apply pundit for stories

2023-01-15 22:00:26 +02:00 · 2023-01-15 22:00:26 +02:00 · 459cea35e1
commit 459cea35e1
parent b8e14fe6b5
9 changed files with 75 additions and 4 deletions
--- a/2
+++ b/2
@ -49,3 +49,5 @@ group :test do
  gem "selenium-webdriver"
  gem "webdrivers"
 end
+
+gem "pundit", "~> 2.3"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -427,6 +427,7 @@ DEPENDENCIES
  mina
  passenger
  pg (~> 1.1)
+  pundit (~> 2.3)
  rails (~> 7.0)
  ruby2js!
  sassc-rails
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,9 +1,11 @@
 class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?
+  include Pundit::Authorization
+  alias :current_user :current_member

-   protected
+  protected

-   def configure_permitted_parameters
-     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
-   end
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
+  end
 end
--- a/app/controllers/stories_controller.rb
+++ b/app/controllers/stories_controller.rb
@ -17,6 +17,7 @@ class StoriesController < ApplicationController

  # GET /stories/1/edit
  def edit
+    authorize @story
  end

  # POST /stories
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :member, :record
+
+  def initialize(member, record)
+    @member = member
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(member, scope)
+      @member = member
+      @scope = scope
+    end
+
+    def resolve
+      raise NotImplementedError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :member, :scope
+  end
+end
--- a/app/policies/story_policy.rb
+++ b/app/policies/story_policy.rb
@ -0,0 +1,9 @@
+class StoryPolicy < ApplicationPolicy
+
+  def edit?
+    (member == record.member) or member.admin?
+  end
+  alias :update? :edit?
+  alias :destroy? :edit?
+
+end
--- a/app/views/app/views/active_storage/blobs/_blob.html.erb
+++ b/app/views/app/views/active_storage/blobs/_blob.html.erb
--- a/app/views/home/torsten/code/hubfeenix.fi
+++ b/app/views/home/torsten/code/hubfeenix.fi
--- a/config/deploy.rb
+++ b/config/deploy.rb
@ -25,6 +25,8 @@ set :user, 'feenix'          # Username in the server to SSH to.
 set :shared_dirs, fetch(:shared_dirs, []).push('tmp/pids' , 'tmp/sockets' , 'public/uploads')
 set :shared_files, fetch(:shared_files, []).push('config/master.key')

+set :force_migrate , true
+
 # This task is the environment that is loaded for all remote run commands, such as
 # `mina deploy` or `mina rake`.
 task :remote_environment do
@ -53,6 +55,7 @@ task :deploy do
    invoke :'deploy:link_shared_paths'
    invoke :'bundle:install'
    invoke :'rails:assets_precompile'
+    invoke :'rails:db_migrate'
    invoke :'deploy:cleanup'

    on :launch do