d1680c1895
when the topic or synapse no longer appears on any maps, and this can currently only be performed over the api
67 lines
1.5 KiB
Ruby
67 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
class SynapsePolicy < ApplicationPolicy
|
|
class Scope < Scope
|
|
def resolve
|
|
return scope.where(permission: %w(public commons)) unless user
|
|
|
|
scope.where(permission: %w(public commons))
|
|
.or(scope.where(defer_to_map_id: user.all_accessible_maps.map(&:id)))
|
|
.or(scope.where(user_id: user.id))
|
|
end
|
|
end
|
|
|
|
def index?
|
|
true # really only for the API. should be policy scoped!
|
|
end
|
|
|
|
def create?
|
|
if record.try(:topic1) && record.try(:topic2)
|
|
topic1_show? && topic2_show? && user.present?
|
|
else
|
|
# allows us to use policy(Synapse).create?
|
|
user.present?
|
|
end
|
|
end
|
|
|
|
def show?
|
|
topic1_show? && topic2_show? && synapse_show?
|
|
end
|
|
|
|
def update?
|
|
if !user.present?
|
|
false
|
|
elsif record.defer_to_map.present?
|
|
map_policy.update?
|
|
else
|
|
record.permission == 'commons' || record.user == user
|
|
end
|
|
end
|
|
|
|
def destroy?
|
|
record.mappings.empty? && (record.user == user || admin_override)
|
|
end
|
|
|
|
# Helpers
|
|
|
|
def map_policy
|
|
@map_policy ||= Pundit.policy(user, record.defer_to_map)
|
|
end
|
|
|
|
def topic1_show?
|
|
@topic1_policy ||= Pundit.policy(user, record.topic1)
|
|
@topic1_policy&.show?
|
|
end
|
|
|
|
def topic2_show?
|
|
@topic2_policy ||= Pundit.policy(user, record.topic2)
|
|
@topic2_policy&.show?
|
|
end
|
|
|
|
def synapse_show?
|
|
if record.defer_to_map.present?
|
|
map_policy&.show?
|
|
else
|
|
record.permission == 'commons' || record.permission == 'public' || record.user == user
|
|
end
|
|
end
|
|
end
|