metamaps--metamaps/app/policies/map_policy.rb
Devin Howard 3843cab643 rails 5 + api v2 + raml api docs (#593)
* update Gemfile to rails 5 and ruby 2.3.0

* fiddle with javascripts and add sprockets manifest file

* update config directory for rails 5

* fix some errors with controllers/serializers

* fix travis and rspec

* new serializers renamed to serializers

* module Api::V1

* reusable embedding code

* add index/collections/paging. overriding most of snorlax now |:)

* raml api documentation + rspec tests to verify schemas/examples

* add sorting by ?sort and searching by ?q. Add pagination Link headers

* api v1 => v2

* fill out synapse api

* alphabetize map policy

* fix page thing

* fill out maps api

* formParameters => properties, and fiddle with map api

* more raml 1.0 stuff i'm learning about

* deprecate v1 api

* rails 5 uses ApplicationRecord class for app-wide model config

* Update topic spec for api v2

* workaround for user_preference.rb issue

* get ready for token api docs. also TODO is mapping api docs

* spec out mapping api

* map/mapping/synapse spec, plus other bugs

* awesome, token specs/apis are done

* add sanity checks to the api tests

* more cleanup

* devise fix

* fix starred map error
2016-09-21 13:22:40 -04:00

79 lines
1.3 KiB
Ruby

class MapPolicy < ApplicationPolicy
class Scope < Scope
def resolve
visible = %w(public commons)
permission = 'maps.permission IN (?)'
if user
shared_maps = user.shared_maps.map(&:id)
scope.where(permission + ' OR maps.id IN (?) OR maps.user_id = ?', visible, shared_maps, user.id)
else
scope.where(permission, visible)
end
end
end
def index?
true
end
def show?
record.permission == 'commons' || record.permission == 'public' || record.collaborators.include?(user) || record.user == user
end
def create?
user.present?
end
def update?
user.present? && (record.permission == 'commons' || record.collaborators.include?(user) || record.user == user)
end
def destroy?
record.user == user || admin_override
end
def access?
# note that this is to edit access
user.present? && record.user == user
end
def activemaps?
user.blank? # redirect to root url if authenticated for some reason
end
def contains?
show?
end
def events?
show?
end
def export?
show?
end
def featuredmaps?
true
end
def mymaps?
user.present?
end
def star?
unstar?
end
def unstar?
user.present?
end
def screenshot?
update?
end
def usermaps?
true
end
end