story cleanup, form, policy

app/policies/edit_own_policy.rb

@@ -0,0 +1,14 @@
+# allows to edit/detroy own data
+# which can be viewed by anyone
+class EditOwnPolicy < ApplicationPolicy
+  def edit?
+    return true if member.admin?
+    owner?
+  end
+  def owner?
+    member == record.member
+  end
+  alias :update? :edit?
+  alias :destroy? :edit?
+
+end

app/policies/story_policy.rb

@@ -1,4 +1,4 @@
-class StoryPolicy < ApplicationPolicy
+class StoryPolicy < EditOwnPolicy
 
   def edit?
     (member == record.member) or member.admin?