mirror of
https://0xacab.org/sutty/sutty
synced 2024-11-26 11:56:21 +00:00
autorizacion para posts
This commit is contained in:
parent
a300893b49
commit
c6ace605fb
2 changed files with 56 additions and 0 deletions
|
@ -23,9 +23,11 @@ class PostsController < ApplicationController
|
||||||
@site = find_site
|
@site = find_site
|
||||||
@lang = find_lang(@site)
|
@lang = find_lang(@site)
|
||||||
@post = find_post(@site)
|
@post = find_post(@site)
|
||||||
|
authorize @post
|
||||||
end
|
end
|
||||||
|
|
||||||
def new
|
def new
|
||||||
|
authorize Post
|
||||||
@site = find_site
|
@site = find_site
|
||||||
@lang = find_lang(@site)
|
@lang = find_lang(@site)
|
||||||
@template = find_template(@site)
|
@template = find_template(@site)
|
||||||
|
@ -36,6 +38,7 @@ class PostsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
|
authorize Post
|
||||||
@site = find_site
|
@site = find_site
|
||||||
@lang = find_lang(@site)
|
@lang = find_lang(@site)
|
||||||
@template = find_template(@site)
|
@template = find_template(@site)
|
||||||
|
@ -53,12 +56,17 @@ class PostsController < ApplicationController
|
||||||
@site = find_site
|
@site = find_site
|
||||||
@lang = find_lang(@site)
|
@lang = find_lang(@site)
|
||||||
@post = find_post(@site)
|
@post = find_post(@site)
|
||||||
|
|
||||||
|
authorize @post
|
||||||
end
|
end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
@site = find_site
|
@site = find_site
|
||||||
@lang = find_lang(@site)
|
@lang = find_lang(@site)
|
||||||
@post = find_post(@site)
|
@post = find_post(@site)
|
||||||
|
|
||||||
|
authorize @post
|
||||||
|
|
||||||
@post.update_attributes(repair_nested_params(post_params))
|
@post.update_attributes(repair_nested_params(post_params))
|
||||||
|
|
||||||
if @post.save
|
if @post.save
|
||||||
|
|
48
app/policies/post_policy.rb
Normal file
48
app/policies/post_policy.rb
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
class PostPolicy < SuttyPolicy
|
||||||
|
attr_reader :post
|
||||||
|
|
||||||
|
def initialize(usuarix, post)
|
||||||
|
@usuarix = usuarix
|
||||||
|
@post = post
|
||||||
|
end
|
||||||
|
|
||||||
|
def index?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
# Lxs invitadxs solo pueden ver sus propios posts
|
||||||
|
def show?
|
||||||
|
usuaria? || post.author == usuarix.email
|
||||||
|
end
|
||||||
|
|
||||||
|
def new?
|
||||||
|
create?
|
||||||
|
end
|
||||||
|
|
||||||
|
def create?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
def edit?
|
||||||
|
update?
|
||||||
|
end
|
||||||
|
|
||||||
|
# Lxs invitadxs solo pueden modificar sus propios artículos
|
||||||
|
def update?
|
||||||
|
usuaria? || post.author == usuarix.email
|
||||||
|
end
|
||||||
|
|
||||||
|
class Scope < SuttyPolicy::Scope
|
||||||
|
# Las usuarias pueden ver todos los posts
|
||||||
|
#
|
||||||
|
# Lxs invitadxs solo pueden ver sus propios posts
|
||||||
|
def resolve
|
||||||
|
return scope if usuaria?
|
||||||
|
|
||||||
|
# Asegurarse que al menos devolvemos []
|
||||||
|
[scope.find do |post|
|
||||||
|
post.author == usuarix.email
|
||||||
|
end].flatten.compact
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue