dmpopidor/app/policies/annotation_policy.rb at da4b8833fb2dc03a1a1a97a345ea8e1bbaded8d9

Fork: 0

opidor / dmpopidor

Find file

Newer

Older

dmpopidor / app / policies / annotation_policy.rb

xsrust on 6 Jun 2017 875 bytes updated org-admin customization of templates according to #373

Raw Blame History

class AnnotationPolicy < ApplicationPolicy
  attr_reader :user, :annotation

  def initialize(user, annotation)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @annotation = annotation
  end

  ##
  # Users can modify annotations if:
  #  - They can modify templates
  #  - The template which they are modifying belongs to their orggi
  ##

  def admin_create?
    # here we pass through a question instead of an annotation object
    user.can_modify_templates?  &&  (annotation.section.phase.template.org_id == user.org_id)
  end

  def admin_update?
    user.can_modify_templates?  &&  (annotation.question.section.phase.template.org_id == user.org_id) && annotation.org_id == user.org_id
  end

  def admin_destroy?
    user.can_modify_templates?  &&  (annotation.question.section.phase.template.org_id == user.org_id)
  end

end