pundit: convert post versions to pundit.

2020-03-19 20:35:33 -05:00
parent ba0a5dda8a
commit ffae64f127
5 changed files with 43 additions and 32 deletions
--- a/app/controllers/post_versions_controller.rb
+++ b/app/controllers/post_versions_controller.rb
@@ -1,5 +1,4 @@
 class PostVersionsController < ApplicationController
-  before_action :member_only, except: [:index, :search]
  before_action :check_availabililty
  around_action :set_timeout
  respond_to :html, :xml, :json
@@ -7,7 +6,7 @@ class PostVersionsController < ApplicationController

  def index
    set_version_comparison
-    @post_versions = PostVersion.paginated_search(params)
+    @post_versions = authorize PostVersion.paginated_search(params)

    if request.format.html?
      @post_versions = @post_versions.includes(:updater, post: [:uploader, :versions])
@@ -22,7 +21,7 @@ class PostVersionsController < ApplicationController
  end

  def undo
-    @post_version = PostVersion.find(params[:id])
+    @post_version = authorize PostVersion.find(params[:id])
    @post_version.undo!

    respond_with(@post_version)
--- a/app/models/post_version.rb
+++ b/app/models/post_version.rb
@@ -233,14 +233,6 @@ class PostVersion < ApplicationRecord
    post.save!
  end

-  def can_undo?(user)
-    version > 1 && post&.visible? && user.is_member?
-  end
-
-  def can_revert_to?(user)
-    post&.visible? && user.is_member?
-  end
-
  def api_attributes
    super + [:obsolete_added_tags, :obsolete_removed_tags, :unchanged_tags]
  end
--- a/app/policies/post_version_policy.rb
+++ b/app/policies/post_version_policy.rb
@@ -0,0 +1,9 @@
+class PostVersionPolicy < ApplicationPolicy
+  def undo?
+    unbanned? && record.version > 1 && record.post.present? && policy(record.post).visible?
+  end
+
+  def can_mass_undo?
+    user.is_builder?
+  end
+end
--- a/app/views/post_versions/_listing.html.erb
+++ b/app/views/post_versions/_listing.html.erb
@@ -4,9 +4,9 @@
  <% end %>

    <%= table_for @post_versions, {id: "post-versions-table", class: "striped autofit"} do |t| %>
-      <% if CurrentUser.user.is_builder? %>
+      <% if policy(@post_versions).can_mass_undo? %>
        <% t.column tag.label(tag.input type: :checkbox, id: "post-version-select-all-checkbox", class: "post-version-select-checkbox"), column: "post-version-select" do |post_version| %>
-          <input type="checkbox" class="post-version-select-checkbox" <%= "disabled" unless post_version.can_undo?(CurrentUser.user) %>>
+          <input type="checkbox" class="post-version-select-checkbox" <%= "disabled" unless policy(post_version).undo? %>>
        <% end %>
      <% end %>
      <% if listing_type(:post_id) == :standard %>
@@ -31,10 +31,10 @@
        </div>
      <% end %>
      <% t.column do |post_version| %>
-        <% if post_version.can_undo?(CurrentUser.user) %>
+        <% if policy(post_version).can_undo? %>
          <%= link_to "Undo", undo_post_version_path(post_version), method: :put, remote: true, class: "post-version-undo-link" %>
        <% end %>
-        <% if listing_type(:post_id) == :revert && post_version.can_revert_to?(CurrentUser.user) %>
+        <% if listing_type(:post_id) == :revert && policy(post_version.post).revert? %>
          | <%= link_to "Revert to", revert_post_path(post_version.post_id, version_id: post_version.id), method: :put, remote: true %>
        <% end %>
      <% end %>