From 75373932eb201ee00de31b68227e2ee3fb78fb41 Mon Sep 17 00:00:00 2001
From: Giovanne Marcelo <gms15@inf.ufpr.br>
Date: Thu, 10 Mar 2016 10:49:36 -0300
Subject: [PATCH] Adding institutions, complaints and users policies

---
 app/controllers/complaints_controller.rb   |  9 +++++++++
 app/controllers/institutions_controller.rb |  8 ++++++++
 app/controllers/reviews_controller.rb      | 10 ++++++++++
 app/policies/collection_policy.rb          |  1 -
 app/policies/complaint_policy.rb           |  6 ++++++
 app/policies/institution_policy.rb         | 19 +++++++++++++++++++
 app/policies/review_policy.rb              | 22 ++++++++++++++++++++++
 app/policies/user_policy.rb                | 17 +++++++++++++++++
 8 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 app/policies/complaint_policy.rb
 create mode 100644 app/policies/institution_policy.rb
 create mode 100644 app/policies/review_policy.rb
 create mode 100644 app/policies/user_policy.rb

diff --git a/app/controllers/complaints_controller.rb b/app/controllers/complaints_controller.rb
index ac99a7f9..c83724f2 100644
--- a/app/controllers/complaints_controller.rb
+++ b/app/controllers/complaints_controller.rb
@@ -1,4 +1,7 @@
 class ComplaintsController < ApplicationController
+  include Pundit
+
+  before_action :authorize_action
   before_action :authenticate_user!
 
   def create
@@ -20,4 +23,10 @@ class ComplaintsController < ApplicationController
   def complaint_params
     params.require(:complaint).permit(:complaintable_id, :complaintable_type, :complaint_reason_id, :description)
   end
+
+  def authorize_action
+    @complaint ||= Complaint.new(complaint_params)
+    authorize @complaint
+  end
+
 end
diff --git a/app/controllers/institutions_controller.rb b/app/controllers/institutions_controller.rb
index 645cc37c..0496cd65 100644
--- a/app/controllers/institutions_controller.rb
+++ b/app/controllers/institutions_controller.rb
@@ -1,5 +1,8 @@
 class InstitutionsController < ApplicationController
+  include Pundit
+
   before_action :set_institution, only: [:show, :edit, :update, :destroy, :like, :users]
+  before_action :authorize_action
 
   # GET /institutions
   # GET /institutions.json
@@ -72,4 +75,9 @@ class InstitutionsController < ApplicationController
     params[:institution_object]
   end
 
+  def authorize_action
+    @institution ||= Institution.new
+    authorize @institution
+  end
+
 end
diff --git a/app/controllers/reviews_controller.rb b/app/controllers/reviews_controller.rb
index 35145a8a..1782a404 100644
--- a/app/controllers/reviews_controller.rb
+++ b/app/controllers/reviews_controller.rb
@@ -1,6 +1,10 @@
 class ReviewsController < ApplicationController
+  include Pundit
+
   before_action :authenticate_user!, except: [:show, :list]
   before_action :set_review, only: [:show, :destroy]
+  before_action :authorize_action
+
 
   def list
     if !params[:learning_object_id].blank?
@@ -81,4 +85,10 @@ class ReviewsController < ApplicationController
     when 'false' then false
     end
   end
+
+  def authorize_action
+    @review||= Review.new
+    authorize @review
+  end
+
 end
diff --git a/app/policies/collection_policy.rb b/app/policies/collection_policy.rb
index c498afe1..ecb2a483 100644
--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -35,5 +35,4 @@ class CollectionPolicy < ApplicationPolicy
   def owner
     record.owner
   end
-
 end
diff --git a/app/policies/complaint_policy.rb b/app/policies/complaint_policy.rb
new file mode 100644
index 00000000..81482c38
--- /dev/null
+++ b/app/policies/complaint_policy.rb
@@ -0,0 +1,6 @@
+class ComplaintPolicy < ApplicationPolicy
+
+  def create?
+    record if user_exists?
+  end
+end
diff --git a/app/policies/institution_policy.rb b/app/policies/institution_policy.rb
new file mode 100644
index 00000000..cac5c618
--- /dev/null
+++ b/app/policies/institution_policy.rb
@@ -0,0 +1,19 @@
+class InstitutionPolicy < ApplicationPolicy
+
+  def create?
+    record if user.is_admin?
+  end
+
+  def update?
+    record if user.is_admin?
+  end
+
+  def index?
+    record if user.is_admin?
+  end
+
+  def destroy?
+    record if user.is_admin?
+  end
+
+end
diff --git a/app/policies/review_policy.rb b/app/policies/review_policy.rb
new file mode 100644
index 00000000..1ddb5e9c
--- /dev/null
+++ b/app/policies/review_policy.rb
@@ -0,0 +1,22 @@
+class ReviewPolicy < ApplicationPolicy
+
+  def create?
+    record if user_exists?
+  end
+
+  def update?
+    record if owns?
+  end
+
+  def destroy?
+    record if owns?
+  end
+
+  def rate?
+    record if user_exists?
+  end
+
+  def owner
+    record.users
+  end
+end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
new file mode 100644
index 00000000..5fc8e584
--- /dev/null
+++ b/app/policies/user_policy.rb
@@ -0,0 +1,17 @@
+class UserPolicy < ApplicationPolicy
+  def show?
+    record if user_exists?
+  end
+
+  def list?
+    record
+  end
+
+  def follow?
+    record if user_exists?
+  end
+
+  def unfollow?
+    record if user_exists?
+  end
+end
-- 
GitLab