From 4b57069fa63b191d63e4bf0bb07be0e2ec441b8c Mon Sep 17 00:00:00 2001 From: Andrew Brown Date: Tue, 15 Aug 2017 04:47:30 +0200 Subject: [PATCH] Allow viewing/editing collaborative content --- app/authorizers/content_authorizer.rb | 9 ++++++--- app/authorizers/universe_core_content_authorizer.rb | 12 ++++++++---- app/controllers/concerns/has_ownership.rb | 4 ++-- app/controllers/content_controller.rb | 12 ++++++++++-- .../display/_floating_action_buttons.html.erb | 2 +- app/views/content/form/_panel.html.erb | 7 ++++++- 6 files changed, 33 insertions(+), 13 deletions(-) diff --git a/app/authorizers/content_authorizer.rb b/app/authorizers/content_authorizer.rb index 33f1abd7..96cc478c 100644 --- a/app/authorizers/content_authorizer.rb +++ b/app/authorizers/content_authorizer.rb @@ -3,13 +3,16 @@ class ContentAuthorizer < ApplicationAuthorizer [ resource.user_id == user.id, resource.respond_to?(:privacy) && resource.privacy == 'public', - resource.respond_to?(:universe) && resource.universe.present? && resource.universe.privacy == 'public' + resource.respond_to?(:universe) && resource.universe.present? && resource.universe.privacy == 'public', + resource.respond_to?(:universe) && resource.universe && user.contributable_universes.pluck(:id).include?(resource.universe.id) ].any? end def updatable_by? user - #todo: Collaboration - resource.user_id == user.id + [ + resource.user_id == user.id, + resource.respond_to?(:universe) && resource.universe && user.contributable_universes.pluck(:id).include?(resource.universe.id) + ].any? end def deletable_by? user diff --git a/app/authorizers/universe_core_content_authorizer.rb b/app/authorizers/universe_core_content_authorizer.rb index 121cafac..35856984 100644 --- a/app/authorizers/universe_core_content_authorizer.rb +++ b/app/authorizers/universe_core_content_authorizer.rb @@ -3,19 +3,23 @@ class UniverseCoreContentAuthorizer < CoreContentAuthorizer if BillingPlan.find_by(stripe_plan_id: 'free-for-life') return true if user.selected_billing_plan_id == BillingPlan.find_by(stripe_plan_id: 'free-for-life').id end - + user.universes.count < (user.active_billing_plans.map(&:universe_limit).max || 5) end def readable_by? user [ resource.user_id == user.id, - resource.privacy == 'public' - ].any? + resource.privacy == 'public', + user.contributable_universes.pluck(:id).include?(resource.id) + ].any? end def updatable_by? user - resource.user_id == user.id + [ + resource.user_id == user.id, + user.contributable_universes.pluck(:id).include?(resource.id) + ].any? end def deletable_by? user diff --git a/app/controllers/concerns/has_ownership.rb b/app/controllers/concerns/has_ownership.rb index aff96816..be2fd38e 100644 --- a/app/controllers/concerns/has_ownership.rb +++ b/app/controllers/concerns/has_ownership.rb @@ -3,8 +3,8 @@ module HasOwnership extend ActiveSupport::Concern included do - before_action :require_ownership_or_sharing, only: [:show] - before_action :require_ownership, only: [:edit, :update, :destroy] + #before_action :require_ownership_or_sharing, only: [:show] + #before_action :require_ownership, only: [:edit, :update, :destroy] end module ClassMethods diff --git a/app/controllers/content_controller.rb b/app/controllers/content_controller.rb index 3faffe98..1f50a613 100644 --- a/app/controllers/content_controller.rb +++ b/app/controllers/content_controller.rb @@ -1,5 +1,5 @@ class ContentController < ApplicationController - include HasOwnership + #include HasOwnership before_action :authenticate_user!, only: [:index, :new, :create, :edit, :update, :destroy] @@ -139,7 +139,15 @@ class ContentController < ApplicationController end end - if @content.update_attributes(content_params) + if @content.user == current_user + update_success = @content.update_attributes(content_params) + else + # Exclude fields only the real owner can edit + #todo move field list somewhere when it grows + update_success = @content.update_attributes(content_params.except!(:universe_id)) + end + + if update_success successful_response(@content, t(:update_success, model_name: humanized_model_name)) else failed_response('edit', :unprocessable_entity) diff --git a/app/views/content/display/_floating_action_buttons.html.erb b/app/views/content/display/_floating_action_buttons.html.erb index 85bb0de3..4aeb62d8 100644 --- a/app/views/content/display/_floating_action_buttons.html.erb +++ b/app/views/content/display/_floating_action_buttons.html.erb @@ -1,7 +1,7 @@ <% editing = defined?(editing) && editing creating = defined?(creating) && creating - personal_content = (user_signed_in? && current_user.id == @content.user_id) || @content.new_record? + personal_content = @content.updatable_by?(current_user || User.new) || @content.new_record? %> <%# Primary FAB %> diff --git a/app/views/content/form/_panel.html.erb b/app/views/content/form/_panel.html.erb index cd6fec4f..f0b0ca6c 100644 --- a/app/views/content/form/_panel.html.erb +++ b/app/views/content/form/_panel.html.erb @@ -70,7 +70,12 @@ <% elsif field.name == 'universe_id' %>
<%= f.label field.name, field.label %>
- <%= f.select field.name, current_user.universes.sort_by(&:name).map { |u| [u.name, u.id] }.compact, include_blank: true, selected: (f.object.persisted? ? f.object.universe_id : session[:universe_id]) %> + <% if current_user == f.object.user %> + <%= f.select field.name, current_user.universes.sort_by(&:name).map { |u| [u.name, u.id] }.compact, include_blank: true, selected: (f.object.persisted? ? f.object.universe_id : session[:universe_id]) %> + <% else %> +
+ <%= link_to(f.object.universe.name, f.object.universe) if f.object.universe %> + <% end %>
<% elsif field.name == 'attribute_category_id' %>