#465: updated views

app/controllers/api/v1/issues_controller.rb

@@ -46,7 +46,7 @@ class Api::V1::IssuesController < Api::V1::BaseController
   end
 
   def update
-    unless can?(:write, @project)
+    unless policy(@project).write?
       params.delete :update_labels
       [:assignee_id, :labelings, :labelings_attributes].each do |k|
         params[:issue].delete k

app/controllers/api/v1/projects_controller.rb

@@ -12,7 +12,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController
   end
 
   def get_id
-    if @project = Project.find_by_owner_and_name_cached(params[:owner], params[:name])
+    if @project = Project.find_by_owner_and_name(params[:owner], params[:name])
       authorize! :show, @project
     else
       raise ActiveRecord::RecordNotFound

app/controllers/api/v1/pull_requests_controller.rb

@@ -51,7 +51,7 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
     @pull.build_issue title: pull_params[:title], body: pull_params[:body]
     @pull.from_project            = from_project
     @pull.to_ref, @pull.from_ref  = pull_params[:to_ref], pull_params[:from_ref]
-    @pull.issue.assignee_id       = pull_params[:assignee_id] if can?(:write, @project)
+    @pull.issue.assignee_id       = pull_params[:assignee_id] if policy(@project).write?
     @pull.issue.user, @pull.issue.project = current_user, @project
     @pull.issue.new_pull_request  = true
     render_validation_error(@pull, "#{@pull.class.name} has not been created") && return unless @pull.valid?
@@ -75,7 +75,7 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
 
     if pull_params.present?
       attrs = pull_params.slice(:title, :body)
-      attrs.merge!(assignee_id: pull_params[:assignee_id]) if can?(:write, @project)
+      attrs.merge!(assignee_id: pull_params[:assignee_id]) if policy(@project).write?
 
       if (action = pull_params[:status]) && %w(close reopen).include?(pull_params[:status])
         if @pull.send("can_#{action}?")

app/controllers/api/v1/repositories_controller.rb

@@ -77,7 +77,7 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
 
   def add_project
     if project = Project.where(id: params[:project_id]).first
-      if can?(:read, project)
+      if policy(project).read?
         begin
           @repository.projects << project
           render_json_response @repository, "Project '#{project.id}' has been added to repository successfully"

app/controllers/autocompletes_controller.rb

@@ -29,7 +29,7 @@ class AutocompletesController < ApplicationController
       value:  mb.id,
       label:  "#{mb.id} - #{mb.name}",
       path:   platform_mass_build_path(mb.save_to_platform, mb)
-    } if mb && can?(:show, mb)
+    } if mb && policy(mb).show?
     render json: results.to_json
   end
 

app/controllers/platforms/repositories_controller.rb

@@ -82,7 +82,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
     end
     if params[:project_id].present?
       @project = Project.find(params[:project_id])
-      if can?(:read, @project)
+      if policy(@project).read?
         begin
           @repository.projects << @project
           flash[:notice] = t('flash.repository.project_added')

app/controllers/projects/git/trees_controller.rb

@@ -5,8 +5,8 @@ class Projects::Git::TreesController < Projects::Git::BaseController
   before_action      :redirect_to_project,      only: :show
   before_action      :resolve_treeish,          only: [:branch, :destroy]
 
-  skip_authorize_resource :project,                   only: [:destroy, :restore_branch, :create]
-  before_action -> { authorize!(:write, @project) },  only: [:destroy, :restore_branch, :create]
+  # skip_authorize_resource :project,                 only: [:destroy, :restore_branch, :create]
+  before_action -> { authorize(@project, :write?) },  only: [:destroy, :restore_branch, :create]
 
   def show
     unless request.xhr?

app/controllers/projects/issues_controller.rb

@@ -79,7 +79,7 @@ class Projects::IssuesController < Projects::BaseController
   def create
     @issue.user_id = current_user.id
 
-    unless can?(:write, @project)
+    unless policy(@project).write?
       @issue.assignee_id  = nil
       @issue.labelings    = []
     end
@@ -104,7 +104,7 @@ class Projects::IssuesController < Projects::BaseController
 
       format.json {
         status = 200
-        unless can?(:write, @project)
+        unless policy(@project).write?
           params.delete :update_labels
           [:assignee_id, :labelings, :labelings_attributes].each do |k|
             params[:issue].delete k

app/controllers/projects/pull_requests_controller.rb

@@ -36,7 +36,7 @@ class Projects::PullRequestsController < Projects::BaseController
     authorize! :read, to_project
 
     @pull = to_project.pull_requests.new pull_params
-    @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if can?(:write, to_project)
+    @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if policy(to_project).write?
     @pull.issue.user, @pull.issue.project, @pull.from_project = current_user, to_project, @project
     @pull.from_project_owner_uname  = @pull.from_project.owner.uname
     @pull.from_project_name         = @pull.from_project.name
@@ -136,7 +136,7 @@ class Projects::PullRequestsController < Projects::BaseController
   end
 
   def find_destination_project bang=true
-    project = Project.find_by_owner_and_name_cached params[:to_project]
+    project = Project.find_by_owner_and_name params[:to_project]
     raise ActiveRecord::RecordNotFound if bang && !project
     project || @project.pull_requests.last.try(:to_project) || @project.root
   end

app/controllers/projects/wiki_controller.rb

@@ -262,11 +262,11 @@ class Projects::WikiController < Projects::BaseController
     def show_or_create_page
       if @page
         @content = @page.formatted_data
-        @editable = can?(:write, @project)
+        @editable = policy(@project).write?
         render :show
       elsif file = @wiki.file(@name)
         render text: file.raw_data, content_type: file.mime_type
-      elsif can? :write, @project
+      elsif policy(@project).write?
         @new = true
         render :new
       else

app/controllers/users/users_controller.rb

@@ -4,13 +4,14 @@ class Users::UsersController < Users::BaseController
 
   def allowed
     project = Project.find_by_owner_and_name! params[:project]
-    action = case params[:action_type]
+    pp      = ProjectPolicy.new(@user, project)
+    can     = case params[:action_type]
               when 'git-upload-pack'
-                    then :read
+                pp.read?
               when 'git-receive-pack'
-                    then :write
+                pp.write?
               end
-    render inline: (!@user.access_locked? && Ability.new(@user).can?(action, project)).to_s
+    render inline: (!@user.access_locked? && can).to_s
   end
 
   def check

app/helpers/markdown_helper.rb

@@ -153,7 +153,7 @@ module MarkdownHelper
   end
 
   def reference_issue(identifier)
-    if issue = Issue.find_by_hash_tag(identifier, current_ability, @project)
+    if issue = Issue.find_by_hash_tag(identifier, current_user, @project)
       if issue.pull_request
         title = "#{PullRequest.model_name.human}: #{issue.title}"
         url = project_pull_request_path(issue.project, issue.pull_request)

app/helpers/mass_build_helper.rb

@@ -3,7 +3,7 @@ module MassBuildHelper
   def link_to_list platform, mass_build, which
     link_to t("layout.mass_builds.#{which}"),
       get_list_platform_mass_build_path(platform, mass_build, kind: which, format: :txt),
-      target: "_blank" if can?(:get_list, mass_build)
+      target: "_blank" if policy(mass_build).get_list?
   end
 
   def link_to_mass_build(mass_build)

app/helpers/projects_helper.rb

@@ -17,7 +17,7 @@ module ProjectsHelper
 
   def available_project_to_repositories(project)
     project.project_to_repositories.includes(repository: :platform).select do |p_to_r|
-      p_to_r.repository.publish_without_qa ? true : can?(:local_admin_manage, p_to_r.repository.platform)
+      p_to_r.repository.publish_without_qa ? true : policy(p_to_r.repository.platform).local_admin_manage?
     end.sort_by do |p_to_r|
       "#{p_to_r.repository.platform.name}/#{p_to_r.repository.name}"
     end.map do |p_to_r|
@@ -34,7 +34,7 @@ module ProjectsHelper
   def mass_import_repositories_for_group_select
     groups = {}
     Platform.accessible_by(current_ability, :related).order(:name).each do |platform|
-      next unless can?(:local_admin_manage, platform)
+      next unless policy(platform).local_admin_manage?
       groups[platform.name] = Repository.custom_sort(platform.repositories).map{ |r| [r.name, r.id] }
     end
     groups.to_a

app/jobs/build_lists/dependent_packages_job.rb

@@ -6,13 +6,12 @@ module BuildLists
       build_list  = BuildList.find(build_list_id)
       return if build_list.save_to_platform.personal?
       user        = User.find(user_id)
-      ability     = Ability.new(user)
 
-      return unless ability.can?(:show, build_list)
+      return unless BuildListPolicy.new(user, build_list).show?
 
       arches = Arch.where(id: arch_ids).to_a
       Project.where(id: project_ids).to_a.each do |project|
-        next unless ability.can?(:write, project)
+        next unless ProjectPolicy.new(user, project).write?
 
         build_for_platform  = save_to_platform = build_list.build_for_platform
         save_to_repository  = save_to_platform.repositories.find{ |r| r.projects.exists?(project.id) }
@@ -48,7 +47,7 @@ module BuildLists
             use_extra_tests
           ).each { |field| bl.send("#{field}=", options[field]) }
 
-          ability.can?(:create, bl) && bl.save
+          BuildListPolicy.new(user, bl).create? && bl.save
         end
       end
     end

app/models/build_script.rb

@@ -57,7 +57,7 @@ class BuildScript < ActiveRecord::Base
 
   def attach_project
     if @project_name.present?
-      self.project = Project.find_by_owner_and_name_cached(@project_name)
+      self.project = Project.find_by_owner_and_name(@project_name)
     end
   end
 

app/models/comment.rb

@@ -155,7 +155,7 @@ class Comment < ActiveRecord::Base
 
     elements.each do |element|
       element[1].scan(ISSUES_REGEX).each do |hash|
-        issue = Issue.find_by_hash_tag hash, current_ability, item.project
+        issue = Issue.find_by_hash_tag hash, linker, item.project
         next unless issue
         # dont create link to the same issue
         next if opts[:created_from_issue_id] == issue.id

app/models/concerns/project/finders.rb

@@ -48,21 +48,17 @@ module Project::Finders
     #
     # Returns Project record.
     # Raises ActiveRecord::RecordNotFound if nothing was found.
-    def find_by_owner_and_name_cached(first, last = nil)
-      Rails.cache.fetch(['Project.find_by_owner_and_name', first, last]) do
-        find_by_owner_and_name(first, last)
-      end
-    end
-
     def find_by_owner_and_name(first, last = nil)
       arr = first.try(:split, '/') || []
       arr = (arr << last).compact
       return nil if arr.length != 2
-      where(owner_uname: arr.first, name: arr.last).first || by_owner_and_name(*arr).first
+      Rails.cache.fetch(['Project.find_by_owner_and_name', arr.first, arr.last]) do
+        find_by(owner_uname: arr.first, name: arr.last)
+      end || by_owner_and_name(*arr).first
     end
 
     def find_by_owner_and_name!(first, last = nil)
-      find_by_owner_and_name_cached(first, last) or raise ActiveRecord::RecordNotFound
+      find_by_owner_and_name(first, last) or raise ActiveRecord::RecordNotFound
     end
   end
 

app/models/issue.rb

@@ -104,14 +104,14 @@ class Issue < ActiveRecord::Base
     recipients
   end
 
-  def self.find_by_hash_tag(hash_tag, current_ability, project)
+  def self.find_by_hash_tag(hash_tag, current_user, project)
     hash_tag =~ HASH_TAG_REGEXP
     owner_uname   = Regexp.last_match[1].presence || Regexp.last_match[2].presence || project.owner.uname
     project_name  = Regexp.last_match[1] ? Regexp.last_match[2] : project.name
     serial_id     = Regexp.last_match[3]
-    project       = Project.find_by_owner_and_name_cached(owner_uname.chomp('/'), project_name)
+    project       = Project.find_by_owner_and_name(owner_uname.chomp('/'), project_name)
     return nil unless project
-    return nil unless current_ability.can? :show, project
+    return nil unless ProjectPolicy.new(current_user, project).show?
     project.issues.where(serial_id: serial_id).first
   end
 

app/models/mass_build.rb

@@ -90,8 +90,6 @@ class MassBuild < ActiveRecord::Base
     return unless start
     # later with resque
     arches_list     = arch_names ? Arch.where(name: arch_names.split(', ')) : Arch.all
-    current_ability = Ability.new(user)
-
     projects_list.lines.each do |name|
       next if name.blank?
       name.chomp!; name.strip!
@@ -100,7 +98,7 @@ class MassBuild < ActiveRecord::Base
         begin
           return if self.reload.stop_build
           # Ensures that user has rights to create a build_list
-          next unless current_ability.can?(:write, project)
+          next unless ProjectPolicy.new(user, project).write?
           increase_rt = increase_release_tag?
           arches_list.each do |arch|
             rep_id = (project.repository_ids & save_to_platform.repository_ids).first

app/models/platform.rb

@@ -272,8 +272,7 @@ class Platform < ActiveRecord::Base
       return false  if token.blank?
       return true   if platform.tokens.by_active.where(authentication_token: token).exists?
       user = User.find_by(authentication_token: token)
-      current_ability = Ability.new(user)
-      user && current_ability.can?(:show, platform) ? true : false
+      !!(user && PlatformPolicy.new(user, platform).show?)
     end
   end
 

app/policies/application_policy.rb

@@ -52,15 +52,6 @@ class ApplicationPolicy
     def resolve
       scope
     end
-
-    # Public: Get user's group ids.
-    #
-    # Returns the Array of group ids.
-    def user_group_ids
-      Rails.cache.fetch(['ApplicationPolicy#user_group_ids', user.id]) do
-        user.group_ids
-      end
-    end
   end
 
   protected
@@ -114,4 +105,54 @@ class ApplicationPolicy
     user.role == 'banned'
   end
 
+  # Private: Check if provided user is at least record admin.
+  #
+  # Returns true if he is, false otherwise.
+  def local_admin?
+    best_role == 'admin'
+  end
+
+  # Private: Check if provided user is at least record reader.
+  #
+  # Returns true if he is, false otherwise.
+  def local_reader?
+    %w(reader writer admin).include?(best_role)
+  end
+
+  # Private: Check if provided user is at least record writer.
+  #
+  # Returns true if he is, false otherwise.
+  def local_writer?
+    %w(writer admin).include?(best_role)
+  end
+
+  # Private: Check if provided user is record owner.
+  #
+  # Returns true if he is, false otherwise.
+  def owner?
+    (
+      record.owner_type == 'User'  && record.owner_id == user.id
+    ) || (
+      record.owner_type == 'Group' && user_group_ids.include?(record.owner_id)
+    )
+  end
+
+  # Private: Get the best role of user for record.
+  #
+  # Returns the String role or nil.
+  def best_role
+    Rails.cache.fetch(['ApplicationPolicy#best_role', record, user]) do
+      user.best_role(record)
+    end
+  end
+
+  # Public: Get user's group ids.
+  #
+  # Returns the Array of group ids.
+  def user_group_ids
+    Rails.cache.fetch(['ApplicationPolicy#user_group_ids', user.id]) do
+      user.group_ids
+    end
+  end
+
 end

app/policies/platform_policy.rb

@@ -26,7 +26,8 @@ class PlatformPolicy < ApplicationPolicy
   class Scope < Scope
 
     def related
-      scope.where <<-SQL, { user_id: user.id, user_group_ids: user_group_ids, platform_ids: related_platform_ids }
+      policy = Pundit.policy!(user_context, :platform)
+      scope.where <<-SQL, { user_id: user.id, user_group_ids: policy.user_group_ids, platform_ids: related_platform_ids }
         (
           platforms.id IN (:platform_ids)
         ) OR (
@@ -46,17 +47,4 @@ class PlatformPolicy < ApplicationPolicy
     end
   end
 
-  protected
-
-  def owner?
-    record.owner == user ||
-    record.owner.is_a?(Group) && user_group_ids.include?(record.owner_id)
-  end
-
-  def local_admin?
-    Rails.cache.fetch(['PlatformPolicy#local_admin?', record, user]) do
-      user.best_role(record) == 'admin'
-    end
-  end
-
 end

app/policies/project_policy.rb

@@ -1,3 +1,28 @@
 class ProjectPolicy < ApplicationPolicy
 
+  def index?
+    true
+  end
+
+  def show?
+    return true if record.public?
+  end
+
+  # for grack
+  def write?
+    local_writer?
+  end
+
+  def read?
+    show?
+  end
+
+  def archive?
+    show?
+  end
+
+  def fork?
+    show?
+  end
+
 end

app/presenters/comment_presenter.rb

@@ -60,12 +60,12 @@ class CommentPresenter < ApplicationPresenter
     res = [ link_to(content_tag(:i, nil, class: 'fa fa-link'),
                     link_to_comment,
                     class: klass).html_safe ]
-    if controller.can? :update, @comment
+    if controller.policy(@comment).update?
       res << link_to(content_tag(:i, nil, class: 'fa fa-edit'),
                      "#update-comment#{comment.id}",
                      'ng-click' => "commentsCtrl.toggleEditForm(#{comment_id})" ).html_safe
     end
-    if controller.can? :destroy, @comment
+    if controller.policy(@comment).destroy?
       res << link_to(content_tag(:i, nil, class: 'fa fa-close'),
                      '',
                      'ng-click' => "commentsCtrl.remove(#{comment_id})").html_safe

app/views/admin/_register_requests/index.html.haml

@@ -25,9 +25,9 @@
         %td= request.created_at
         %td
           - links = []
-          - if can? :approve, request
+          - if policy(request).approve?
             - links << link_to(t("layout.approve"), approve_admin_register_request_path(request))
-          - if can? :reject, request
+          - if policy(request).reject?
             - links << link_to(t("layout.reject"), reject_admin_register_request_path(request))
           - if request.token
             - links << link_to('Link', new_user_registration_url(invitation_token: request.token))

app/views/admin/_users/_sidebar.html.haml

@@ -3,7 +3,7 @@
     .bordered
       = link_to t("layout.users.list_header"), admin_users_path, class: 'button'
   .bordered
-    - if can? :create, User.new
+    - if policy(:user).create?
       = link_to t("layout.users.new"), new_admin_user_path(system: @filter == 'system'), class: 'button'
     %h3= t("layout.users.filter_header")
     %table

app/views/admin/_users/_users_ajax.json.jbuilder

@@ -1,14 +1,14 @@
 users = @users.map do |user|
   link_block = [
-    (link_to t('layout.edit'), edit_admin_user_path(user) if can?(:edit, user) && !@system_list),
-    (link_to t('layout.users.reset_token'), reset_auth_token_admin_user_path(user), method: :put, data: { confirm: t('layout.users.confirm_reset_token') } if can?(:edit, user) && @system_list),
-    (link_to t('layout.delete'), admin_user_path(user), method: :delete, data: { confirm: t('layout.users.confirm_delete') } if can? :destroy, user)
+    (link_to t('layout.edit'), edit_admin_user_path(user) if policy(user).edit? && !@system_list),
+    (link_to t('layout.users.reset_token'), reset_auth_token_admin_user_path(user), method: :put, data: { confirm: t('layout.users.confirm_reset_token') } if policy(user).edit? && @system_list),
+    (link_to t('layout.delete'), admin_user_path(user), method: :delete, data: { confirm: t('layout.users.confirm_delete') } if policy(user).destroy?
   ].compact.join(' | ').html_safe
 
   if !@system_list
     [
       user.name,
-      (can?(:read, user) ? link_to(user.uname, user) : user.uname),
+      (policy(user).read? ? link_to(user.uname, user) : user.uname),
       user.email,
       user.created_at.to_date,
       content_tag(:span, user.role, style: user.access_locked? ? 'background: #FEDEDE' : ''),

app/views/groups/base/_submenu.html.slim

@@ -15,9 +15,9 @@
       / Collect the nav links, forms, and other content for toggling
       #submenu-navbar-collapse.collapse.navbar-collapse
         ul.nav.navbar-nav.left-border
-          - if can? :edit, @group
+          - if policy(@group).edit?
             li class=('active' if act == :edit && contr == :profile)
               = link_to t('layout.groups.edit'), edit_group_path(@group)
-          - if can? :manage_members, @group
+          - if policy(@group).manage_members?
             li class=('active' if act == :index && contr == :members)
               = link_to t('layout.groups.edit_members'), group_members_path(@group)

app/views/groups/profile/edit.html.slim

@@ -13,7 +13,7 @@
 
       = render 'form', f: f
 
-  - if can? :destroy, @group
+  - if policy(@group).destroy?
     .row
       hr
       .alert.alert-danger
@@ -23,19 +23,3 @@
         method: :delete,
         data: { confirm: t("layout.groups.confirm_delete") },
         class: 'btn btn-danger'
-
-
-/ = form_for @group, url: profile_group_path(@group) do |f|
-/   = render "form", f: f
-
-/ .hr
-/ .groups-profile= image_tag('code.png')
-/ .groups-profile= link_to t("layout.groups.public_profile"), @group
-/ .both
-/ .hr
-/ .leftside= t("layout.groups.delete_warning")
-/ .rightside
-/   = link_to t("layout.delete"), profile_group_path(@group), method: :delete, data: { confirm: t("layout.groups.confirm_delete") }, class: 'button' if can? :destroy, @group
-/ .both
-
-/ - content_for :sidebar, render('sidebar')

app/views/home/activity.json.jbuilder

@@ -15,7 +15,7 @@ json.feed do
       end if user
 
       project_name_with_owner = "#{item.data[:project_owner]}/#{item.data[:project_name]}"
-      @project = Project.find_by_owner_and_name_cached(item.data[:project_owner], item.data[:project_name])
+      @project = Project.find_by_owner_and_name(item.data[:project_owner], item.data[:project_name])
 
       json.project_name_with_owner project_name_with_owner
       json.partial! item.partial, item: item, project_name_with_owner: project_name_with_owner

app/views/layouts/menu/_bottom.html.haml

@@ -20,7 +20,7 @@
   %li
     = image_tag 'square.png'
     = link_to t('bottom_menu.developer_api'), t('bottom_menu.developer_api_url')
-  -if pr = Project.find_by_owner_and_name_cached('abf/abf-ideas')
+  -if pr = Project.find_by_owner_and_name('abf/abf-ideas')
     %li
       = image_tag 'square.png'
       = link_to t('bottom_menu.abf_ideas'), project_issues_url(pr)

app/views/layouts/menu/_new_bottom.html.haml

@@ -13,7 +13,7 @@
     %li= link_to t('bottom_menu.support'), contact_url
     %li ·
     %li= link_to t('bottom_menu.developer_api'), t('bottom_menu.developer_api_url')
-    - if pr = Project.find_by_owner_and_name_cached('abf/abf-ideas')
+    - if pr = Project.find_by_owner_and_name('abf/abf-ideas')
       %li ·
       %li= link_to t('bottom_menu.abf_ideas'), project_issues_url(pr)
     %li ·

app/views/layouts/menu/_top.html.haml

@@ -1,7 +1,7 @@
 - namespace = which_menu == 'admins_menu' ? 'admin_' : ''
 %ul
   - (collection = t which_menu).each do |base, title|
-    - if can? :index, base.to_s.classify.constantize
+    - if policy(base).index?
       %li= link_to title, send(:"#{namespace}#{base}_path"), class: top_menu_class(base)
   - if current_user.try(:admin?) and which_menu == 'top_menu'
     %li= link_to t('admins_menu_header'), admin_root_path, class: top_menu_class('admin')

app/views/platforms/contents/index.html.slim

@@ -32,7 +32,7 @@
         li.active[ ng-repeat='fold in folders' ng-show='$last && !$first' ] {{fold.name}}
     .clearfix
 
-    - can_remove = can? :remove_file, @platform
+    - can_remove = policy(@platform).remove_file?
     table.table ng-hide='processing'
       tbody
 

app/views/platforms/key_pairs/_list.html.slim

@@ -13,6 +13,6 @@ table.table.table-striped
           td= repository.key_pair.key_id
           td= link_to repository.key_pair.user.fullname, user_path(repository.key_pair.user)
           td.buttons
-            - if can? :destroy, repository.key_pair
+            - if policy(repository.key_pair).destroy?
               = link_to platform_key_pair_path(@platform, repository.key_pair), method: :delete, data: { confirm: t("layout.key_pairs.confirm_delete") } do
                 span.glyphicon.glyphicon-remove

app/views/platforms/key_pairs/index.html.slim

@@ -3,7 +3,7 @@
 
 .container.col-md-offset-2.col-md-8
   .row
-    - if can? :edit, @platform
+    - if policy(@platform).edit?
       = render 'new'
       hr
     = render 'list'

app/views/platforms/mass_builds/index.html.slim

@@ -2,7 +2,7 @@
 
 .col-xs-12.col-md-10.col-md-offset-1
   .row
-    - if can? :create, @platform.mass_builds.build
+    - if policy(@platform.mass_builds.build).create?
       a.btn.btn-primary href=new_platform_mass_build_path(@platform)
         =  t('layout.mass_builds.new')
       hr

app/views/platforms/mass_builds/show.html.slim

@@ -128,7 +128,7 @@
           = link_to_list @platform, @mass_build, 'success_builds_list'
 
     .buttons_block
-      - if can?(:publish, @mass_build)
+      - if policy(@mass_build).publish?
         - unless @mass_build.auto_publish_status == BuildList::AUTO_PUBLISH_STATUS_DEFAULT
           = link_to t('layout.mass_builds.publish_success'),
             publish_platform_mass_build_path(@platform, @mass_build.id),
@@ -142,14 +142,14 @@
           data:   { confirm: t("layout.confirm") },
           class:  'btn btn-warning'
         hr
-      - if can?(:cancel, @mass_build)
+      - if policy(@mass_build).cancel?
         = link_to t('layout.cancel'),
           cancel_platform_mass_build_path(@platform, @mass_build.id),
           method: :post,
           class:  'btn btn-danger',
           data:   { confirm: t('layout.mass_builds.cancel_confirm') }
         hr
-      - if can? :create, @mass_build
+      - if policy(@mass_build).create?
         = link_to t('layout.mass_builds.recreate'),
           new_platform_mass_build_path(@platform, mass_build_id: @mass_build.id),
           class: 'btn btn-primary'

app/views/platforms/platforms/_form.html.slim

@@ -26,7 +26,7 @@
 
 - if %w(edit update).include? controller.action_name
 
-  - if can? :change_visibility, @platform
+  - if policy(@platform).change_visibility?
     dl.dl-horizontal
       dt
         = t('activerecord.attributes.platform.visibility')

app/views/platforms/platforms/edit.html.slim

@@ -8,7 +8,7 @@
     hr
   .row
 
-    - if can? :regenerate_metadata, @platform
+    - if policy(@platform).regenerate_metadata?
       h4= t('layout.platforms.metadata')
 
       table.table
@@ -43,7 +43,7 @@
                 class:  'btn btn-xs btn-warning'
 
 
-    - if can? :destroy, @platform
+    - if policy(@platform).destroy?
       hr
       p
         = t("layout.platforms.delete_warning")
@@ -53,7 +53,7 @@
         data:   { confirm: t("layout.platforms.confirm_delete") },
         class:  'btn btn-danger'
 
-    - if can? :clear, @platform
+    - if policy(@platform).clear?
       p
         = t("layout.repositories.clear_warning")
       = link_to t("layout.repositories.clear"),

app/views/platforms/product_build_lists/_product_build_list.html.slim

@@ -13,7 +13,7 @@ tr
     a href=platform_product_path(platform, product)
       = pbl.product.name
   td.text-center
-    - if can?(:destroy, pbl) && pbl.can_destroy?
+    - if policy(pbl).destroy? && pbl.can_destroy?
       = link_to platform_product_product_build_list_path(platform, product, pbl), method: :delete, data: { confirm: t('layout.confirm') } do
         span.glyphicon.glyphicon-remove
 

app/views/platforms/product_build_lists/show.html.slim

@@ -94,7 +94,7 @@
     .col-md-6
       | {{pbl.notified_at}}
 
-  - if can?(:update, pbl)
+  - if policy(pbl).update?
     .row ng-show="pbl.status == #{ ProductBuildList::BUILD_COMPLETED }"
       .col-md-6
         b
@@ -114,7 +114,7 @@
 
   .row
     hr
-    - if can?(:cancel, pbl)
+    - if policy(pbl).cancel?
       a.btn.btn-warning[
           href=cancel_platform_product_product_build_list_path(pbl.product.platform, pbl.product, pbl)
           data-method   = 'put'
@@ -123,7 +123,7 @@
         = t('layout.build_lists.cancel')
       |  
 
-    - if can?(:destroy, pbl)
+    - if policy(pbl).destroy?
       a.btn.btn-danger[
           href=platform_product_product_build_list_path(pbl.product.platform, pbl.product, pbl)
           data-method   = 'delete'

app/views/platforms/products/_list.html.slim

@@ -9,7 +9,7 @@ table.table.table-striped
         td
           = link_to product.name, platform_product_path(@platform, product)
         td
-          - if can? :destroy, product
+          - if policy(product).destroy?
             a[href          = platform_product_path(@platform, product)
               data-method   = 'delete'
               data-confirm  = t('layout.products.confirm_delete') ]

app/views/platforms/products/index.html.slim

@@ -5,7 +5,7 @@
 .container.col-md-offset-2.col-md-8
   .row
 
-    - if can? :create, @platform.products.build
+    - if policy(@platform.products.build).create?
       a.btn.btn-primary href=new_platform_product_path(@platform)
         = t('layout.products.new')
       hr

app/views/platforms/products/show.html.slim

@@ -17,17 +17,17 @@
 
     p= @product.description
 
-    - if can? :update, @product
+    - if policy(@product).update?
       a.btn.btn-primary href=edit_platform_product_path(@platform, @product)
         = t('layout.edit')
       |  
-    - if can? :destroy, @product
+    - if policy(@product).destroy?
       a.btn.btn-danger[ href          = platform_product_path(@platform, @product)
                         data-method   = 'delete'
                         data-confirm  = t('layout.products.confirm_delete') ]
         = t('layout.delete')
       |  
-    - if can?(:create, @product.product_build_lists.build)
+    - if policy(@product.product_build_lists.build).create?
       a.btn.btn-primary href=new_platform_product_product_build_list_path(@platform, @product)
         = t('layout.products.build')
 

app/views/platforms/repositories/_project.json.jbuilder

@@ -6,7 +6,7 @@ json.projects @projects do |project|
   json.path             project_path(project.name_with_owner)
   json.name             project.name_with_owner
   json.description truncate(project.description || '', length: 60).gsub(/\n|\r|\t/, ' ')
-  if can? :remove_project, @repository
+  if policy(@repository).remove_project?
     json.remove_path       remove_project_platform_repository_path(@platform, @repository, project_id: project.id)
   end
 end

app/views/platforms/repositories/edit.html.slim

@@ -15,7 +15,7 @@
       = render "form", f: f
     hr
 
-  - if can?(:update, @repository)
+  - if policy(@repository).update?
     .row
       h3= t('layout.repositories.extra_actions')
 

app/views/platforms/repositories/index.html.slim

@@ -9,7 +9,7 @@
 = render 'submenu' if params[:platform_id]
 
 .container.col-md-offset-2.col-md-8
-  - if can? :create, @platform.repositories.build
+  - if policy(@platform.repositories.build).create?
     .row
       a.btn.btn-primary href=new_platform_repository_path(@platform)
         = t("layout.repositories.new")

app/views/platforms/repositories/show.html.slim

@@ -16,20 +16,20 @@
 
     p= @repository.description
   .row
-    - if can? :update, @repository
+    - if policy(@repository).update?
       a.btn.btn-primary href=edit_platform_repository_path(@platform, @repository)
         = t("layout.edit")
       |  
-    - if can? :destroy, @repository
+    - if policy(@repository).destroy?
       = link_to t('layout.delete'), platform_repository_path(@platform, @repository), method: 'delete', class: 'btn btn-danger', data: { confirm: t("layout.repositories.confirm_delete") }
   .row
     hr
     h3= t("layout.projects.list_header")
-    - if can? :add_project, @repository
+    - if policy(@repository).add_project?
       a.btn.btn-primary href=add_project_platform_repository_path(@platform, @repository)
         = t('layout.projects.add')
       |  
-    - if can? :remove_project, @repository
+    - if policy(@repository).remove_project?
       a.btn.btn-primary href=remove_project_platform_repository_path(@platform, @repository)
         = t('layout.repositories.mass_delete')
   .row

app/views/projects/base/_repo_block.html.slim

@@ -44,7 +44,7 @@ div[ role = 'navigation' ng-controller = 'ProjectRepoBlockController' ng-cloak =
             i.fa.fa-clipboard.fa-lg
 
         .navbar-text.navbar-left
-          = can?(:write, project) ? t("layout.read_write_access") : t("layout.read_access")
+          = policy(project).write? ? t("layout.read_write_access") : t("layout.read_access")
 
         .navbar-right== render 'branch_select', project: project if act != :tags
 

app/views/projects/base/_settings_menu.html.slim

@@ -2,13 +2,13 @@
 - contr = controller_name.to_sym
 
 ul.nav.nav-tabs.nav-justified.boffset10[ role = 'tablist' ]
-  - if can? :edit, @project
+  - if policy(@project).edit?
     li[ class = "#{(act == :edit && contr == :projects) ? 'active' : ''}" ]
       = link_to t("layout.projects.edit"), edit_project_path(@project)
     li[ class = "#{(act == :sections && contr == :projects) ? 'active' : ''}" ]
       = link_to t("layout.projects.sections"), sections_project_path(@project)
     li[ class = "#{(contr == :hooks) ? 'active' : ''}" ]
       = link_to t("layout.projects.hooks"), project_hooks_path(@project)
-  - if can? :manage_collaborators, @project
+  - if policy(@project).manage_collaborators?
     li[ class = "#{(act == :index && contr == :collaborators) ? 'active' : ''}" ]
       = link_to t("layout.projects.edit_collaborators"), project_collaborators_path(@project)

app/views/projects/base/_submenu.html.slim

@@ -31,7 +31,7 @@
             a href=tree_path(@project, treeish)
               i.fa.fa-files-o>
               = t('project_menu.code')
-          - if @project.is_package and can?(:read, @project => BuildList)
+          - if @project.is_package
             li class=('active' if contr == :build_lists)
               a href=project_build_lists_path(@project)
                 i.fa.fa-cogs>
@@ -51,7 +51,7 @@
               = link_to t('project_menu.wiki'), project_wiki_index_path(@project)
           / li
           /   = link_to t('project_menu.readme'), '#' #pending
-          - if can? :update, @project
+          - if policy(@project).update?
             li class=('active' if act.in?(%i[edit update sections]) && contr == :projects)
               a href=edit_project_path(@project)
                 i.fa.fa-cog>

app/views/projects/build_lists/_buttons.html.slim

@@ -1,4 +1,4 @@
-- if can?(:cancel, build_list)
+- if policy(build_list).cancel?
   = link_to t("layout.build_lists.cancel"),
     cancel_build_list_path(build_list),
     method:       :put,
@@ -31,7 +31,7 @@
   class:       'btn btn-primary roffset5 boffset5',
   'ng-show' => 'build_list.can_publish_into_testing'
 
-- if can?(:reject_publish, build_list)
+- if policy(build_list).reject_publish?
   = link_to t('layout.reject_publish'),
     reject_publish_build_list_path(build_list),
     method:       :put,
@@ -39,7 +39,7 @@
     class:        'btn btn-primary roffset5 boffset5',
     'ng-show' =>  'build_list.can_reject_publish'
 
-- if can?(:rerun_tests, build_list)
+- if policy(build_list).rerun_tests?
   = link_to t('layout.build_lists.rerun_tests'),
     rerun_tests_build_list_path(build_list),
     method:       :put,
@@ -47,7 +47,7 @@
     class:        'btn btn-primary roffset5 boffset5',
     'ng-show' =>  "build_list.status == #{BuildList::TESTS_FAILED} || build_list.status == #{BuildList::SUCCESS}"
 
-- if can?(:create_container, build_list)
+- if policy(build_list).create_container?
   = link_to t('layout.build_lists.create_container'),
     create_container_build_list_path(build_list),
     method:       :put,
@@ -55,7 +55,7 @@
     class:        'btn btn-primary roffset5 boffset5',
     'ng-show' =>  'build_list.can_create_container'
 
-- if can? :create, build_list
+- if policy(build_list).create?
   = link_to t('layout.build_lists.recreate_build_list'), new_project_build_list_path(build_list.project,
     build_list_id: build_list.id),
     class:         'btn btn-primary roffset5 boffset5'

app/views/projects/build_lists/show.json.jbuilder

@@ -12,8 +12,8 @@ json.build_list do
     json.updated_at_utc @build_list.updated_at.strftime('%Y-%m-%d %H:%M:%S UTC')
 
 
-    json.can_publish can?(:publish, @build_list)
-    json.can_publish_into_testing can?(:publish_into_testing, @build_list) && @build_list.can_publish_into_testing?
+    json.can_publish policy(@build_list).publish?
+    json.can_publish_into_testing policy(@build_list).publish_into_testing? && @build_list.can_publish_into_testing?
     json.can_cancel @build_list.can_cancel?
     json.can_create_container @build_list.can_create_container?
     json.can_reject_publish @build_list.can_reject_publish?

app/views/projects/git/base/_choose_fork.html.slim

@@ -15,7 +15,7 @@
           class: 'btn btn-primary center-block',
           'data-loading-text' => t('layout.processing'), id: 'create_fork'
 
-  - if can? :alias, @project
+  - if policy(@project).alias?
     = form_for @project, url: alias_project_path(@project), html: { class: :form, multipart: true, method: :post } do |f|
       = hidden_field_tag :group, owner.id if owner.class == Group
       = hidden_field_tag :fork_name, name, name: 'fork_name'

app/views/projects/git/base/_fork.html.slim

@@ -1,12 +1,12 @@
 = hidden_field_tag :possible_forks_path, possible_forks_project_path(@project)
 
-- if can? :write, @project
+- if policy(@project).write?
   .pull-right.roffset5
     a.btn.btn-primary href=new_project_pull_request_path(@project, treeish: @treeish)
       i.fa.fa-upload>
       = t('projects.pull_requests.show.pull')
 
-- if can? :fork, @project
+- if policy(@project).fork?
   .pull-right#fork-and-edit.roffset5
     a.btn.btn-primary href='#' data-toggle='modal' data-target='#forkModal'
       i.fa.fa-code-fork>
@@ -26,7 +26,7 @@
         .modal-body
           = render 'forks', owner: current_user, name: @project.name
 
-- if @project.is_package && can?(:create, @project.build_lists.new)
+- if @project.is_package && policy(@project.build_lists.new).create?
   .pull-right.roffset5
     - params = { build_list: { project_version: @treeish}}
     a.btn.btn-primary href=new_project_build_list_path(@project, params)

app/views/projects/git/blobs/_top.html.haml

@@ -6,7 +6,7 @@
     \|
   = number_to_human_size @blob.size
 .pull-right
-  - if @blob.render_as == :text && can?(:write, @project) && @branch.present?
+  - if @blob.render_as == :text && policy(@project).write? && @branch.present?
     = link_to "Edit", edit_blob_path(@project, @treeish, @path)
     \|
   - if @blob.render_as == :text && params[:action] != 'show'

app/views/projects/git/trees/_branches.html.slim

@@ -18,7 +18,7 @@
             strong[] {{branch.ref}}
         td
           ul.list-inline.pull-right.boffset_auto
-            - if can?(:write, @project)
+            - if policy(@project).write?
               li ng-hide = 'branch.ref == current_ref || branch.ui_container'
                 a href = '' ng-confirm-click = t('layout.confirm') confirmed-click = 'destroy(branch)'
                   = t('layout.projects.delete_branch')

app/views/projects/issues/_choose_assignee.html.slim

@@ -1,6 +1,6 @@
 == render 'projects/issues/user_container'
 
--if can?(:write, @project)
+- if policy(@project).write?
   .col-md-8
     .panel.panel-info ng-show = 'issueCtrl.toggle_manage_assignee'
       .panel-heading

app/views/projects/issues/_header.html.slim

@@ -5,7 +5,7 @@
     .panel-body
       .pull-left.roffset5
         = image_tag(avatar_url(@issue.user, :medium), alt: 'avatar') if @issue.user
-      - if can? :update, @issue
+      - if policy(@issue).update?
         .pull-right
           a href='#'
             i.fa.fa-edit ng-click='issueCtrl.edit = true'
@@ -30,7 +30,7 @@
         hr
         == render "projects/comments/add", project: @project, commentable: @issue
 
-- if can?(:update, @issue)
+- if policy(@issue).update?
   .offset10 ng-show = 'issueCtrl.edit'
     h3= t('layout.issues.edit_header')
 

app/views/projects/issues/_index_sidebar.html.slim

@@ -14,12 +14,12 @@ ul.nav.nav-pills.nav-stacked
           = "{{'#{kind}.filter.#{kind_filter}' | i18n}}"
 
 - if params[:kind] == 'issues'
-  - if can? :new, @project.issues.new
+  - if policy(@project.issues.new).new?
     hr
     = link_to t('layout.issues.new'), new_project_issue_path(@project), class: 'btn btn-primary'
   hr
 
   = render 'filter_labels', project: @project
 
-  - if can? :write, @project
+  - if policy(@project).write?
     = render 'manage_labels', project: @project

app/views/projects/issues/_select_labels.html.slim

@@ -3,7 +3,7 @@ h4
   i.fa.fa-spinner.fa-spin.pull-right ng-show = 'issueCtrl.processing_issue_labels'
 ul.nav.nav-pills.nav-stacked
   li[ role = 'presentation' ng-repeat = 'label in issueCtrl.labels' ]
-    - if can?(:write, @project)
+    - if policy(@project).write?
       a[ ng-click = 'issueCtrl.toggleLabel(label)'
          ng-style = 'label.style' ]
         .label-flag[ ng-style = 'label.default_style'

app/views/projects/issues/_status_sidebar.html.slim

@@ -2,7 +2,7 @@ h3
   => "#{t('activerecord.attributes.issue.status')}:"
 
   - if @issue.persisted?
-    - can_manage = can?(:update, @issue)
+    - can_manage = policy(@issue).update?
     - if can_manage
       button.btn[ ng-class    = 'issueCtrl.issue_status_class'
                   ng-click    = 'issueCtrl.updateStatus()'

app/views/projects/issues/_user_container.html.slim

@@ -7,7 +7,7 @@
 
   span[ ng-hide = 'issueCtrl.assignee.id' ]= t('layout.issues.no_one_is_assigned')
 
-  -if can?(:write, @project)
+  - if policy(@project).write?
     input.hidden name = 'issue[assignee_id]' ng-value = 'issueCtrl.assignee.id'
     a< href = ''
       i [ class    = 'fa fa-share-square-o boffset10'

app/views/projects/issues/new.html.slim

@@ -4,7 +4,7 @@
 .col-xs-12.col-md-10.col-md-offset-1 ng-controller = 'IssueController as issueCtrl' ng-cloak = true
   = simple_form_for @issue, url: project_issues_path(@project) do |f|
     .row
-      - can_write = can?(:write, @project)
+      - can_write = policy(@project).write?
       - if can_write
         .col-md-3.col-sm-4.offset10
           == render 'select_labels'

app/views/projects/issues/show.html.slim

@@ -11,7 +11,7 @@
   .row
     .col-md-3.col-sm-4.offset10
       == render 'status_sidebar'
-      - if can?(:write, @project)
+      - if policy(@project).write?
         = simple_form_for @issue, url: project_issue_path(@project, @issue) do |f|
           == render 'select_labels'
           == render 'manage_labels'

app/views/projects/projects/_filters.html.haml

@@ -1,10 +1,10 @@
 - if current_user
   %input.form-control{ name: 'search', size: '30', type: 'text', 'ng-model' => 'search',
                        placeholder: t('layout.find_project'), 'ng-change' => 'getProjects()' }
-  - if can?(:create, Project)
+  - if policy(:project).create?
     %hr.offset10
       %p= link_to t('layout.projects.new'), new_project_path, class: 'btn btn-primary'
-      - if can?(:mass_import, Project)
+      - if policy(:project).mass_import?
         %p= link_to t('layout.projects.mass_import'), mass_import_projects_path, class: 'btn btn-primary'
   %hr.offset10
     %h3=t('layout.relations.filters')

app/views/projects/projects/edit.html.slim

@@ -18,6 +18,7 @@
     hr.col-sm-12
     .col-sm-9.col-sm-offset-3
       => t("layout.projects.delete_warning")
+      - if policy(@project).destroy?
         = link_to t("layout.delete"), project_path(@project), method: :delete,
           data: { confirm: t("layout.projects.confirm_delete") },
-        class: 'btn btn-danger' if can? :destroy, @project
+          class: 'btn btn-danger'

app/views/projects/pull_requests/_status.html.slim

@@ -1,4 +1,4 @@
-- if can?(:merge, @pull)
+- if policy(@pull).merge?
   button.btn.btn-primary[ href = '' ng-click = 'pullCtrl.merge()' ng-show = "pullCtrl.pull.status == 'ready'" ]
     = t 'projects.pull_requests.ready'
 
@@ -28,7 +28,7 @@ h5 ng-show = '!pullCtrl.pull.mergeable'
       span am-time-ago='pullCtrl.pull.closed_at'
       | )
 
-- if !@pull.cross_pull? && can?(:write, @project)
+- if !@pull.cross_pull? && policy(@project).write?
   div[ ng-init = "pullCtrl.getBranch('#{@pull.from_ref}')"
        ng-show = "pullCtrl.pull.status == 'closed' || pullCtrl.pull.status == 'merged'" ]
     button.btn.btn-primary[ href     = ''
@@ -41,7 +41,7 @@ h5 ng-show = '!pullCtrl.pull.mergeable'
       = t 'layout.projects.restore_branch'
   .clearfix
 
--if can? :update, @pull
+- if policy(@pull).update?
   button.btn.btn-primary.pull-right[ href     = ''
       ng-click = 'pullCtrl.reopen()'
       ng-show  = "pullCtrl.pull.status == 'closed'" ]

app/views/projects/wiki/compare.html.slim

@@ -17,11 +17,11 @@
             = t('wiki.wiki_history')
       .col-md-6.offset10
         = simple_form_for :project, url: revert_path(@project, @versions.first[0..6], (@versions.size == 1) ? 'prev' : @versions.last[0..6], @name) do |f|
-          - if can? :read, @project
+          - if policy(@project).read?
               a.btn.btn-primary> href=(@name ? history_project_wiki_path(@project, escaped_name) : history_project_wiki_index_path(@project))
                 = t('wiki.back_to_history')
 
-          - if can? :write, @project
+          - if policy(@project).write?
             = f.button :submit, t("wiki.revert_page#{action_name == 'revert' ? '' : 's'}")
 
     hr

app/views/projects/wiki/edit.html.slim

@@ -13,7 +13,7 @@
         h3
           => t('wiki.editing_page')
           strong= @page.name
-      - if can? :read, @project
+      - if policy(@project).read?
         .col-md-4.offset10
             a.btn.btn-primary> href=view_path(@project, escaped_name)
               = t('wiki.view_page')

app/views/projects/wiki/git.html.slim

@@ -18,7 +18,7 @@
           a.navbar-link
             i.fa.fa-clipboard.fa-lg
         .navbar-text.navbar-left
-          = can?(:write, @project) ? t("layout.read_write_access") : t("layout.read_access")
+          = policy(@project).write? ? t("layout.read_write_access") : t("layout.read_access")
 
 
     == render 'git_access_message'

app/views/projects/wiki/pages.html.slim

@@ -6,7 +6,7 @@
   .col-md-2.col-md-offset-1
     == render 'sidebar'
   .col-md-8
-    - if can? :write, @project
+    - if policy(@project).write?
       a.btn.btn-primary href=new_project_wiki_path(@project)
         = t("wiki.new_page")
     hr

app/views/projects/wiki/search.html.slim

@@ -13,7 +13,7 @@
           - @st_query = capture do
             strong= @query
           = raw t("wiki.search_results_for", query: @st_query)
-      - if can? :read, @project
+      - if policy(@project).read?
         .col-md-2.offset10
           a.btn.btn-primary href=project_wiki_index_path(@project)
             = t('wiki.home')

app/views/projects/wiki/show.html.slim

@@ -19,7 +19,7 @@
           - if @editable
             a.btn.btn-primary> href=edit_project_wiki_path(@project, escaped_name)
               = t('wiki.edit_page')
-          - if can? :write, @project
+          - if policy(@project).write?
             a.btn.btn-primary href=new_project_wiki_path(@project)
               = t('wiki.new_page')
     hr

app/views/shared/_feed_message.html.slim

@@ -1,4 +1,4 @@
--if !presenter.is_reference_to_issue || can?(:show, presenter.reference_project)
+-if !presenter.is_reference_to_issue || policy(presenter.reference_project).show?
   .panel.panel-default[ id = (presenter.comment_id? ? presenter.comment_anchor : '') ]
     .panel-body
       .pull-left.roffset5

app/views/shared/_members_table.html.slim

@@ -3,11 +3,11 @@
   table.table.table-striped
     thead
       tr
-        - if can? :remove_members, editable_object
+        - if policy(editable_object).remove_members?
           th
         th
           = t("layout.collaborators.members")
-        - if can? :remove_members, editable_object
+        - if policy(editable_object).remove_members?
           - if update_roles_path
             th.buttons.text-center colspan=3
               = t("layout.collaborators.roles")
@@ -18,7 +18,7 @@
         - actors ||= editable_object.actors
       - members.each do |user|
         tr
-          - if can? :remove_members, editable_object
+          - if policy(editable_object).remove_members?
             td
               = check_box_tag "members[]", user.id
           td
@@ -26,7 +26,7 @@
               = image_tag avatar_url(user), size: '30x30'
             |  
             = link_to user.fullname, user_path(user)
-          - if can? :remove_members, editable_object
+          - if policy(editable_object).remove_members?
             - if update_roles_path
               - actor = actors.find{ |a| a.actor_id == user.id }
               - Relation::ROLES.each_with_index do |role, i|
@@ -52,10 +52,10 @@
                 span.glyphicon.glyphicon-remove
                   |  
 
-  - if can? :remove_members, editable_object
+  - if policy(editable_object).remove_members?
     = submit_tag t('layout.delete'), class: 'btn btn-danger', data: {'disable-with' => t('layout.processing')}
 
-- if can? :add_member, editable_object
+- if policy(editable_object).add_member?
   hr
 
   = simple_form_for :user,  url:      add_member_path,