From e8adb200d63731a7974facd54d3f45146b9d1e73 Mon Sep 17 00:00:00 2001
From: Giovanne Marcelo <gms15@inf.ufpr.br>
Date: Mon, 28 Mar 2016 10:46:44 -0300
Subject: [PATCH] Fixing collections policy

---
 app/controllers/users_controller.rb |  5 ++++-
 app/helpers/users_helper.rb         |  6 +++++-
 app/models/collection.rb            |  3 ++-
 app/policies/collection_policy.rb   | 21 +++++++++++++++++++++
 app/views/users/_header.html.erb    |  6 +++---
 app/views/users/show.html.erb       |  4 ++--
 6 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index cbc5a878..b4f75c7d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,7 @@
 class UsersController < ApplicationController
+
+  include Pundit
+
   before_action :authenticate_user!, only: [:follow, :unfollow]
   before_action :check_current_user_page, only: :show
   before_action :set_user, only: [:show]
@@ -9,7 +12,7 @@ class UsersController < ApplicationController
   def show
     @objects = @user.learning_objects
     @institutions = @user.institutions
-    @groups = [CollectionsGroup.new(title: 'Coleções Adicionadas', collections: [@user.collections.includes(:owner)])]
+    @groups = [CollectionsGroup.new(title: 'Coleções Adicionadas', collections: [ CollectionPolicy::Scope.new(current_user, @user.id, @user.collections).resolve.includes(:owner)])]
 
     if @user == current_user
       @publishers = @user.institutions
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index dc9350af..d9c4d069 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -4,6 +4,10 @@ module UsersHelper
     current_user.id == user.id
   end
 
+  def user_exists?
+    !current_user.nil?
+  end
+
   def learning_objects_number(learning_objects)
     if learning_objects.count == 0
       return 'Nenhum item'
@@ -23,4 +27,4 @@ module UsersHelper
     render "users/user_horizontal", user: user
   end
 
-end
\ No newline at end of file
+end
diff --git a/app/models/collection.rb b/app/models/collection.rb
index 08597902..227a59eb 100644
--- a/app/models/collection.rb
+++ b/app/models/collection.rb
@@ -60,7 +60,8 @@ class Collection < ActiveRecord::Base
 
   def user_own?(user)
     return false unless user.is_a? User
-    owner?(user) || owner.users.include?(user)
+    return user.is_admin? || owner?(user)
+    return true if user.is_a? Institution and owner.users.include?(user)
   end
 
   def private?
diff --git a/app/policies/collection_policy.rb b/app/policies/collection_policy.rb
index c9865249..1b194aa7 100644
--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -2,6 +2,27 @@ class CollectionPolicy < ApplicationPolicy
   include SociablePolicy
   include FollowablePolicy
 
+  class Scope < Scope
+
+
+    def initialize (user, user_id, scope)
+      @user = user
+      @user_id = user_id
+      @scope = scope
+    end
+
+    def resolve
+      if @user.nil?
+        scope.where(privacy: 'public')
+      elsif @user.id == @user_id || @user.is_admin?
+        scope.all
+      else
+        scope.where(privacy: 'public')
+      end
+    end
+  end
+
+
   def create?
     record if user_exists?
   end
diff --git a/app/views/users/_header.html.erb b/app/views/users/_header.html.erb
index 800656db..46168415 100644
--- a/app/views/users/_header.html.erb
+++ b/app/views/users/_header.html.erb
@@ -2,7 +2,7 @@
   <div class="col-md-6">
     <div class="media">
       <div class="media-left">
-        <% if current_user.id == user.id and current_user.provider == "email" %>
+        <% if user_exists? and current_user.id == user.id and current_user.provider == "email" %>
             <%= link_to edit_user_registration_path do
               image_tag user.avatar.url(:thumb), class: 'user-image'
             end %>
@@ -28,11 +28,11 @@
     </div>
   </div>
   <div class="col-md-6 right-column">
-    <% if current_user_page? user %>
+    <% if user_exists? and current_user_page? user %>
       <% if current_user.provider == "email" %>
         <%= link_to 'Editar perfil', edit_user_registration_path, class: 'btn btn-default' %>
       <% end %>
-    <% else %>
+    <% elsif user_exists? %>
       <%= render 'follows/button', followable: user %>
     <% end %>
 
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 0144bee2..c99aa568 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -14,7 +14,7 @@
           </div>
         </div>
         <div class="col-md-6 right-column align-right">
-          <% if current_user_page? @user %>
+          <% if user_exists? and current_user_page? @user %>
             <%= link_to 'Adicionar novo objeto', new_learning_object_path, class: 'btn btn-primary'%>
           <% else %>
               <!-- <button type="button" class="btn btn-primary">Enviar mensagem</button> -->
@@ -48,7 +48,7 @@
         </div>
       </div>
       <div class="col-md-6 right-column align-right">
-        <%= render('collections/create', collection: @new_collection, publishers: @publishers, placement: 'left') if current_user_page?(@user) %>
+        <%= render('collections/create', collection: @new_collection, publishers: @publishers, placement: 'left') if user_exists? and current_user_page?(@user) %>
       </div>
     </div>
 
-- 
GitLab