diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index cbc5a878c07baa6e6e5c1bb038c2a901a49d1839..b4f75c7d0bcc31ab5e0827cfe74cd06072b5250d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,7 @@
class UsersController < ApplicationController
+
+ include Pundit
+
before_action :authenticate_user!, only: [:follow, :unfollow]
before_action :check_current_user_page, only: :show
before_action :set_user, only: [:show]
@@ -9,7 +12,7 @@ class UsersController < ApplicationController
def show
@objects = @user.learning_objects
@institutions = @user.institutions
- @groups = [CollectionsGroup.new(title: 'Coleções Adicionadas', collections: [@user.collections.includes(:owner)])]
+ @groups = [CollectionsGroup.new(title: 'Coleções Adicionadas', collections: [ CollectionPolicy::Scope.new(current_user, @user.id, @user.collections).resolve.includes(:owner)])]
if @user == current_user
@publishers = @user.institutions
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index dc9350af15b460bee96b0f7aeda8a91ed394fdca..d9c4d06991018952b672bc7bb81e6c7064dd9af7 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -4,6 +4,10 @@ module UsersHelper
current_user.id == user.id
end
+ def user_exists?
+ !current_user.nil?
+ end
+
def learning_objects_number(learning_objects)
if learning_objects.count == 0
return 'Nenhum item'
@@ -23,4 +27,4 @@ module UsersHelper
render "users/user_horizontal", user: user
end
-end
\ No newline at end of file
+end
diff --git a/app/models/collection.rb b/app/models/collection.rb
index 08597902e1a14126efc9559135f4f2443787f8db..227a59ebaa9ebf3105d91a6b234ffd9ef0d79109 100644
--- a/app/models/collection.rb
+++ b/app/models/collection.rb
@@ -60,7 +60,8 @@ class Collection < ActiveRecord::Base
def user_own?(user)
return false unless user.is_a? User
- owner?(user) || owner.users.include?(user)
+ return user.is_admin? || owner?(user)
+ return true if user.is_a? Institution and owner.users.include?(user)
end
def private?
diff --git a/app/policies/collection_policy.rb b/app/policies/collection_policy.rb
index c986524944e3f652bb26bfa706c7ddaf0218dcbd..1b194aa741022812cc237e76ee288fb16f0a6581 100644
--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -2,6 +2,27 @@ class CollectionPolicy < ApplicationPolicy
include SociablePolicy
include FollowablePolicy
+ class Scope < Scope
+
+
+ def initialize (user, user_id, scope)
+ @user = user
+ @user_id = user_id
+ @scope = scope
+ end
+
+ def resolve
+ if @user.nil?
+ scope.where(privacy: 'public')
+ elsif @user.id == @user_id || @user.is_admin?
+ scope.all
+ else
+ scope.where(privacy: 'public')
+ end
+ end
+ end
+
+
def create?
record if user_exists?
end
diff --git a/app/views/users/_header.html.erb b/app/views/users/_header.html.erb
index 800656db5e781cef67081514ee9dd44cffcb739e..46168415a867d9f3031d2adfa9cff978444964a8 100644
--- a/app/views/users/_header.html.erb
+++ b/app/views/users/_header.html.erb
@@ -2,7 +2,7 @@
<div class="col-md-6">
<div class="media">
<div class="media-left">
- <% if current_user.id == user.id and current_user.provider == "email" %>
+ <% if user_exists? and current_user.id == user.id and current_user.provider == "email" %>
<%= link_to edit_user_registration_path do
image_tag user.avatar.url(:thumb), class: 'user-image'
end %>
@@ -28,11 +28,11 @@
</div>
</div>
<div class="col-md-6 right-column">
- <% if current_user_page? user %>
+ <% if user_exists? and current_user_page? user %>
<% if current_user.provider == "email" %>
<%= link_to 'Editar perfil', edit_user_registration_path, class: 'btn btn-default' %>
<% end %>
- <% else %>
+ <% elsif user_exists? %>
<%= render 'follows/button', followable: user %>
<% end %>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 0144bee2bb5e85a37504949cac9e85ec0703b8a8..c99aa568627f0696e6ea8b179871e38809084745 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -14,7 +14,7 @@
</div>
</div>
<div class="col-md-6 right-column align-right">
- <% if current_user_page? @user %>
+ <% if user_exists? and current_user_page? @user %>
<%= link_to 'Adicionar novo objeto', new_learning_object_path, class: 'btn btn-primary'%>
<% else %>
<!-- <button type="button" class="btn btn-primary">Enviar mensagem</button> -->
@@ -48,7 +48,7 @@
</div>
</div>
<div class="col-md-6 right-column align-right">
- <%= render('collections/create', collection: @new_collection, publishers: @publishers, placement: 'left') if current_user_page?(@user) %>
+ <%= render('collections/create', collection: @new_collection, publishers: @publishers, placement: 'left') if user_exists? and current_user_page?(@user) %>
</div>
</div>