From 4dc08d9dbc9fcc4113346c774621ceb04dc5dd92 Mon Sep 17 00:00:00 2001
From: f <f@kefir.red>
Date: Sat, 16 Feb 2019 15:17:18 -0300
Subject: [PATCH] lxs invitadxs no ven el indice de sitios

---
 app/controllers/posts_controller.rb | 2 +-
 app/policies/site_policy.rb         | 4 ++--
 app/views/layouts/_breadcrumb.haml  | 3 +++
 config/application.rb               | 1 +
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 865e8c04..e8611abf 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -3,8 +3,8 @@ class PostsController < ApplicationController
   before_action :authenticate!
 
   def index
+    authorize Post
     @site     = find_site
-    authorize @site
     @lang     = find_lang(@site)
     @category = session[:category] = params.dig(:category)
     @posts    = policy_scope(@site.posts_for(@lang), policy_scope_class: PostPolicy::Scope)
diff --git a/app/policies/site_policy.rb b/app/policies/site_policy.rb
index d334055d..3050f307 100644
--- a/app/policies/site_policy.rb
+++ b/app/policies/site_policy.rb
@@ -6,9 +6,9 @@ class SitePolicy < SuttyPolicy
     @site = site
   end
 
-  # Todxs lxs usuarixs pueden ver el índice
+  # Solo las usuarias
   def index?
-    true
+    usuaria?
   end
 
   # Todxs lxs usuarixs pueden ver el sitio
diff --git a/app/views/layouts/_breadcrumb.haml b/app/views/layouts/_breadcrumb.haml
index 4862d69c..4027da57 100644
--- a/app/views/layouts/_breadcrumb.haml
+++ b/app/views/layouts/_breadcrumb.haml
@@ -2,6 +2,9 @@
   %ol.breadcrumb
     %li.breadcrumb-item= render 'login/logout'
     - crumbs.compact.each do |crumb|
+      - if current_user.is_a? Invitadx
+        - if /\/sites/ =~ crumb
+          - next
       - if crumb == crumbs.last
         %li.breadcrumb-item.active{'aria-current': 'page'}= crumb
       - else
diff --git a/config/application.rb b/config/application.rb
index cf327a3a..e3c36b1b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -24,5 +24,6 @@ module Sutty
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
+    config.action_dispatch.rescue_responses['Pundit::NotAuthorizedError'] = :forbidden
   end
 end