From 729894bb06a8f8e5dcee3e4ac17743926b04efed Mon Sep 17 00:00:00 2001
From: Israel Barreto Sant'Anna <ibsa14@inf.ufpr.br>
Date: Tue, 7 Feb 2017 10:41:24 -0200
Subject: [PATCH] Changed publisher controller to show public collections and
learning objects to all users
Signed-off-by: Israel Barreto Sant'Anna <ibsa14@inf.ufpr.br>
---
.../concerns/publisher_controller.rb | 20 +++++++++----------
app/policies/publisher_policy.rb | 17 ++++++++++------
app/policies/user_policy.rb | 2 ++
3 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/app/controllers/concerns/publisher_controller.rb b/app/controllers/concerns/publisher_controller.rb
index 3b1ada12..cb8e6745 100644
--- a/app/controllers/concerns/publisher_controller.rb
+++ b/app/controllers/concerns/publisher_controller.rb
@@ -2,43 +2,43 @@ module PublisherController
extend ActiveSupport::Concern
included do
- before_action :authenticate_user!, only: [:show_all_drafts, :show_all_learning_objects, :show_all_collections, :show_liked_learning_objects, :show_liked_collections]
+ before_action :authenticate_user!, only: [:show_all_drafts, :show_liked_learning_objects, :show_liked_collections]
+ before_action :set_publisher
+ before_action -> { authorize @publisher }, only: [:show_all_drafts, :show_liked_learning_objects, :show_liked_collections]
end
def show_all_drafts
- render json: LearningObject.where(publisher: publisher, state: LearningObject.states[:draft])
+ render json: LearningObject.where(publisher: @publisher, state: LearningObject.states[:draft])
end
# GET /v1/users/1/learning_objects
def show_all_learning_objects
- render json: LearningObject.where(publisher: publisher, state: LearningObject.states[:published])
+ render json: LearningObject.where(publisher: @publisher, state: LearningObject.states[:published])
end
def show_all_collections
- render json: Collection.where(owner: publisher)
+ render json: ::UserPolicy::Scope.new(current_user,Collection).resolve.where(owner: @publisher)
end
def show_liked_learning_objects
includes = [:taggings, :tags, :subject_relations, :subjects, :stage_relations, :educational_stages, :publisher, :language, :license]
render json: LearningObject.includes(includes).find(
- Like.where(user: publisher, likeable_type: 'LearningObject').pluck(:likeable_id)
+ Like.where(user: @publisher, likeable_type: 'LearningObject').pluck(:likeable_id)
)
end
def show_liked_collections
render json: Collection.find(
- Like.where(user: publisher, likeable_type: 'Collection').pluck(:likeable_id)
+ Like.where(user: @publisher, likeable_type: 'Collection').pluck(:likeable_id)
)
end
protected
- def publisher
+ def set_publisher
user, id = request.path.split('/')[2, 3]
return nil unless %w(users institutions).include? user
publisher_model = user.singularize.classify.constantize
- publisher = publisher_model.find(id)
- authorize publisher
- publisher
+ @publisher = publisher_model.find(id)
end
end
diff --git a/app/policies/publisher_policy.rb b/app/policies/publisher_policy.rb
index f0c8dc94..0eee7781 100644
--- a/app/policies/publisher_policy.rb
+++ b/app/policies/publisher_policy.rb
@@ -1,13 +1,18 @@
module PublisherPolicy
- def show_all_drafts?
- record if same_user? || user.is_admin?
- end
- def show_all_learning_objects?
- record if same_user? || user.is_admin?
+ class Scope < ApplicationPolicy::Scope
+ def resolve
+ if user.nil?
+ scope.where(privacy: 'public')
+ elsif user.is_admin? || same_user?
+ scope.all
+ else
+ scope.where(privacy: 'public')
+ end
+ end
end
- def show_all_collections?
+ def show_all_drafts?
record if same_user? || user.is_admin?
end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 424a0a68..2f6bfdda 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -2,6 +2,8 @@ class UserPolicy < ApplicationPolicy
include FollowablePolicy
include PublisherPolicy
+ class Scope < PublisherPolicy::Scope; end
+
def create?
user.is_admin?
end
--
GitLab