Fixing collections policy

e8adb200 · Giovanne Marcelo · 2665e80b · e8adb200 · e8adb200 · e8adb200
Commit e8adb200 authored 9 years ago by Giovanne Marcelo
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
 class UsersController < ApplicationController
+
+  include Pundit
+
  before_action :authenticate_user!, only: [:follow, :unfollow]
  before_action :check_current_user_page, only: :show
  before_action :set_user, only: [:show]
@@ -9,7 +12,7 @@ class UsersController < ApplicationController
  def show
    @objects = @user.learning_objects
    @institutions = @user.institutions
-    @groups = [CollectionsGroup.new(title: 'Coleções Adicionadas', collections: [@user.collections.includes(:owner)])]
+    @groups = [CollectionsGroup.new(title: 'Coleções Adicionadas', collections: [ CollectionPolicy::Scope.new(current_user, @user.id, @user.collections).resolve.includes(:owner)])]

    if @user == current_user
      @publishers = @user.institutions

--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -4,6 +4,10 @@ module UsersHelper
    current_user.id == user.id
  end

+  def user_exists?
+    !current_user.nil?
+  end
+
  def learning_objects_number(learning_objects)
    if learning_objects.count == 0
      return 'Nenhum item'
@@ -23,4 +27,4 @@ module UsersHelper
    render "users/user_horizontal", user: user
  end

-end
\ No newline at end of file
+end
--- a/app/models/collection.rb
+++ b/app/models/collection.rb
@@ -60,7 +60,8 @@ class Collection < ActiveRecord::Base

  def user_own?(user)
    return false unless user.is_a? User
-    owner?(user) || owner.users.include?(user)
+    return user.is_admin? || owner?(user)
+    return true if user.is_a? Institution and owner.users.include?(user)
  end

  def private?

--- a/app/policies/collection_policy.rb
+++ b/app/policies/collection_policy.rb
@@ -2,6 +2,27 @@ class CollectionPolicy < ApplicationPolicy
  include SociablePolicy
  include FollowablePolicy

+  class Scope < Scope
+
+
+    def initialize (user, user_id, scope)
+      @user = user
+      @user_id = user_id
+      @scope = scope
+    end
+
+    def resolve
+      if @user.nil?
+        scope.where(privacy: 'public')
+      elsif @user.id == @user_id || @user.is_admin?
+        scope.all
+      else
+        scope.where(privacy: 'public')
+      end
+    end
+  end
+
+
  def create?
    record if user_exists?
  end

--- a/app/views/users/_header.html.erb
+++ b/app/views/users/_header.html.erb
@@ -2,7 +2,7 @@
  <div class="col-md-6">
    <div class="media">
      <div class="media-left">
-        <% if current_user.id == user.id and current_user.provider == "email" %>
+        <% if user_exists? and current_user.id == user.id and current_user.provider == "email" %>
            <%= link_to edit_user_registration_path do
              image_tag user.avatar.url(:thumb), class: 'user-image'
            end %>
@@ -28,11 +28,11 @@
    </div>
  </div>
  <div class="col-md-6 right-column">
-    <% if current_user_page? user %>
+    <% if user_exists? and current_user_page? user %>
      <% if current_user.provider == "email" %>
        <%= link_to 'Editar perfil', edit_user_registration_path, class: 'btn btn-default' %>
      <% end %>
-    <% else %>
+    <% elsif user_exists? %>
      <%= render 'follows/button', followable: user %>
    <% end %>


--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -14,7 +14,7 @@
          </div>
        </div>
        <div class="col-md-6 right-column align-right">
-          <% if current_user_page? @user %>
+          <% if user_exists? and current_user_page? @user %>
            <%= link_to 'Adicionar novo objeto', new_learning_object_path, class: 'btn btn-primary'%>
          <% else %>
              <!-- <button type="button" class="btn btn-primary">Enviar mensagem</button> -->
@@ -48,7 +48,7 @@
        </div>
      </div>
      <div class="col-md-6 right-column align-right">
-        <%= render('collections/create', collection: @new_collection, publishers: @publishers, placement: 'left') if current_user_page?(@user) %>
+        <%= render('collections/create', collection: @new_collection, publishers: @publishers, placement: 'left') if user_exists? and current_user_page?(@user) %>
      </div>
    </div>