Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / policies / api / v0 / guidance_group_policy.rb
@xsrust xsrust on 1 Mar 2017 757 bytes completed fixes for guidances and guidance_groups controllers
Raw Blame History 
module Api
  module V0
    class GuidanceGroupPolicy < ApplicationPolicy
      attr_reader :user, :guidance_group

      def initialize(user, guidance_group)
        raise Pundit::NotAuthorizedError, _("must be logged in") unless user
        unless user.org.token_permission_types.include? TokenPermissionType::GUIDANCES
          raise Pundit::NotAuthorizedError, _("must have access to guidances api")
        end
        @user = user
        @guidance_group = guidance_group
      end

      ##
      # is the plan editable by the user
      def show?
        GuidanceGroup.can_view?(@user, @guidance_group)
      end

      ##
      # always allowed as index chooses which guidances to display
      def index?
        true
      end

    end
  end
end