6671711784
Refactor email verification links and Dmail share links to use the new Rails signed_id mechanism, rather than our own handrolled mechanism. For Dmail share links, we have to override some Rails internal methods so that our old links still work. For email verification links, this will invalidate existing links, but this isn't a huge deal since these links are short-lived anyway. https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html https://api.rubyonrails.org/classes/ActiveRecord/SignedId/ClassMethods.html
39 lines
708 B
Ruby
39 lines
708 B
Ruby
class DmailPolicy < ApplicationPolicy
|
|
def create?
|
|
unbanned?
|
|
end
|
|
|
|
def index?
|
|
!user.is_anonymous?
|
|
end
|
|
|
|
def mark_all_as_read?
|
|
!user.is_anonymous?
|
|
end
|
|
|
|
def update?
|
|
!user.is_anonymous? && record.owner_id == user.id
|
|
end
|
|
|
|
def show?
|
|
return true if user.is_owner?
|
|
!user.is_anonymous? && record.owner_id == user.id
|
|
end
|
|
|
|
def reportable?
|
|
unbanned? && record.owner_id == user.id && record.is_recipient? && !record.is_automated? && !record.from.is_moderator?
|
|
end
|
|
|
|
def permitted_attributes_for_create
|
|
[:title, :body, :to_name, :to_id]
|
|
end
|
|
|
|
def permitted_attributes_for_update
|
|
[:is_read, :is_deleted]
|
|
end
|
|
|
|
def api_attributes
|
|
super + [:key]
|
|
end
|
|
end
|