fix institutional collections user validations

b58deb9a · Mateus Rambo Strey · 8699fcd9 · b58deb9a · b58deb9a
Commit b58deb9a authored 9 years ago by Mateus Rambo Strey
--- a/app/controllers/collections_controller.rb
+++ b/app/controllers/collections_controller.rb
@@ -39,7 +39,7 @@ class CollectionsController < ApplicationController
      check_collection_privacy! @collection

      @user = @collection.owner
-      @own = user_signed_in? ? @collection.owner?(current_user) : false
+      @own = user_signed_in? ? @collection.user_own?(current_user) : false
    end

    @reviews = Review.includes(:user).where(reviewable: @collection)
@@ -95,7 +95,7 @@ class CollectionsController < ApplicationController
    # list all
    @collection = nil if @collection == 'all'

-    @collections = Collection.from_user(current_user)
+    @collections = current_user.associated_collections
    @collections.select! { |c| c.id != @collection.id } unless @collection.blank?

    unless params[:type].blank?
@@ -132,7 +132,7 @@ class CollectionsController < ApplicationController
  # POST /collections/1/learning_object
  def add_learning_object
    @collections.each do |collection|
-      next unless collection.owner?(current_user)
+      next unless collection.user_own?(current_user)

      @learning_objects.each do |learning_object|
        collection.learning_objects << learning_object
@@ -146,7 +146,7 @@ class CollectionsController < ApplicationController
  # DELETE /collections/1/learning_object
  def remove_learning_object
    @collections.each do |collection|
-      next unless collection.owner?(current_user)
+      next unless collection.user_own?(current_user)

      @learning_objects.each do |learning_object|
        collection.learning_objects.destroy(learning_object)
@@ -169,8 +169,8 @@ class CollectionsController < ApplicationController
  private

  def check_collection_privacy!(collection)
-    if collection.private?
-      redirect_to :root, notice: 'Está é uma coleção privada.' unless collection.owner?(current_user)
+    if collection.private? && !collection.user_own?(current_user)
+      redirect_to :root, notice: 'Está é uma coleção privada.'
    end
  end

@@ -179,7 +179,7 @@ class CollectionsController < ApplicationController
  end

  def set_collections
-    if params[:id] == "all" || params[:id].blank?
+    if params[:id] == 'all' || params[:id].blank?
      @collections = ['all']
    else
      @collections = (params[:id].class == String) ? [Collection.find(params[:id])] : params[:id].map{|id| Collection.find id}

--- a/app/models/collection.rb
+++ b/app/models/collection.rb
@@ -58,6 +58,11 @@ class Collection < ActiveRecord::Base
    owner == candidate
  end

+  def user_own?(user)
+    return false unless user.is_a? User
+    owner?(user) || owner.users.include?(user)
+  end
+
  def private?
    privacy == 'private'
  end