autorizacion para posts

This commit is contained in:
f 2018-09-28 14:15:09 -03:00
parent a300893b49
commit c6ace605fb
No known key found for this signature in database
GPG key ID: F3FDAB97B5F9F7E7
2 changed files with 56 additions and 0 deletions

View file

@ -23,9 +23,11 @@ class PostsController < ApplicationController
@site = find_site
@lang = find_lang(@site)
@post = find_post(@site)
authorize @post
end
def new
authorize Post
@site = find_site
@lang = find_lang(@site)
@template = find_template(@site)
@ -36,6 +38,7 @@ class PostsController < ApplicationController
end
def create
authorize Post
@site = find_site
@lang = find_lang(@site)
@template = find_template(@site)
@ -53,12 +56,17 @@ class PostsController < ApplicationController
@site = find_site
@lang = find_lang(@site)
@post = find_post(@site)
authorize @post
end
def update
@site = find_site
@lang = find_lang(@site)
@post = find_post(@site)
authorize @post
@post.update_attributes(repair_nested_params(post_params))
if @post.save

View file

@ -0,0 +1,48 @@
class PostPolicy < SuttyPolicy
attr_reader :post
def initialize(usuarix, post)
@usuarix = usuarix
@post = post
end
def index?
true
end
# Lxs invitadxs solo pueden ver sus propios posts
def show?
usuaria? || post.author == usuarix.email
end
def new?
create?
end
def create?
true
end
def edit?
update?
end
# Lxs invitadxs solo pueden modificar sus propios artículos
def update?
usuaria? || post.author == usuarix.email
end
class Scope < SuttyPolicy::Scope
# Las usuarias pueden ver todos los posts
#
# Lxs invitadxs solo pueden ver sus propios posts
def resolve
return scope if usuaria?
# Asegurarse que al menos devolvemos []
[scope.find do |post|
post.author == usuarix.email
end].flatten.compact
end
end
end