fixed authentication, fixed method returning all collections when user_can_edit? is true

b73b2199 · scariot · 42307916 · b73b2199 · b73b2199
Commit b73b2199 authored 7 years ago by scariot
--- a/app/controllers/concerns/publisher_controller.rb
+++ b/app/controllers/concerns/publisher_controller.rb
@@ -40,7 +40,7 @@ module PublisherController
  end

  def show_all_collections
-    render json: ::UserPolicy::Scope.new(current_user, @publisher, Collection).resolve
+    render json: ::UserPolicy::Scope.new(current_user, @publisher, Collection).resolve.where(owner: @publisher)
  end

  def show_liked_learning_objects

--- a/app/policies/publisher_policy.rb
+++ b/app/policies/publisher_policy.rb
@@ -31,10 +31,8 @@ module PublisherPolicy
    def resolve
      if user.nil?
        scope.where(privacy: 'public')
-      elsif user_can_edit?
+      elsif user_can_edit? || record == user
        scope.all
-      elsif record == user
-        scope.where(owner: user)
      else
        scope.where(privacy: 'public')
      end