => {:message => "Failed to upload image."}
end
end
# DELETE maps/:id
def destroy
@current = current_user
@map = Map.find(params[:id])
authorize @map
@map = Map.find(params[:id]).authorize_to_delete(@current)
@map.delete
@map.delete if @map
respond_to do |format|
format.json {
if @map
render json: "success"
else
render json: "unauthorized"
end
}
respond_to do |format|
format.json do
head :no_content
end
end
end
private
# Never trust parameters from the scary internet, only allow the white list through.
def map_params
params.require(:map).permit(:id, :name, :arranged, :desc, :permission, :user_id)
params.require(:map).permit(:id, :name, :arranged, :desc, :permission)
end
end

16
app/controllers/synapses_controller.rb
View file

@ -2,19 +2,16 @@ class SynapsesController < ApplicationController
include TopicsHelper
before_action :require_user, only: [:create, :update, :destroy]
after_action :verify_authorized, except: :index
after_action :verify_policy_scoped, only: :index
respond_to :json
# GET /synapses/1.json
def show
@synapse = Synapse.find(params[:id])
authorize @synapse
#.authorize_to_show(@current)
#if not @synapse
# redirect_to root_url and return
#end
render json: @synapse
end
@ -23,6 +20,7 @@ class SynapsesController < ApplicationController
def create
@synapse = Synapse.new(synapse_params)
@synapse.desc = "" if @synapse.desc.nil?
authorize @synapse
respond_to do |format|
if @synapse.save
@ -38,6 +36,7 @@ class SynapsesController < ApplicationController
def update
@synapse = Synapse.find(params[:id])
@synapse.desc = "" if @synapse.desc.nil?
authorize @synapse
respond_to do |format|
if @synapse.update_attributes(synapse_params)
@ -50,8 +49,9 @@ class SynapsesController < ApplicationController
# DELETE synapses/:id
def destroy
@synapse = Synapse.find(params[:id]).authorize_to_delete(current_user)
@synapse.delete if @synapse
@synapse = Synapse.find(params[:id])
authorize @synapse
@synapse.delete
respond_to do |format|
format.json { head :no_content }

215
app/controllers/topics_controller.rb
View file

@ -2,20 +2,15 @@ class TopicsController < ApplicationController
include TopicsHelper
before_action :require_user, only: [:create, :update, :destroy]
after_action :verify_authorized, except: :autocomplete_topic
respond_to :html, :js, :json
# GET /topics/autocomplete_topic
def autocomplete_topic
@current = current_user
term = params[:term]
if term && !term.empty?
@topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"')
#read this next line as 'delete a topic if its private and you're either
#1. logged out or 2. logged in but not the topic creator
@topics.to_a.delete_if {|t| t.permission == "private" &&
(!authenticated? || (authenticated? && @current.id != t.user_id)) }
@topics = policy_scope(Topic.where('LOWER("name") like ?', term.downcase + '%')).order('"name"')
else
@topics = []
end
@ -24,29 +19,16 @@ class TopicsController < ApplicationController
# GET topics/:id
def show
@current = current_user
@topic = Topic.find(params[:id]).authorize_to_show(@current)
if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return
end
@topic = Topic.find(params[:id])
authorize @topic
respond_to do |format|
format.html {
@alltopics = ([@topic] + @topic.relatives).delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } # should limit to topics visible to user
@allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) }
@alltopics = ([@topic] + policy_scope(Topic.relatives(@topic.id)))
@allsynapses = policy_scope(Synapse.for_topic(@topic.id))
@allcreators = []
@alltopics.each do |t|
if @allcreators.index(t.user) == nil
@allcreators.push(t.user)
end
end
@allsynapses.each do |s|
if @allcreators.index(s.user) == nil
@allcreators.push(s.user)
end
end
@allcreators = @alltopics.map(&:user).uniq
@allcreators += @allsynapses.map(&:user).uniq
respond_with(@allsynapses, @alltopics, @allcreators, @topic)
}
@ -56,28 +38,15 @@ class TopicsController < ApplicationController
# GET topics/:id/network
def network
@current = current_user
@topic = Topic.find(params[:id]).authorize_to_show(@current)
@topic = Topic.find(params[:id])
authorize @topic
if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return
end
@alltopics = [@topic] + policy_scope(@topic.relatives)
@allsynapses = policy_scope(@topic.synapses)
@allcreators = @alltopics.map(&:user).uniq
@allcreators += @allsynapses.map(&:user).uniq
@alltopics = @topic.relatives.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) }
@allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) }
@allcreators = []
@allcreators.push(@topic.user)
@alltopics.each do |t|
if @allcreators.index(t.user) == nil
@allcreators.push(t.user)
end
end
@allsynapses.each do |s|
if @allcreators.index(s.user) == nil
@allcreators.push(s.user)
end
end
@json = Hash.new()
@json['topic'] = @topic
@json['creators'] = @allcreators
@ -91,121 +60,99 @@ class TopicsController < ApplicationController
# GET topics/:id/relative_numbers
def relative_numbers
@current = current_user
@topic = Topic.find(params[:id]).authorize_to_show(@current)
@topic = Topic.find(params[:id])
authorize @topic
if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return
topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
@alltopics = policy_scope(@topic.relatives).to_a.uniq
@alltopics.delete_if! do |topic|
topicsAlreadyHas.index(topic.id) != nil
end
@topicsAlreadyHas = params[:network] ? params[:network].split(',') : []
@alltopics = @topic.relatives.to_a.delete_if {|t|
@topicsAlreadyHas.index(t.id.to_s) != nil ||
(t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)))
}
@alltopics.uniq!
@json = Hash.new()
@json = Hash.new(0)
@alltopics.each do |t|
if @json[t.metacode.id]
@json[t.metacode.id] += 1
else
@json[t.metacode.id] = 1
end
@json[t.metacode.id] += 1
end
respond_to do |format|
format.json { render json: @json }
format.json { render json: @json }
end
end
# GET topics/:id/relatives
def relatives
@current = current_user
@topic = Topic.find(params[:id]).authorize_to_show(@current)
@topic = Topic.find(params[:id])
authorize @topic
if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return
end
topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
@topicsAlreadyHas = params[:network] ? params[:network].split(',') : []
alltopics = policy_scope(@topic.relatives).to_a.uniq.delete_if do |topic|
topicsAlreadyHas.index(topic.id.to_s) != nil
end
@alltopics = @topic.relatives.to_a.delete_if {|t|
@topicsAlreadyHas.index(t.id.to_s) != nil ||
(params[:metacode] && t.metacode_id.to_s != params[:metacode]) ||
(t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)))
}
#find synapses between topics in alltopics array
allsynapses = policy_scope(@topic.synapses)
synapse_ids = (allsynapses.map(&:topic1_id) + allsynapses.map(&:topic2_id)).uniq
allsynapses.delete_if! do |synapse|
synapse_ids.index(synapse.id) != nil
end
@alltopics.uniq!
creatorsAlreadyHas = params[:creators] ? params[:creators].split(',').map(&:to_i) : []
allcreators = (alltopics.map(&:user) + allsynapses.map(&:user)).uniq.delete_if do |user|
creatorsAlreadyHas.index(user.id) != nil
end
@allsynapses = @topic.synapses.to_a.delete_if {|s|
(s.topic1 == @topic && @alltopics.index(s.topic2) == nil) ||
(s.topic2 == @topic && @alltopics.index(s.topic1) == nil)
}
@json = Hash.new()
@json['topics'] = alltopics
@json['synapses'] = allsynapses
@json['creators'] = allcreators
@creatorsAlreadyHas = params[:creators] ? params[:creators].split(',') : []
@allcreators = []
@alltopics.each do |t|
if @allcreators.index(t.user) == nil && @creatorsAlreadyHas.index(t.user_id.to_s) == nil
@allcreators.push(t.user)
end
end
@allsynapses.each do |s|
if @allcreators.index(s.user) == nil && @creatorsAlreadyHas.index(s.user_id.to_s) == nil
@allcreators.push(s.user)
end
end
@json = Hash.new()
@json['topics'] = @alltopics
@json['synapses'] = @allsynapses
@json['creators'] = @allcreators
respond_to do |format|
format.json { render json: @json }
end
respond_to do |format|
format.json { render json: @json }
end
end
# POST /topics
# POST /topics.json
def create
@topic = Topic.new(topic_params)
# POST /topics
# POST /topics.json
def create
@topic = Topic.new(topic_params)
authorize @topic
respond_to do |format|
if @topic.save
format.json { render json: @topic, status: :created }
else
format.json { render json: @topic.errors, status: :unprocessable_entity }
end
end
respond_to do |format|
if @topic.save
format.json { render json: @topic, status: :created }
else
format.json { render json: @topic.errors, status: :unprocessable_entity }
end
end
end
# PUT /topics/1
# PUT /topics/1.json
def update
@topic = Topic.find(params[:id])
# PUT /topics/1
# PUT /topics/1.json
def update
@topic = Topic.find(params[:id])
authorize @topic
respond_to do |format|
if @topic.update_attributes(topic_params)
format.json { head :no_content }
else
format.json { render json: @topic.errors, status: :unprocessable_entity }
end
end
respond_to do |format|
if @topic.update_attributes(topic_params)
format.json { head :no_content }
else
format.json { render json: @topic.errors, status: :unprocessable_entity }
end
end
end
# DELETE topics/:id
def destroy
@current = current_user
@topic = Topic.find(params[:id]).authorize_to_delete(@current)
@topic.delete if @topic
# DELETE topics/:id
def destroy
@topic = Topic.find(params[:id])
authorize @topic
respond_to do |format|
format.json { head :no_content }
end
@topic.delete
respond_to do |format|
format.json { head :no_content }
end
end
private

29
app/models/map.rb
View file

@ -78,36 +78,7 @@ class Map < ActiveRecord::Base
json[:updated_at_clean] = updated_at_str
json
end
##### PERMISSIONS ######
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns false if user not allowed to 'show' Topic, Synapse, or Map
def authorize_to_show(user)
if (self.permission == "private" && self.user != user)
return false
end
return self
end
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
def authorize_to_edit(user)
if !user
return false
elsif (self.permission == "private" && self.user != user)
return false
elsif (self.permission == "public" && self.user != user)
return false
end
return self
end
def decode_base64(imgBase64)
decoded_data = Base64.decode64(imgBase64)

30
app/models/synapse.rb
View file

@ -14,6 +14,10 @@ class Synapse < ActiveRecord::Base
validates :category, inclusion: { in: ['from-to', 'both'], allow_nil: true }
scope :for_topic, ->(topic_id = nil) {
where("node1_id = ? OR node2_id = ?", topic_id, topic_id)
}
# :nocov:
def user_name
user.name
@ -32,30 +36,4 @@ class Synapse < ActiveRecord::Base
end
# :nocov:
##### PERMISSIONS ######
# returns false if user not allowed to 'show' Topic, Synapse, or Map
def authorize_to_show(user)
if (self.permission == "private" && self.user != user)
return false
end
return self
end
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
def authorize_to_edit(user)
if (self.permission == "private" && self.user != user)
return false
elsif (self.permission == "public" && self.user != user)
return false
end
return self
end
def authorize_to_delete(user)
if (self.user == user || user.admin)
return self
end
return false
end
end

34
app/models/topic.rb
View file

@ -41,6 +41,13 @@ class Topic < ActiveRecord::Base
belongs_to :metacode
scope :relatives, ->(topic_id = nil) {
includes(:synapses1)
.includes(:synapses2)
.where('synapses.node1_id = ? OR synapses.node2_id = ?', topic_id, topic_id)
.references(:synapses)
}
def user_name
user.name
end
@ -87,31 +94,4 @@ class Topic < ActiveRecord::Base
end
result
end
##### PERMISSIONS ######
# returns false if user not allowed to 'show' Topic, Synapse, or Map
def authorize_to_show(user)
if (self.permission == "private" && self.user != user)
return false
end
return self
end
# returns false if user not allowed to 'edit' Topic, Synapse, or Map
def authorize_to_edit(user)
if (self.permission == "private" && self.user != user)
return false
elsif (self.permission == "public" && self.user != user)
return false
end
return self
end
def authorize_to_delete(user)
if (self.user == user || user.admin)
return self
end
return false
end
end

61
app/policies/application_policy.rb Normal file
View file

@ -0,0 +1,61 @@
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
false
end
def show?
scope.where(:id => record.id).exists?
end
def create?
false
end
def new?
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
# TODO update this function to enable some flag in the interface
# so that admins usually can't do super admin stuff unless they
# explicitly say they want to (E.g. seeing/editing/deleting private
# maps - they should be able to, but not by accident)
def admin_override
user && user.admin
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
end
end

26
app/policies/main_policy.rb Normal file
View file

@ -0,0 +1,26 @@
class MainPolicy < ApplicationPolicy
def initialize(user, record)
@user = user
@record = nil
end
def home?
true
end
def searchtopics?
true
end
def searchmaps?
true
end
def searchmappers?
true
end
def searchsynapses?
true
end
end

47
app/policies/map_policy.rb Normal file
View file

@ -0,0 +1,47 @@
class MapPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.where('maps.permission IN (?) OR maps.user_id = ?', ["public", "commons"], user.id)
end
end
def activemaps?
user.blank? # redirect to root url if authenticated for some reason
end
def featuredmaps?
true
end
def mymaps?
user.present?
end
def usermaps?
true
end
def show?
record.permission == 'commons' || record.permission == 'public' || record.user == user
end
def contains?
show?
end
def create?
user.present?
end
def update?
user.present? && (record.permission == 'commons' || record.user == user)
end
def screenshot?
update?
end
def destroy?
record.user == user || admin_override
end
end

30
app/policies/mapping_policy.rb Normal file
View file

@ -0,0 +1,30 @@
class MappingPolicy < ApplicationPolicy
class Scope < Scope
def resolve
# TODO base this on the map policy
# it would be nice if we could also base this on the mappable, but that
# gets really complicated. Devin thinks it's OK to SHOW a mapping for
# a private topic, since you can't see the private topic anyways
scope.joins(:maps).where('maps.permission IN (?) OR maps.user_id = ?',
["public", "commons"], user.id)
end
end
def show?
map = Pundit.policy(user, record.map)
mappable = Pundit.policy(user, record.mappable)
map.show? && mappable.show?
end
def create?
Pundit.policy(user, record.map).update?
end
def update?
Pundit.policy(user, record.map).update?
end
def destroy?
record.user == user || admin_override
end
end

24
app/policies/synapse_policy.rb Normal file
View file

@ -0,0 +1,24 @@
class SynapsePolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.where('synapses.permission IN (?) OR synapses.user_id = ?', ["public", "commons"], user.id)
end
end
def create?
user.present?
# todo add validation against whether you can see both topics
end
def show?
record.permission == 'commons' || record.permission == 'public' || record.user == user
end
def update?
user.present? && (record.permission == 'commons' || record.user == user)
end
def destroy?
record.user == user || admin_override
end
end

39
app/policies/topic_policy.rb Normal file
View file

@ -0,0 +1,39 @@
class TopicPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.where('topics.permission IN (?) OR topics.user_id = ?', ["public", "commons"], user.id)
end
end
def create?
user.present?
end
def show?
record.permission == 'commons' || record.permission == 'public' || record.user == user
end
def update?
user.present? && (record.permission == 'commons' || record.user == user)
end
def destroy?
record.user == user || admin_override
end
def autocomplete_topic?
user.present?
end
def network?
show?
end
def relative_numbers?
show?
end
def relatives?
show?
end
end

2
app/views/layouts/application.html.erb
View file

@ -81,7 +81,7 @@
classes += controller_name == "maps" && action_name == "index" ? " explorePage" : ""
if controller_name == "maps" && action_name == "show"
classes += " mapPage"
if @map.authorize_to_edit(current_user)
if policy(@map).update?
classes += " canEditMap"
end
if @map.permission == "commons"

88
app/views/main/home.html.erb
View file

@ -2,52 +2,42 @@
# @file
# Located at /
# Shows 3 most recently created topics, synapses, and maps.
#%>
<% if !authenticated? %>
<% content_for :title, "Home | Metamaps" %>
<div id="yield">
<div class="homeWrapper homeText">
<div class="homeTitle">Make Sense with Metamaps</div>
<div class="homeIntro">
<span class="green din-medium">METAMAPS.CC</span> is a free and open source platform that supports real-time sense-making, distributed collaboration, and the creative intelligence of individuals, organizations and communities. We are currently in an <span class="din-medium">invite-only beta.</span>
</div>
</div>
<div class="fullWidthWrapper withVideo">
<div class="homeWrapper">
<iframe class="homeVideo" src="//player.vimeo.com/video/113154814" width="560" height="315" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
<div class="callToAction">
<h3>Who finds it useful?</h3>
<p>Designers, inventors, artists, educators, strategists, consultants, facilitators, entrepreneurs, systems thinkers, changemakers, analysts, students, researchers... maybe you!</p>
<button type="button" class="button learnMoreCTA" onclick="Metamaps.GlobalUI.openLightbox('about');">LEARN MORE</button>
<a href="/explore/featured" class="exploreFeaturedCTA">EXPLORE FEATURED MAPS</a>
<a href="/request" class="requestInviteCTA" data-bypass="true">REQUEST INVITE</a>
</div>
<div class="clearfloat"></div>
</div>
</div>
<div class="fullWidthWrapper withPartners">
<div class="homeWrapper homePartners">
<% # our partners %>
</div>
</div>
</div><!-- end yield -->
<div class="github-fork-ribbon-wrapper right-bottom">
<div class="github-fork-ribbon">
<a href="https://github.com/metamaps/metamaps_gen002" target="_blank">Fork me on GitHub</a>
</div>
</div>
<script>
Metamaps.currentSection = "";
Metamaps.currentPage = "";
</script>
<% elsif authenticated? %>
<% content_for :title, "Explore Active Maps | Metamaps" %>
<script>
Metamaps.Maps.Active = <%= @maps.to_json.html_safe %>;
Metamaps.currentSection = "";
Metamaps.currentPage = "";
Metamaps.GlobalUI.Search.open();
Metamaps.GlobalUI.Search.lock();
</script>
<% end %>
#
%>
<% content_for :title, "Home | Metamaps" %>
<div id="yield">
<div class="homeWrapper homeText">
<div class="homeTitle">Make Sense with Metamaps</div>
<div class="homeIntro">
<span class="green din-medium">METAMAPS.CC</span> is a free and open source platform that supports real-time sense-making, distributed collaboration, and the creative intelligence of individuals, organizations and communities. We are currently in an <span class="din-medium">invite-only beta.</span>
</div>
</div>
<div class="fullWidthWrapper withVideo">
<div class="homeWrapper">
<iframe class="homeVideo" src="https://player.vimeo.com/video/113154814" width="560" height="315" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
<div class="callToAction">
<h3>Who finds it useful?</h3>
<p>Designers, inventors, artists, educators, strategists, consultants, facilitators, entrepreneurs, systems thinkers, changemakers, analysts, students, researchers... maybe you!</p>
<button type="button" class="button learnMoreCTA" onclick="Metamaps.GlobalUI.openLightbox('about');">LEARN MORE</button>
<a href="/explore/featured" class="exploreFeaturedCTA">EXPLORE FEATURED MAPS</a>
<a href="/request" class="requestInviteCTA" data-bypass="true">REQUEST INVITE</a>
</div>
<div class="clearfloat"></div>
</div>
</div>
<div class="fullWidthWrapper withPartners">
<div class="homeWrapper homePartners">
<% # our partners %>
</div>
</div>
</div><!-- end yield -->
<div class="github-fork-ribbon-wrapper right-bottom">
<div class="github-fork-ribbon">
<a href="https://github.com/metamaps/metamaps_gen002" target="_blank">Fork me on GitHub</a>
</div>
</div>
<script>
Metamaps.currentSection = "";
Metamaps.currentPage = "";
</script>

4
app/views/maps/_mapinfobox.html.erb
View file

@ -4,7 +4,7 @@
#%>
<div class="mapInfoBox mapElement mapElementHidden permission
<%= @map && @map.user == user ? " yourMap" : "" %>
<%= @map && @map.authorize_to_edit(user) ? " canEdit" : "" %>
<%= @map && policy(@map).update? ? " canEdit" : "" %>
<%= @map && @map.permission != 'private' ? " shareable" : "" %>">
<% if @map %>
@ -41,7 +41,7 @@
</div>
<div class="mapInfoDesc" id="mapInfoDesc">
<% if (authenticated? && @map.authorize_to_edit(user)) || (!authenticated? && @map.desc != "" && @map.desc != nil )%>
<% if (authenticated? && policy(@map).update?) || (!authenticated? && @map.desc != "" && @map.desc != nil )%>
<%= best_in_place @map, :desc, :activator => "#mapInfoDesc", :as => :textarea, :placeholder => "Click to add description...", :class => 'best_in_place_desc' %>
<% end %>
</div>

15
app/views/maps/activemaps.html.erb Normal file
View file

@ -0,0 +1,15 @@
<% #
# @file
# Shows a list of recently active maps
# GET /explore/active(.:format)
# %>
<script>
Metamaps.Maps.Active = <%= @maps.to_json.html_safe %>;
Metamaps.currentPage = "active";
<% content_for :title, "Explore Active Maps | Metamaps" %>
Metamaps.currentSection = "explore";
Metamaps.GlobalUI.Search.isOpen = true;
Metamaps.GlobalUI.Search.lock();
</script>

15
app/views/maps/featuredmaps.html.erb Normal file
View file

@ -0,0 +1,15 @@
<% #
# @file
# Shows a list of featured maps
# GET /explore/featured(.:format)
# %>
<script>
Metamaps.Maps.Featured = <%= @maps.to_json.html_safe %>;
Metamaps.currentPage = "featured";
<% content_for :title, "Explore Featured Maps | Metamaps" %>
Metamaps.currentSection = "explore";
Metamaps.GlobalUI.Search.isOpen = true;
Metamaps.GlobalUI.Search.lock();
</script>

38
app/views/maps/index.html.erb
View file

@ -1,38 +0,0 @@
<% #
# @file
# Shows a list of all maps, or just a user's maps.
# GET /explore/active(.:format)
# GET /explore/featured(.:format)
# GET /explore/mine(.:format)
# GET /explore/mapper/:id(.:format)
# GET /maps(.:format)
# %>
<script>
<% if @request == "you" %>
Metamaps.Maps.Mine = <%= @maps.to_json.html_safe %>;
Metamaps.currentPage = "mine";
<% content_for :title, "Explore My Maps | Metamaps" %>
<% elsif @request == "featured" %>
Metamaps.Maps.Featured = <%= @maps.to_json.html_safe %>;
Metamaps.currentPage = "featured";
<% content_for :title, "Explore Featured Maps | Metamaps" %>
<% elsif @request == "active" %>
Metamaps.Maps.Active = <%= @maps.to_json.html_safe %>;
Metamaps.currentPage = "active";
<% content_for :title, "Explore Active Maps | Metamaps" %>
<% elsif @request == "mapper" %>
Metamaps.Maps.Mapper = {
models: <%= @maps.to_json.html_safe %>,
id: <%= params[:id] %>
};
Metamaps.currentPage = "mapper";
<% content_for :title, @user.name + " | Metamaps" %>
<% end %>
Metamaps.currentSection = "explore";
Metamaps.GlobalUI.Search.isOpen = true;
Metamaps.GlobalUI.Search.lock();
</script>

15
app/views/maps/mymaps.html.erb Normal file
View file

@ -0,0 +1,15 @@
<% #
# @file
# Shows a list of current user's maps
# GET /explore/mine(.:format)
# %>
<script>
Metamaps.Maps.Mine = <%= @maps.to_json.html_safe %>;
Metamaps.currentPage = "mine";
<% content_for :title, "Explore My Maps | Metamaps" %>
Metamaps.currentSection = "explore";
Metamaps.GlobalUI.Search.isOpen = true;
Metamaps.GlobalUI.Search.lock();
</script>

18
app/views/maps/usermaps.html.erb Normal file
View file

@ -0,0 +1,18 @@
<% #
# @file
# Shows a list of a user's maps
# GET /explore/mapper/:id(.:format)
# %>
<script>
Metamaps.Maps.Mapper = {
models: <%= @maps.to_json.html_safe %>,
id: <%= params[:id] %>
};
Metamaps.currentPage = "mapper";
<% content_for :title, @user.name + " | Metamaps" %>
Metamaps.currentSection = "explore";
Metamaps.GlobalUI.Search.isOpen = true;
Metamaps.GlobalUI.Search.lock();
</script>

3
config/application.rb
View file

@ -53,5 +53,8 @@ module Metamaps
g.test_framework :rspec
end
config.active_record.raise_in_transactional_callbacks = true
# pundit errors return 403 FORBIDDEN
config.action_dispatch.rescue_responses["Pundit::NotAuthorizedError"] = :forbidden
end
end

11
config/routes.rb
View file

@ -20,11 +20,12 @@ Metamaps::Application.routes.draw do
get 'topics/:id/relative_numbers', to: 'topics#relative_numbers', as: :relative_numbers
get 'topics/:id/relatives', to: 'topics#relatives', as: :relatives
get 'explore/active', to: 'maps#index', as: :activemaps
get 'explore/featured', to: 'maps#index', as: :featuredmaps
get 'explore/mine', to: 'maps#index', as: :mymaps
get 'explore/mapper/:id', to: 'maps#index', as: :usermaps
resources :maps, except: [:new, :edit]
resources :maps, except: [:index, :new, :edit]
get 'explore/active', to: 'maps#activemaps'
get 'explore/featured', to: 'maps#featuredmaps'
get 'explore/mine', to: 'maps#mymaps'
get 'explore/mapper/:id', to: 'maps#usermaps'
get 'maps/:id/contains', to: 'maps#contains', as: :contains
post 'maps/:id/upload_screenshot', to: 'maps#screenshot', as: :screenshot

2
spec/controllers/maps_controller_spec.rb
View file

@ -10,7 +10,7 @@ RSpec.describe MapsController, type: :controller do
describe 'GET #index' do
it 'viewable maps as @maps' do
get :index, {}
get :activemaps
expect(assigns(:maps)).to eq([map])
end
end

97
spec/policies/map_policy_spec.rb Normal file
View file

@ -0,0 +1,97 @@
require 'rails_helper'
RSpec.describe MapPolicy, type: :policy do
subject { described_class }
context 'unauthenticated' do
context 'commons' do
let(:map) { create(:map, permission: :commons) }
permissions :show? do
it 'can view' do
expect(subject).to permit(nil, map)
end
end
permissions :create?, :update?, :destroy? do
it 'can not modify' do
expect(subject).to_not permit(nil, map)
end
end
end
context 'private' do
let(:map) { create(:map, permission: :private) }
permissions :show?, :create?, :update?, :destroy? do
it 'can not view or modify' do
expect(subject).to_not permit(nil, map)
end
end
end
end
#
# Now begin the logged-in tests
#
context 'logged in' do
let(:user) { create(:user) }
context 'commons' do
let(:owner) { create(:user) }
let(:map) { create(:map, permission: :commons, user: owner) }
permissions :show?, :create?, :update? do
it 'can view and modify' do
expect(subject).to permit(user, map)
end
end
permissions :destroy? do
it 'can not destroy' do
expect(subject).to_not permit(user, map)
end
it 'owner can destroy' do
expect(subject).to permit(owner, map)
end
end
end
context 'public' do
let(:owner) { create(:user) }
let(:map) { create(:map, permission: :public, user: owner) }
permissions :show? do
it 'can view' do
expect(subject).to permit(user, map)
end
end
permissions :create? do
it 'can create' do
expect(subject).to permit(user, map)
end
end
permissions :update?, :destroy? do
it 'can not update/destroy' do
expect(subject).to_not permit(user, map)
end
it 'owner can update/destroy' do
expect(subject).to permit(owner, map)
end
end
end
context 'private' do
let(:owner) { create(:user) }
let(:map) { create(:map, permission: :private, user: owner) }
permissions :create? do
it 'can create' do
expect(subject).to permit(user, map)
end
end
permissions :show?, :update?, :destroy? do
it 'can not view or modify' do
expect(subject).to_not permit(user, map)
end
it 'owner can view and modify' do
expect(subject).to permit(owner, map)
end
end
end
end
end

1
spec/spec_helper.rb
View file

@ -1,5 +1,6 @@
require 'simplecov'
require 'support/controller_helpers'
require 'pundit/rspec'
RSpec.configure do |config|
config.expect_with :rspec do |expectations|