From 9773e3591da37fcf69960e7d42095b8ceead19c3 Mon Sep 17 00:00:00 2001
From: Clarissa <cdp13@inf.ufpr.br>
Date: Tue, 28 Nov 2017 10:36:44 -0200
Subject: [PATCH] SCRUM#283: created and updated policies for scores and
 languages

---
 app/controllers/v1/languages_controller.rb |  7 ++++
 app/controllers/v1/scores_controller.rb    |  9 +++--
 app/policies/score_policy.rb               | 40 ++++++++++++++++++++++
 3 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 app/policies/score_policy.rb

diff --git a/app/controllers/v1/languages_controller.rb b/app/controllers/v1/languages_controller.rb
index ce098797..ebd2e3fc 100644
--- a/app/controllers/v1/languages_controller.rb
+++ b/app/controllers/v1/languages_controller.rb
@@ -22,6 +22,7 @@ class V1::LanguagesController < ApplicationController
 
   before_action :authenticate_user!, except: [:index, :show]
   before_action :set_language, only: [:show, :update, :destroy]
+  before_action :authorize!, only: [:update, :destroy]
 
   # GET /languages
   # GET /languages.json
@@ -40,6 +41,7 @@ class V1::LanguagesController < ApplicationController
   # POST /languages.json
   def create
     @language = Language.new(language_params)
+    authorize @language
 
     if @language.save
       render json: @language, status: :created
@@ -77,4 +79,9 @@ class V1::LanguagesController < ApplicationController
   def language_params
     params.require(:language).permit(:name, :code)
   end
+
+  def authorize!
+    authorize @language
+  end
+
 end
diff --git a/app/controllers/v1/scores_controller.rb b/app/controllers/v1/scores_controller.rb
index 578d2d50..cbe8ff40 100644
--- a/app/controllers/v1/scores_controller.rb
+++ b/app/controllers/v1/scores_controller.rb
@@ -20,8 +20,9 @@
 class V1::ScoresController < ApplicationController
   include ::Paginator
 
-  before_action :set_score, only: [:show,:update]
   before_action :authenticate_user!, only: [:update]
+  before_action :set_score, only: [:show, :update]
+  before_action :authorize!, only: [:update]
 
   # GET v1/scores
   # GET v1/scores.json
@@ -41,7 +42,7 @@ class V1::ScoresController < ApplicationController
   # PUT/PATCH /v1/scores/1.json
   def update
     if @score.update(score_params)
-      render json: @score, status: :ok
+      render json: @score, status: :ok, :notice => "Score updated."
     else
       render json: @score.errors, status: :unprocessable_entity
     end
@@ -57,4 +58,8 @@ class V1::ScoresController < ApplicationController
     params.require(:score).permit(:name, :weight, :active, score_type: [])
   end
 
+  def authorize!
+    authorize @score
+  end
+
 end
diff --git a/app/policies/score_policy.rb b/app/policies/score_policy.rb
new file mode 100644
index 00000000..8f837df3
--- /dev/null
+++ b/app/policies/score_policy.rb
@@ -0,0 +1,40 @@
+
+# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
+# Departamento de Informatica - Universidade Federal do Parana
+#
+# This file is part of portalmec.
+#
+# portalmec is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# portalmec is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with portalmec.  If not, see <http://www.gnu.org/licenses/>.
+
+class ScorePolicy < ApplicationPolicy
+  def index?
+    record
+  end
+
+  def show?
+    record
+  end
+
+  def create?
+    record if user.is_admin?
+  end
+
+  def update?
+    record if user.is_admin?
+  end
+
+  def destroy?
+    record if user.is_admin?
+  end
+end
-- 
GitLab