3843cab643
* update Gemfile to rails 5 and ruby 2.3.0 * fiddle with javascripts and add sprockets manifest file * update config directory for rails 5 * fix some errors with controllers/serializers * fix travis and rspec * new serializers renamed to serializers * module Api::V1 * reusable embedding code * add index/collections/paging. overriding most of snorlax now |:) * raml api documentation + rspec tests to verify schemas/examples * add sorting by ?sort and searching by ?q. Add pagination Link headers * api v1 => v2 * fill out synapse api * alphabetize map policy * fix page thing * fill out maps api * formParameters => properties, and fiddle with map api * more raml 1.0 stuff i'm learning about * deprecate v1 api * rails 5 uses ApplicationRecord class for app-wide model config * Update topic spec for api v2 * workaround for user_preference.rb issue * get ready for token api docs. also TODO is mapping api docs * spec out mapping api * map/mapping/synapse spec, plus other bugs * awesome, token specs/apis are done * add sanity checks to the api tests * more cleanup * devise fix * fix starred map error
80 lines
1.3 KiB
Ruby
80 lines
1.3 KiB
Ruby
class MapPolicy < ApplicationPolicy
|
|
class Scope < Scope
|
|
def resolve
|
|
visible = %w(public commons)
|
|
permission = 'maps.permission IN (?)'
|
|
if user
|
|
shared_maps = user.shared_maps.map(&:id)
|
|
scope.where(permission + ' OR maps.id IN (?) OR maps.user_id = ?', visible, shared_maps, user.id)
|
|
else
|
|
scope.where(permission, visible)
|
|
end
|
|
end
|
|
end
|
|
|
|
def index?
|
|
true
|
|
end
|
|
|
|
def show?
|
|
record.permission == 'commons' || record.permission == 'public' || record.collaborators.include?(user) || record.user == user
|
|
end
|
|
|
|
def create?
|
|
user.present?
|
|
end
|
|
|
|
def update?
|
|
user.present? && (record.permission == 'commons' || record.collaborators.include?(user) || record.user == user)
|
|
end
|
|
|
|
def destroy?
|
|
record.user == user || admin_override
|
|
end
|
|
|
|
def access?
|
|
# note that this is to edit access
|
|
user.present? && record.user == user
|
|
end
|
|
|
|
def activemaps?
|
|
user.blank? # redirect to root url if authenticated for some reason
|
|
end
|
|
|
|
def contains?
|
|
show?
|
|
end
|
|
|
|
def events?
|
|
show?
|
|
end
|
|
|
|
def export?
|
|
show?
|
|
end
|
|
|
|
def featuredmaps?
|
|
true
|
|
end
|
|
|
|
def mymaps?
|
|
user.present?
|
|
end
|
|
|
|
def star?
|
|
unstar?
|
|
end
|
|
|
|
def unstar?
|
|
user.present?
|
|
end
|
|
|
|
def screenshot?
|
|
update?
|
|
end
|
|
|
|
def usermaps?
|
|
true
|
|
end
|
|
end
|