Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / policies / section_policy.rb
@briley briley on 30 Mar 2017 923 bytes debug statements to track user object and its roles through test->controller->policy
Raw Blame History 
class SectionPolicy < ApplicationPolicy
  attr_reader :user, :section

  def initialize(user, section)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @section = section
  end

  ##
  # Users can modify sections if:
  #  - They can modify templates
  #  - The template which they are modifying belongs to their org
  ##

  def admin_create?
    user.can_modify_templates?  &&  (section.phase.template.org_id == user.org_id)
  end

  def admin_update?
    
puts "POLICY USER: (#{user.can_org_admin?}) - #{user.inspect}"
puts "POLICY ROLES: #{user.roles.inspect}"
puts "MODIFIER? #{user.can_modify_templates?} ORGS MATCH? #{(section.phase.template.org_id == user.org_id)}"
    
    user.can_modify_templates?  &&  (section.phase.template.org_id == user.org_id)
  end

  def admin_destroy?
    user.can_modify_templates?  &&  (section.phase.template.org_id == user.org_id)
  end

end