multiple policy errors

2016-10-17 00:50:54 -04:00 · 2016-10-17 00:50:54 -04:00 · 77e17b005f
commit 77e17b005f
parent 332bb2ec08
5 changed files with 16 additions and 12 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -65,6 +65,10 @@ class User < ApplicationRecord
    json
  end
  
+  def all_accessible_maps
+    maps + shared_maps
+  end
+
  def recentMetacodes
    array = []
    self.topics.sort{|a,b| b.created_at <=> a.created_at }.each do |t|
--- a/app/policies/mapping_policy.rb
+++ b/app/policies/mapping_policy.rb
@ -8,11 +8,11 @@ class MappingPolicy < ApplicationPolicy
      # a private topic, since you can't see the private topic anyways
      visible = %w(public commons)
      permission = 'maps.permission IN (?)'
-      if user
-        scope.joins(:map).where(permission, visible).or(scope.joins(:map).where(user_id: user.id))
-      else
-        scope.joins(:map).where(permission, visible)
-      end
+      return scope.joins(:map).where(permission, visible) unless user
+
+      scope.joins(:map).where(permission, visible)
+           .or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
+           .or(scope.joins(:map).where('maps.user_id = ?', user.id))
    end
  end

--- a/app/policies/message_policy.rb
+++ b/app/policies/message_policy.rb
@ -4,11 +4,11 @@ class MessagePolicy < ApplicationPolicy
    def resolve
      visible = %w(public commons)
      permission = 'maps.permission IN (?)'
-      if user
-        scope.joins(:maps).where(permission + ' OR maps.user_id = ?', visible, user.id)
-      else
-        scope.where(permission, visible)
-      end
+      return scope.joins(:map).where(permission, visible) unless user
+
+      scope.joins(:map).where(permission, visible)
+           .or(scope.joins(:map).where('maps.id IN (?)', user.shared_maps.map(&:id)))
+           .or(scope.joins(:map).where('maps.user_id = ?', user.id))
    end
  end

--- a/app/policies/synapse_policy.rb
+++ b/app/policies/synapse_policy.rb
@ -7,7 +7,7 @@ class SynapsePolicy < ApplicationPolicy
      return scope.where(permission: visible) unless user

      scope.where(permission: visible)
-           .or(scope.where(defer_to_map_id: user.shared_maps.map(&:id)))
+           .or(scope.where(defer_to_map_id: user.all_accessible_maps.map(&:id)))
           .or(scope.where(user_id: user.id))
    end
  end
--- a/app/policies/topic_policy.rb
+++ b/app/policies/topic_policy.rb
@ -6,7 +6,7 @@ class TopicPolicy < ApplicationPolicy
      return scope.where(permission: visible) unless user

      scope.where(permission: visible)
-           .or(scope.where(defer_to_map_id: user.shared_maps.map(&:id)))
+           .or(scope.where(defer_to_map_id: user.all_accessible_maps.map(&:id)))
           .or(scope.where(user_id: user.id))
    end
  end