From b73b219992943978c472569e21c9236080f47906 Mon Sep 17 00:00:00 2001
From: Guilherme Scariot <gsr16@inf.ufpr.br>
Date: Mon, 12 Mar 2018 10:40:20 -0300
Subject: [PATCH] fixed authentication, fixed method returning all collections
 when user_can_edit? is true

---
 app/controllers/concerns/publisher_controller.rb | 2 +-
 app/policies/publisher_policy.rb                 | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/controllers/concerns/publisher_controller.rb b/app/controllers/concerns/publisher_controller.rb
index c9c88ff2..5199dca2 100644
--- a/app/controllers/concerns/publisher_controller.rb
+++ b/app/controllers/concerns/publisher_controller.rb
@@ -40,7 +40,7 @@ module PublisherController
   end
 
   def show_all_collections
-    render json: ::UserPolicy::Scope.new(current_user, @publisher, Collection).resolve
+    render json: ::UserPolicy::Scope.new(current_user, @publisher, Collection).resolve.where(owner: @publisher)
   end
 
   def show_liked_learning_objects
diff --git a/app/policies/publisher_policy.rb b/app/policies/publisher_policy.rb
index b6403469..5df13047 100644
--- a/app/policies/publisher_policy.rb
+++ b/app/policies/publisher_policy.rb
@@ -31,10 +31,8 @@ module PublisherPolicy
     def resolve
       if user.nil?
         scope.where(privacy: 'public')
-      elsif user_can_edit?
+      elsif user_can_edit? || record == user
         scope.all
-      elsif record == user
-        scope.where(owner: user)
       else
         scope.where(privacy: 'public')
       end
-- 
GitLab