From 459cea35e164918dd55d2f15c9204d4bf2170767 Mon Sep 17 00:00:00 2001
From: Torsten <torsten@rubydesign.fi>
Date: Sun, 15 Jan 2023 22:00:26 +0200
Subject: [PATCH] apply pundit for stories

---
 Gemfile                                       |  2 +
 Gemfile.lock                                  |  1 +
 app/controllers/application_controller.rb     | 10 ++--
 app/controllers/stories_controller.rb         |  1 +
 app/policies/application_policy.rb            | 53 +++++++++++++++++++
 app/policies/story_policy.rb                  |  9 ++++
 .../views/active_storage/blobs/_blob.html.erb |  0
 app/views/home/torsten/code/hubfeenix.fi      |  0
 config/deploy.rb                              |  3 ++
 9 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 app/policies/application_policy.rb
 create mode 100644 app/policies/story_policy.rb
 delete mode 100644 app/views/app/views/active_storage/blobs/_blob.html.erb
 delete mode 100644 app/views/home/torsten/code/hubfeenix.fi

diff --git a/Gemfile b/Gemfile
index 6ad5dfa..39d4f08 100644
--- a/Gemfile
+++ b/Gemfile
@@ -49,3 +49,5 @@ group :test do
   gem "selenium-webdriver"
   gem "webdrivers"
 end
+
+gem "pundit", "~> 2.3"
diff --git a/Gemfile.lock b/Gemfile.lock
index 9ddda49..a293d6f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -427,6 +427,7 @@ DEPENDENCIES
   mina
   passenger
   pg (~> 1.1)
+  pundit (~> 2.3)
   rails (~> 7.0)
   ruby2js!
   sassc-rails
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b13688d..e5a826c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,9 +1,11 @@
 class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
+  include Pundit::Authorization
+  alias :current_user :current_member
 
-   protected
+  protected
 
-   def configure_permitted_parameters
-     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
-   end
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
+  end
 end
diff --git a/app/controllers/stories_controller.rb b/app/controllers/stories_controller.rb
index 6af667e..fdf670d 100644
--- a/app/controllers/stories_controller.rb
+++ b/app/controllers/stories_controller.rb
@@ -17,6 +17,7 @@ class StoriesController < ApplicationController
 
   # GET /stories/1/edit
   def edit
+    authorize @story
   end
 
   # POST /stories
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
new file mode 100644
index 0000000..0b2edd4
--- /dev/null
+++ b/app/policies/application_policy.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :member, :record
+
+  def initialize(member, record)
+    @member = member
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(member, scope)
+      @member = member
+      @scope = scope
+    end
+
+    def resolve
+      raise NotImplementedError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :member, :scope
+  end
+end
diff --git a/app/policies/story_policy.rb b/app/policies/story_policy.rb
new file mode 100644
index 0000000..53b3bb4
--- /dev/null
+++ b/app/policies/story_policy.rb
@@ -0,0 +1,9 @@
+class StoryPolicy < ApplicationPolicy
+
+  def edit?
+    (member == record.member) or member.admin?
+  end
+  alias :update? :edit?
+  alias :destroy? :edit?
+
+end
diff --git a/app/views/app/views/active_storage/blobs/_blob.html.erb b/app/views/app/views/active_storage/blobs/_blob.html.erb
deleted file mode 100644
index e69de29..0000000
diff --git a/app/views/home/torsten/code/hubfeenix.fi b/app/views/home/torsten/code/hubfeenix.fi
deleted file mode 100644
index e69de29..0000000
diff --git a/config/deploy.rb b/config/deploy.rb
index 3f1f801..c2d65be 100644
--- a/config/deploy.rb
+++ b/config/deploy.rb
@@ -25,6 +25,8 @@ set :user, 'feenix'          # Username in the server to SSH to.
 set :shared_dirs, fetch(:shared_dirs, []).push('tmp/pids' , 'tmp/sockets' , 'public/uploads')
 set :shared_files, fetch(:shared_files, []).push('config/master.key')
 
+set :force_migrate , true
+
 # This task is the environment that is loaded for all remote run commands, such as
 # `mina deploy` or `mina rake`.
 task :remote_environment do
@@ -53,6 +55,7 @@ task :deploy do
     invoke :'deploy:link_shared_paths'
     invoke :'bundle:install'
     invoke :'rails:assets_precompile'
+    invoke :'rails:db_migrate'
     invoke :'deploy:cleanup'
 
     on :launch do