apply pundit for stories

app/controllers/application_controller.rb

@@ -1,9 +1,11 @@
 class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
+  include Pundit::Authorization
+  alias :current_user :current_member
 
-   protected
+  protected
 
-   def configure_permitted_parameters
-     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
-   end
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
+  end
 end

app/controllers/stories_controller.rb

@@ -17,6 +17,7 @@ class StoriesController < ApplicationController
 
   # GET /stories/1/edit
   def edit
+    authorize @story
   end
 
   # POST /stories

app/policies/application_policy.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :member, :record
+
+  def initialize(member, record)
+    @member = member
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(member, scope)
+      @member = member
+      @scope = scope
+    end
+
+    def resolve
+      raise NotImplementedError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :member, :scope
+  end
+end

app/policies/story_policy.rb

@@ -0,0 +1,9 @@
+class StoryPolicy < ApplicationPolicy
+
+  def edit?
+    (member == record.member) or member.admin?
+  end
+  alias :update? :edit?
+  alias :destroy? :edit?
+
+end