pundit: convert bulk update requests to pundit.

2020-03-17 18:32:29 -05:00
parent b83c612246
commit 79a365abe0
6 changed files with 76 additions and 73 deletions
--- a/app/policies/bulk_update_request_policy.rb
+++ b/app/policies/bulk_update_request_policy.rb
@@ -0,0 +1,33 @@
+class BulkUpdateRequestPolicy < ApplicationPolicy
+  def create?
+    unbanned? && (record.forum_topic.blank? || policy(record.forum_topic).reply?)
+  end
+
+  def update?
+    unbanned? && (user.is_builder? || record.user_id == user.id)
+  end
+
+  def approve?
+    user.is_admin? && !record.is_approved?
+  end
+
+  def destroy?
+    record.is_pending? && update?
+  end
+
+  def can_update_forum?
+    user.is_admin?
+  end
+
+  def permitted_attributes_for_create
+    [:script, :skip_secondary_validations, :title, :reason, :forum_topic_id]
+  end
+
+  def permitted_attributes_for_update
+    if can_update_forum?
+      [:script, :skip_secondary_validations, :forum_topic_id, :forum_post_id]
+    else
+      [:script, :skip_secondary_validations]
+    end
+  end
+end