Adding institutions, complaints and users policies

75373932 · Giovanne Marcelo · 422f608f · 75373932 · 75373932 · 75373932
Commit 75373932 authored 9 years ago by Giovanne Marcelo
--- a/app/controllers/complaints_controller.rb
+++ b/app/controllers/complaints_controller.rb
 class ComplaintsController < ApplicationController
+  include Pundit
+
+  before_action :authorize_action
  before_action :authenticate_user!

  def create
@@ -20,4 +23,10 @@ class ComplaintsController < ApplicationController
  def complaint_params
    params.require(:complaint).permit(:complaintable_id, :complaintable_type, :complaint_reason_id, :description)
  end
+
+  def authorize_action
+    @complaint ||= Complaint.new(complaint_params)
+    authorize @complaint
+  end
+
 end
--- a/app/controllers/institutions_controller.rb
+++ b/app/controllers/institutions_controller.rb
 class InstitutionsController < ApplicationController
+  include Pundit
+
  before_action :set_institution, only: [:show, :edit, :update, :destroy, :like, :users]
+  before_action :authorize_action

  # GET /institutions
  # GET /institutions.json
@@ -72,4 +75,9 @@ class InstitutionsController < ApplicationController
    params[:institution_object]
  end

+  def authorize_action
+    @institution ||= Institution.new
+    authorize @institution
+  end
+
 end
--- a/app/controllers/reviews_controller.rb
+++ b/app/controllers/reviews_controller.rb
 class ReviewsController < ApplicationController
+  include Pundit
+
  before_action :authenticate_user!, except: [:show, :list]
  before_action :set_review, only: [:show, :destroy]
+  before_action :authorize_action
+

  def list
    if !params[:learning_object_id].blank?
@@ -81,4 +85,10 @@ class ReviewsController < ApplicationController
    when 'false' then false
    end
  end
+
+  def authorize_action
+    @review||= Review.new
+    authorize @review
+  end
+
 end
--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -35,5 +35,4 @@ class CollectionPolicy < ApplicationPolicy
  def owner
    record.owner
  end
-
 end
--- a/app/policies/complaint_policy.rb
+++ b/app/policies/complaint_policy.rb
+class ComplaintPolicy < ApplicationPolicy
+
+  def create?
+    record if user_exists?
+  end
+end
--- a/app/policies/institution_policy.rb
+++ b/app/policies/institution_policy.rb
+class InstitutionPolicy < ApplicationPolicy
+
+  def create?
+    record if user.is_admin?
+  end
+
+  def update?
+    record if user.is_admin?
+  end
+
+  def index?
+    record if user.is_admin?
+  end
+
+  def destroy?
+    record if user.is_admin?
+  end
+
+end
--- a/app/policies/review_policy.rb
+++ b/app/policies/review_policy.rb
+class ReviewPolicy < ApplicationPolicy
+
+  def create?
+    record if user_exists?
+  end
+
+  def update?
+    record if owns?
+  end
+
+  def destroy?
+    record if owns?
+  end
+
+  def rate?
+    record if user_exists?
+  end
+
+  def owner
+    record.users
+  end
+end
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
+class UserPolicy < ApplicationPolicy
+  def show?
+    record if user_exists?
+  end
+
+  def list?
+    record
+  end
+
+  def follow?
+    record if user_exists?
+  end
+
+  def unfollow?
+    record if user_exists?
+  end
+end