Commit 7d452440 authored by Kaspar Vollenweider's avatar Kaspar Vollenweider 👻 Committed by Kaspar
Browse files

policy and controller

parent ab81231f
......@@ -30,6 +30,12 @@ class ApplicationController < ActionController::Base
}
end
def specific_policy_scope(scope_name, policy_subject = nil)
policy_subject ||= controller_name.singularize.classify.constantize
"#{policy_subject.name.classify}Policy".constantize::Scope
.new(current_user, policy_subject).send(scope_name)
end
private
def user_not_authorized
......
......@@ -3,8 +3,7 @@ class AssignmentsController < ApplicationController
def index
authorize Assignment
@assignments = policy_scope(Assignment)
@q = Assignment.ransack(params[:q])
@q = policy_scope(Assignment).ransack(params[:q])
@assignments = @q.result.default_order.paginate(page: params[:page])
end
......@@ -38,7 +37,7 @@ class AssignmentsController < ApplicationController
def update
if @assignment.update(assignment_params)
if current_user.superadmin?
if current_user.superadmin? || current_user.department_manager?
redirect_to assignments_url, make_notice
else
redirect_to @assignment.volunteer, make_notice
......
......@@ -8,7 +8,7 @@ class VolunteersController < ApplicationController
def index
authorize Volunteer
@q = Volunteer.ransack(params[:q])
@q = policy_scope(Volunteer).ransack(params[:q])
respond_to do |format|
format.xlsx do
@volunteers = @q.result
......@@ -56,7 +56,7 @@ class VolunteersController < ApplicationController
def seeking_clients
authorize Volunteer
@q = Volunteer.seeking_clients.ransack(params[:q])
@q = specific_policy_scope(:seeking_clients).ransack(params[:q])
@seeking_clients = @q.result.paginate(page: params[:page])
end
......
class VolunteerPolicy < ApplicationPolicy
class Scope < ApplicationScope
def resolve
return all if superadmin?
seeking_clients if department_manager?
end
def seeking_clients
return scope.seeking_clients_will_take_more if superadmin?
scope.seeking_clients if department_manager?
end
end
alias_method :index?, :superadmin?
alias_method :new?, :superadmin?
alias_method :create?, :superadmin?
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment