From 0442b3e56cda1fa0c57f1cb5577cbad2263a7c8a Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Tue, 25 Oct 2016 10:45:58 +0800
Subject: [PATCH] deep change to synapse policy - is this ok?

---
 app/policies/synapse_policy.rb | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/app/policies/synapse_policy.rb b/app/policies/synapse_policy.rb
index f3d2c997..800134cf 100644
--- a/app/policies/synapse_policy.rb
+++ b/app/policies/synapse_policy.rb
@@ -16,16 +16,11 @@ class SynapsePolicy < ApplicationPolicy
   end
 
   def create?
-    user.present?
-    # TODO: add validation against whether you can see both topics
+    topic1_show? && topic2_show? && user.present?
   end
 
   def show?
-    if record.defer_to_map.present?
-      map_policy.show?
-    else
-      record.permission == 'commons' || record.permission == 'public' || record.user == user
-    end
+    topic1_show? && topic2_show? && synapse_show?
   end
 
   def update?
@@ -43,7 +38,27 @@ class SynapsePolicy < ApplicationPolicy
   end
 
   # Helpers
+
   def map_policy
     @map_policy ||= Pundit.policy(user, record.defer_to_map)
   end
+
+  def topic1_show?
+    @topic1_policy ||= Pundit.policy(user, record.topic1)
+    @topic1_policy.show?
+  end
+
+  def topic2_show?
+    @topic2_policy ||= Pundit.policy(user, record.topic2)
+    @topic2_policy.show?
+  end
+
+  def synapse_show?
+    if record.defer_to_map.present?
+      map_policy.show?
+    else
+      record.permission == 'commons' || record.permission == 'public' || record.user == user
+    end
+  end
+
 end