From 9f0b788bfac83ad34f49bbeab2a66db65b9dd7d8 Mon Sep 17 00:00:00 2001
From: Marcela Ribeiro de Oliveira <mro15@inf.ufpr.br>
Date: Wed, 14 Jun 2017 11:49:20 -0300
Subject: [PATCH] change publisher controller to only an curator user can
 publish

---
 app/controllers/concerns/submission_controller.rb           | 2 +-
 app/controllers/v1/learning_objects/publishes_controller.rb | 2 +-
 app/policies/learning_object_policy.rb                      | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/controllers/concerns/submission_controller.rb b/app/controllers/concerns/submission_controller.rb
index a6099958..3bb83748 100644
--- a/app/controllers/concerns/submission_controller.rb
+++ b/app/controllers/concerns/submission_controller.rb
@@ -25,7 +25,7 @@ module SubmissionController
     private
 
     def submitted
-        return @learning_object.state == "submitted"
+        return @learning_object.submitted?
     end
 
     def set_new_submission
diff --git a/app/controllers/v1/learning_objects/publishes_controller.rb b/app/controllers/v1/learning_objects/publishes_controller.rb
index 2686c5eb..d836d190 100644
--- a/app/controllers/v1/learning_objects/publishes_controller.rb
+++ b/app/controllers/v1/learning_objects/publishes_controller.rb
@@ -20,7 +20,7 @@ class V1::LearningObjects::PublishesController < ApplicationController
   end
 
   def authorize!
-    authorize(@learning_object || LearningObject.new, :update?)
+    authorize(@learning_object, :publish?)
   end
 
   # Never trust parameters from the scary internet, only allow the white list through.
diff --git a/app/policies/learning_object_policy.rb b/app/policies/learning_object_policy.rb
index 2eb063b8..70dd4d64 100644
--- a/app/policies/learning_object_policy.rb
+++ b/app/policies/learning_object_policy.rb
@@ -26,6 +26,10 @@ class LearningObjectPolicy < ApplicationPolicy
     record if owns?
   end
 
+  def publish?
+    record if user_can_curate? && record.submitted?
+  end
+
   def destroy?
     record if owns?
   end
-- 
GitLab