autorizacion para posts
This commit is contained in:
parent
a300893b49
commit
c6ace605fb
2 changed files with 56 additions and 0 deletions
|
@ -23,9 +23,11 @@ class PostsController < ApplicationController
|
|||
@site = find_site
|
||||
@lang = find_lang(@site)
|
||||
@post = find_post(@site)
|
||||
authorize @post
|
||||
end
|
||||
|
||||
def new
|
||||
authorize Post
|
||||
@site = find_site
|
||||
@lang = find_lang(@site)
|
||||
@template = find_template(@site)
|
||||
|
@ -36,6 +38,7 @@ class PostsController < ApplicationController
|
|||
end
|
||||
|
||||
def create
|
||||
authorize Post
|
||||
@site = find_site
|
||||
@lang = find_lang(@site)
|
||||
@template = find_template(@site)
|
||||
|
@ -53,12 +56,17 @@ class PostsController < ApplicationController
|
|||
@site = find_site
|
||||
@lang = find_lang(@site)
|
||||
@post = find_post(@site)
|
||||
|
||||
authorize @post
|
||||
end
|
||||
|
||||
def update
|
||||
@site = find_site
|
||||
@lang = find_lang(@site)
|
||||
@post = find_post(@site)
|
||||
|
||||
authorize @post
|
||||
|
||||
@post.update_attributes(repair_nested_params(post_params))
|
||||
|
||||
if @post.save
|
||||
|
|
48
app/policies/post_policy.rb
Normal file
48
app/policies/post_policy.rb
Normal file
|
@ -0,0 +1,48 @@
|
|||
class PostPolicy < SuttyPolicy
|
||||
attr_reader :post
|
||||
|
||||
def initialize(usuarix, post)
|
||||
@usuarix = usuarix
|
||||
@post = post
|
||||
end
|
||||
|
||||
def index?
|
||||
true
|
||||
end
|
||||
|
||||
# Lxs invitadxs solo pueden ver sus propios posts
|
||||
def show?
|
||||
usuaria? || post.author == usuarix.email
|
||||
end
|
||||
|
||||
def new?
|
||||
create?
|
||||
end
|
||||
|
||||
def create?
|
||||
true
|
||||
end
|
||||
|
||||
def edit?
|
||||
update?
|
||||
end
|
||||
|
||||
# Lxs invitadxs solo pueden modificar sus propios artículos
|
||||
def update?
|
||||
usuaria? || post.author == usuarix.email
|
||||
end
|
||||
|
||||
class Scope < SuttyPolicy::Scope
|
||||
# Las usuarias pueden ver todos los posts
|
||||
#
|
||||
# Lxs invitadxs solo pueden ver sus propios posts
|
||||
def resolve
|
||||
return scope if usuaria?
|
||||
|
||||
# Asegurarse que al menos devolvemos []
|
||||
[scope.find do |post|
|
||||
post.author == usuarix.email
|
||||
end].flatten.compact
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue