Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / policies / note_policy.rb
@Sam Rust Sam Rust on 2 Apr 2020 487 bytes fix permissions bug for Notes#update and Roles#deactivate
Raw Blame History 
class NotePolicy < ApplicationPolicy
  attr_reader :user
  attr_reader :note

  def initialize(user, note)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @note = note
  end

  def create?
    @note.answer.plan.commentable_by?(@user.id)
  end

  def update?
    Plan.find(@note.answer.plan_id).commentable_by?(@user.id) && @note.user_id == @user.id
  end

  def archive?
    Plan.find(@note.answer.plan_id).commentable_by?(@user.id)
  end

end