rosa-build/app/policies/application_policy.rb

class ApplicationPolicy
  attr_reader :user, :record

  def initialize(user, record)
    # raise Pundit::NotAuthorizedError, 'must be logged in' unless user
    @user   = user || User.new
    @record = record
  end

  BASIC_ACTIONS = %i(index? show? create? update? destroy? destroy_all?)

  def index?
    false
  end

  def show?
    false
  end

  def new?
    create?
  end

  def edit?
    update?
  end

  def update?
    false
  end

  def create?
    false
  end

  def destroy?
    false
  end

  def permitted_attributes
    []
  end

  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user  = user
      @scope = scope
    end

    def resolve
      scope
    end
  end

  # Public: Get user's group ids.
  #
  # Returns the Array of group ids.
  def user_group_ids
    Rails.cache.fetch(['ApplicationPolicy#user_group_ids', user]) do
      user.group_ids
    end
  end

  protected

  # Public: Check if provided user is the current user.
  #
  # Returns true if it is, false otherwise.
  def current_user?(u)
    u == user
  end

  # Public: Check if provided user is guest.
  #
  # Returns true if he is, false otherwise.
  def is_guest?
    user.new_record?
  end

  # Public: Check if provided user is user.
  #
  # Returns true if he is, false otherwise.
  def is_user?
    user.persisted?
  end

  # Public: Check if provided user is tester.
  #
  # Returns true if he is, false otherwise.
  def is_tester?
    user.role == 'tester'
  end

  # Public: Check if provided user is system.
  #
  # Returns true if he is, false otherwise.
  def is_system?
    user.role == 'system'
  end

  # Public: Check if provided user is admin.
  #
  # Returns true if he is, false otherwise.
  def is_admin?
    user.role == 'admin'
  end

  # Public: Check if provided user is banned.
  #
  # Returns true if he is, false otherwise.
  def is_banned?
    user.role == 'banned'
  end

  # Private: Check if provided user is at least record admin.
  #
  # Returns true if he is, false otherwise.
  def local_admin?(r = record)
    owner?(r) || best_role(r) == 'admin'
  end

  # Private: Check if provided user is at least record reader.
  #
  # Returns true if he is, false otherwise.
  def local_reader?(r = record)
    owner?(r) || %w(reader writer admin).include?(best_role(r))
  end

  # Private: Check if provided user is at least record writer.
  #
  # Returns true if he is, false otherwise.
  def local_writer?(r = record)
    owner?(r) || %w(writer admin).include?(best_role(r))
  end

  # Private: Check if provided user is record owner.
  #
  # Returns true if he is, false otherwise.
  def owner?(r = record)
    (
      !r.try(:owner_type) && r.owner_id == user.id
    ) || (
      r.try(:owner_type) == 'User'  && r.owner_id == user.id
    ) || (
      r.try(:owner_type) == 'Group' && user_own_group_ids.include?(r.owner_id)
    )
  end

  # Private: Get the best role of user for record.
  #
  # Returns the String role or nil.
  def best_role(r = record)
    Rails.cache.fetch(['ApplicationPolicy#best_role', r, user]) do
      user.best_role(r)
    end
  end

  # Public: Get own user's group ids.
  #
  # Returns the Array of own group ids.
  def user_own_group_ids
    Rails.cache.fetch(['ApplicationPolicy#user_own_group_ids', user]) do
      user.own_group_ids
    end
  end

  # Public: Get user's platform ids.
  #
  # Returns the Array of platform ids.
  def user_platform_ids
    Rails.cache.fetch(['ApplicationPolicy#user_platform_ids', user]) do
      user.repositories.pluck(:platform_id)
    end
  end

end
#465: added pundit gem, wip... 2015-03-12 22:43:13 +00:00			`class ApplicationPolicy`
			`attr_reader :user, :record`

			`def initialize(user, record)`
			`# raise Pundit::NotAuthorizedError, 'must be logged in' unless user`
			`@user = user \|\| User.new`
			`@record = record`
			`end`

			`BASIC_ACTIONS = %i(index? show? create? update? destroy? destroy_all?)`

			`def index?`
			`false`
			`end`

			`def show?`
			`false`
			`end`

			`def new?`
			`create?`
			`end`

			`def edit?`
			`update?`
			`end`

			`def update?`
			`false`
			`end`

			`def create?`
			`false`
			`end`

			`def destroy?`
			`false`
			`end`

			`def permitted_attributes`
			`[]`
			`end`

			`class Scope`
			`attr_reader :user, :scope`

			`def initialize(user, scope)`
			`@user = user`
			`@scope = scope`
			`end`

			`def resolve`
			`scope`
			`end`
			`end`

#465: Updated some controllers, logic of polices 2015-03-17 22:33:16 +00:00			`# Public: Get user's group ids.`
			`#`
			`# Returns the Array of group ids.`
			`def user_group_ids`
			`Rails.cache.fetch(['ApplicationPolicy#user_group_ids', user]) do`
			`user.group_ids`
			`end`
			`end`

#465: added pundit gem, wip... 2015-03-12 22:43:13 +00:00			`protected`

			`# Public: Check if provided user is the current user.`
			`#`
			`# Returns true if it is, false otherwise.`
			`def current_user?(u)`
			`u == user`
			`end`

			`# Public: Check if provided user is guest.`
			`#`
			`# Returns true if he is, false otherwise.`
			`def is_guest?`
			`user.new_record?`
			`end`

			`# Public: Check if provided user is user.`
			`#`
			`# Returns true if he is, false otherwise.`
			`def is_user?`
			`user.persisted?`
			`end`

			`# Public: Check if provided user is tester.`
			`#`
			`# Returns true if he is, false otherwise.`
			`def is_tester?`
			`user.role == 'tester'`
			`end`

			`# Public: Check if provided user is system.`
			`#`
			`# Returns true if he is, false otherwise.`
			`def is_system?`
			`user.role == 'system'`
			`end`

			`# Public: Check if provided user is admin.`
			`#`
			`# Returns true if he is, false otherwise.`
			`def is_admin?`
			`user.role == 'admin'`
			`end`

			`# Public: Check if provided user is banned.`
			`#`
			`# Returns true if he is, false otherwise.`
			`def is_banned?`
			`user.role == 'banned'`
			`end`

#465: updated views 2015-03-14 22:10:04 +00:00			`# Private: Check if provided user is at least record admin.`
			`#`
			`# Returns true if he is, false otherwise.`
#465: updated ProjectPolicy 2015-03-17 00:55:04 +00:00			`def local_admin?(r = record)`
#465: Added XxxPolicy classes for all models. 2015-03-18 22:02:38 +00:00			`owner?(r) \|\| best_role(r) == 'admin'`
#465: updated views 2015-03-14 22:10:04 +00:00			`end`

			`# Private: Check if provided user is at least record reader.`
			`#`
			`# Returns true if he is, false otherwise.`
#465: updated ProjectPolicy 2015-03-17 00:55:04 +00:00			`def local_reader?(r = record)`
#465: misprint 2015-03-19 23:55:50 +00:00			`owner?(r) \|\| %w(reader writer admin).include?(best_role(r))`
#465: updated views 2015-03-14 22:10:04 +00:00			`end`

			`# Private: Check if provided user is at least record writer.`
			`#`
			`# Returns true if he is, false otherwise.`
#465: updated ProjectPolicy 2015-03-17 00:55:04 +00:00			`def local_writer?(r = record)`
#465: misprint 2015-03-19 23:55:50 +00:00			`owner?(r) \|\| %w(writer admin).include?(best_role(r))`
#465: updated views 2015-03-14 22:10:04 +00:00			`end`

			`# Private: Check if provided user is record owner.`
			`#`
			`# Returns true if he is, false otherwise.`
#465: Added XxxPolicy classes for all models. 2015-03-18 22:02:38 +00:00			`def owner?(r = record)`
#465: updated views 2015-03-14 22:10:04 +00:00			`(`
#465: Added XxxPolicy classes for all models. 2015-03-18 22:02:38 +00:00			`!r.try(:owner_type) && r.owner_id == user.id`
#465: Updated some controllers, logic of polices 2015-03-17 22:33:16 +00:00			`) \|\| (`
#465: Added XxxPolicy classes for all models. 2015-03-18 22:02:38 +00:00			`r.try(:owner_type) == 'User' && r.owner_id == user.id`
#465: updated views 2015-03-14 22:10:04 +00:00			`) \|\| (`
#465: Added XxxPolicy classes for all models. 2015-03-18 22:02:38 +00:00			`r.try(:owner_type) == 'Group' && user_own_group_ids.include?(r.owner_id)`
#465: updated views 2015-03-14 22:10:04 +00:00			`)`
			`end`

			`# Private: Get the best role of user for record.`
			`#`
			`# Returns the String role or nil.`
#465: updated ProjectPolicy 2015-03-17 00:55:04 +00:00			`def best_role(r = record)`
			`Rails.cache.fetch(['ApplicationPolicy#best_role', r, user]) do`
			`user.best_role(r)`
			`end`
			`end`

			`# Public: Get own user's group ids.`
			`#`
			`# Returns the Array of own group ids.`
			`def user_own_group_ids`
			`Rails.cache.fetch(['ApplicationPolicy#user_own_group_ids', user]) do`
			`user.own_group_ids`
#465: updated views 2015-03-14 22:10:04 +00:00			`end`
			`end`

#465: Added XxxPolicy classes for all models. 2015-03-18 22:02:38 +00:00			`# Public: Get user's platform ids.`
			`#`
			`# Returns the Array of platform ids.`
			`def user_platform_ids`
			`Rails.cache.fetch(['ApplicationPolicy#user_platform_ids', user]) do`
			`user.repositories.pluck(:platform_id)`
			`end`
			`end`

			`end`