Allow viewing/editing collaborative content

This commit is contained in:
Andrew Brown 2017-08-15 04:47:30 +02:00
parent 8be6113fbe
commit 4b57069fa6
6 changed files with 33 additions and 13 deletions

View File

@ -3,13 +3,16 @@ class ContentAuthorizer < ApplicationAuthorizer
[
resource.user_id == user.id,
resource.respond_to?(:privacy) && resource.privacy == 'public',
resource.respond_to?(:universe) && resource.universe.present? && resource.universe.privacy == 'public'
resource.respond_to?(:universe) && resource.universe.present? && resource.universe.privacy == 'public',
resource.respond_to?(:universe) && resource.universe && user.contributable_universes.pluck(:id).include?(resource.universe.id)
].any?
end
def updatable_by? user
#todo: Collaboration
resource.user_id == user.id
[
resource.user_id == user.id,
resource.respond_to?(:universe) && resource.universe && user.contributable_universes.pluck(:id).include?(resource.universe.id)
].any?
end
def deletable_by? user

View File

@ -3,19 +3,23 @@ class UniverseCoreContentAuthorizer < CoreContentAuthorizer
if BillingPlan.find_by(stripe_plan_id: 'free-for-life')
return true if user.selected_billing_plan_id == BillingPlan.find_by(stripe_plan_id: 'free-for-life').id
end
user.universes.count < (user.active_billing_plans.map(&:universe_limit).max || 5)
end
def readable_by? user
[
resource.user_id == user.id,
resource.privacy == 'public'
].any?
resource.privacy == 'public',
user.contributable_universes.pluck(:id).include?(resource.id)
].any?
end
def updatable_by? user
resource.user_id == user.id
[
resource.user_id == user.id,
user.contributable_universes.pluck(:id).include?(resource.id)
].any?
end
def deletable_by? user

View File

@ -3,8 +3,8 @@ module HasOwnership
extend ActiveSupport::Concern
included do
before_action :require_ownership_or_sharing, only: [:show]
before_action :require_ownership, only: [:edit, :update, :destroy]
#before_action :require_ownership_or_sharing, only: [:show]
#before_action :require_ownership, only: [:edit, :update, :destroy]
end
module ClassMethods

View File

@ -1,5 +1,5 @@
class ContentController < ApplicationController
include HasOwnership
#include HasOwnership
before_action :authenticate_user!, only: [:index, :new, :create, :edit, :update, :destroy]
@ -139,7 +139,15 @@ class ContentController < ApplicationController
end
end
if @content.update_attributes(content_params)
if @content.user == current_user
update_success = @content.update_attributes(content_params)
else
# Exclude fields only the real owner can edit
#todo move field list somewhere when it grows
update_success = @content.update_attributes(content_params.except!(:universe_id))
end
if update_success
successful_response(@content, t(:update_success, model_name: humanized_model_name))
else
failed_response('edit', :unprocessable_entity)

View File

@ -1,7 +1,7 @@
<%
editing = defined?(editing) && editing
creating = defined?(creating) && creating
personal_content = (user_signed_in? && current_user.id == @content.user_id) || @content.new_record?
personal_content = @content.updatable_by?(current_user || User.new) || @content.new_record?
%>
<%# Primary FAB %>

View File

@ -70,7 +70,12 @@
<% elsif field.name == 'universe_id' %>
<div class="input-field">
<%= f.label field.name, field.label %><br />
<%= f.select field.name, current_user.universes.sort_by(&:name).map { |u| [u.name, u.id] }.compact, include_blank: true, selected: (f.object.persisted? ? f.object.universe_id : session[:universe_id]) %>
<% if current_user == f.object.user %>
<%= f.select field.name, current_user.universes.sort_by(&:name).map { |u| [u.name, u.id] }.compact, include_blank: true, selected: (f.object.persisted? ? f.object.universe_id : session[:universe_id]) %>
<% else %>
<br />
<%= link_to(f.object.universe.name, f.object.universe) if f.object.universe %>
<% end %>
</div>
<% elsif field.name == 'attribute_category_id' %>