pundit: convert forum topics / forum posts to pundit.

Fix it being possible for users to delete or undelete their own forum
posts and topics, even if they were deleted by a mod.

app/policies/forum_post_policy.rb

@@ -0,0 +1,33 @@
+class ForumPostPolicy < ApplicationPolicy
+  def show?
+    user.level >= record.topic.min_level
+  end
+
+  def create?
+    unbanned? && policy(record.topic).reply?
+  end
+
+  def update?
+    unbanned? && show? && (user.is_moderator? || (record.creator_id == user.id && !record.topic.is_locked?))
+  end
+
+  def destroy?
+    unbanned? && show? && user.is_moderator?
+  end
+
+  def undelete?
+    unbanned? && show? && user.is_moderator?
+  end
+
+  def show_deleted?
+    !record.is_deleted? || user.is_moderator?
+  end
+
+  def permitted_attributes_for_create
+    [:body, :topic_id]
+  end
+
+  def permitted_attributes_for_update
+    [:body]
+  end
+end

app/policies/forum_topic_policy.rb

@@ -0,0 +1,36 @@
+class ForumTopicPolicy < ApplicationPolicy
+  def show?
+    user.level >= record.min_level
+  end
+
+  def update?
+    unbanned? && show? && (user.is_moderator? || (record.creator_id == user.id && !record.is_locked?))
+  end
+
+  def destroy?
+    unbanned? && show? && user.is_moderator?
+  end
+
+  def undelete?
+    unbanned? && show? && user.is_moderator?
+  end
+
+  def mark_all_as_read?
+    user.is_member?
+  end
+
+  def reply?
+    unbanned? && show? && (user.is_moderator? || !record.is_locked?)
+  end
+
+  def moderate?
+    user.is_moderator?
+  end
+
+  def permitted_attributes
+    [
+      :title, :category_id, { original_post_attributes: [:id, :body] },
+      ([:is_sticky, :is_locked, :min_level] if moderate?)
+    ].compact.flatten
+  end
+end