apply pundit for stories

2023-01-15 22:00:26 +02:00 · 2023-01-15 22:00:26 +02:00 · 459cea35e1
commit 459cea35e1
parent b8e14fe6b5
9 changed files with 75 additions and 4 deletions
--- a/2
+++ b/2
@ -49,3 +49,5 @@ group :test do
  gem "selenium-webdriver"
  gem "webdrivers"
 end
 gem "pundit", "~> 2.3"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -427,6 +427,7 @@ DEPENDENCIES
  mina
  passenger
  pg (~> 1.1)
  pundit (~> 2.3)
  rails (~> 7.0)
  ruby2js!
  sassc-rails
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,9 +1,11 @@
 class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?
  include Pundit::Authorization
  alias :current_user :current_member
-   protected
+  protected
-   def configure_permitted_parameters
+  def configure_permitted_parameters
-     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
-   end
+  end
 end
--- a/app/controllers/stories_controller.rb
+++ b/app/controllers/stories_controller.rb
@ -17,6 +17,7 @@ class StoriesController < ApplicationController
  # GET /stories/1/edit
  def edit
    authorize @story
  end
  # POST /stories
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@ -0,0 +1,53 @@
 # frozen_string_literal: true
 class ApplicationPolicy
  attr_reader :member, :record
  def initialize(member, record)
    @member = member
    @record = record
  end
  def index?
    false
  end
  def show?
    false
  end
  def create?
    false
  end
  def new?
    create?
  end
  def update?
    false
  end
  def edit?
    update?
  end
  def destroy?
    false
  end
  class Scope
    def initialize(member, scope)
      @member = member
      @scope = scope
    end
    def resolve
      raise NotImplementedError, "You must define #resolve in #{self.class}"
    end
    private
    attr_reader :member, :scope
  end
 end
--- a/app/policies/story_policy.rb
+++ b/app/policies/story_policy.rb
@ -0,0 +1,9 @@
 class StoryPolicy < ApplicationPolicy
  def edit?
    (member == record.member) or member.admin?
  end
  alias :update? :edit?
  alias :destroy? :edit?
 end
--- a/app/views/app/views/active_storage/blobs/_blob.html.erb
+++ b/app/views/app/views/active_storage/blobs/_blob.html.erb
--- a/app/views/home/torsten/code/hubfeenix.fi
+++ b/app/views/home/torsten/code/hubfeenix.fi
--- a/config/deploy.rb
+++ b/config/deploy.rb
@ -25,6 +25,8 @@ set :user, 'feenix'          # Username in the server to SSH to.
 set :shared_dirs, fetch(:shared_dirs, []).push('tmp/pids' , 'tmp/sockets' , 'public/uploads')
 set :shared_files, fetch(:shared_files, []).push('config/master.key')
 set :force_migrate , true
 # This task is the environment that is loaded for all remote run commands, such as
 # `mina deploy` or `mina rake`.
 task :remote_environment do
@ -53,6 +55,7 @@ task :deploy do
    invoke :'deploy:link_shared_paths'
    invoke :'bundle:install'
    invoke :'rails:assets_precompile'
    invoke :'rails:db_migrate'
    invoke :'deploy:cleanup'
    on :launch do