Refs: #3478@1.5h;

   -  PolicyChecker authorizes(*) all now
   -  Untied ApplicationPolicy#index? from show?
   -  mv access_point_policy.rb to access_point_policy.rb fixing an invisible name curruption (local problem?)

* to authorize: to allow (not here), to undergo the process of authorization (here)

6 files changed, 54 insertions, 31 deletions

diff --git a/app/controllers/concerns/policy_checker.rb b/app/controllers/concerns/policy_checker.rb
index 72c18c64f..c8a821cf7 100644
--- a/app/controllers/concerns/policy_checker.rb
+++ b/app/controllers/concerns/policy_checker.rb
@@ -2,11 +2,16 @@ module PolicyChecker
   extend ActiveSupport::Concern
 
   included do
-    before_action :check_policy, only: [:edit, :update, :destroy]
+    before_action :authorize_resource, except: [:create, :index, :new]
+    before_action :authorize_resource_class, only: [:create, :index, :new]
   end
 
   protected
-  def check_policy
+  def authorize_resource
     authorize resource
   end
+
+  def authorize_resource_class
+    authorize resource_class
+  end
 end
diff --git a/app/controllers/referentials_controller.rb b/app/controllers/referentials_controller.rb
index 1239d512f..31b953ace 100644
--- a/app/controllers/referentials_controller.rb
+++ b/app/controllers/referentials_controller.rb
@@ -1,7 +1,6 @@
 class ReferentialsController < BreadcrumbController
   defaults :resource_class => Referential
   include PolicyChecker
-  before_action :check_policy, :only => [:edit, :update, :destroy, :archive, :unarchive] # overrides default
 
   respond_to :html
   respond_to :json, :only => :show
diff --git a/app/models/chouette/access_point.rb b/app/models/chouette/access_point.rb
index 3cae07b8e..da1f9524a 100644
--- a/app/models/chouette/access_point.rb
+++ b/app/models/chouette/access_point.rb
@@ -1,4 +1,3 @@
-
 require 'geokit'
 require 'geo_ruby'
 
diff --git a/app/policies/acces_point_policy.rb b/app/policies/access_point_policy.rb
index 4e017eae4..4e017eae4 100644
--- a/app/policies/acces_point_policy.rb
+++ b/app/policies/access_point_policy.rb
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index b23d9e0cf..d5c1039fd 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -1,5 +1,17 @@
 class ApplicationPolicy
+
   attr_reader :current_referential, :record, :user
+  def initialize(user_context, record)
+    @user                = user_context.user
+    @current_referential = user_context.context[:referential]
+    @record              = record
+  end
+
+  # HMMM: Maybe one can tie index? to show? again by replacing record.class as follows:
+  #       Class === record ? record : record.class
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
 
   # Make authorization by action easier
   def delete?
@@ -12,18 +24,17 @@ class ApplicationPolicy
     false
   end
 
+
+  #
+  # Tied permissions
+  # ----------------
+
   # Tie edit? and update? together, #edit?, do not override #edit?,
   # unless you want to break this tie on purpose
   def edit?
     update?
   end
 
-  # Tie index? and show? together, do not override #new?,
-  # unless you want to break this tie on purpose
-  def index?
-    show?
-  end
-
   # Tie new? and create? together, do not override #new?,
   # unless you want to break this tie on purpose
   def new?
@@ -31,25 +42,22 @@ class ApplicationPolicy
   end
 
 
+  #
+  # Permissions for undestructive actions
+  # -------------------------------------
 
-  def initialize(user_context, record)
-    @user                = user_context.user
-    @current_referential = user_context.context[:referential]
-    @record              = record
+  def index?
+    true
   end
 
-  def archived?
-    return @is_archived if instance_variable_defined?(:@is_archived)
-    @is_archived = is_archived
+  def show?
+    scope.where(:id => record.id).exists?
   end
 
-  def referential
-    @referential ||=  current_referential || record_referential
-  end
 
-  def record_referential
-    record.referential if record.respond_to?(:referential)
-  end
+  #
+  # Permissions for destructive actions
+  # -----------------------------------
 
   def create?
     false
@@ -59,16 +67,18 @@ class ApplicationPolicy
     false
   end
 
-  def show?
-    scope.where(:id => record.id).exists?
-  end
-
   def update?
     false
   end
 
-  def scope
-    Pundit.policy_scope!(user, record.class)
+
+  #
+  #  Custom Permissions
+  #  ------------------
+
+  def archived?
+    return @is_archived if instance_variable_defined?(:@is_archived)
+    @is_archived = is_archived
   end
 
   def organisation_match?
@@ -81,6 +91,18 @@ class ApplicationPolicy
     organisation or referential.try :organisation
   end
 
+
+  #
+  #  Helpers
+  #  -------
+
+  def referential
+    @referential ||=  current_referential || record_referential
+  end
+
+  def record_referential
+    record.referential if record.respond_to?(:referential)
+  end
   class Scope
     attr_reader :user, :scope
 
diff --git a/config/environments/test.rb b/config/environments/test.rb
index d83b4fd85..80ed940ca 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -1,8 +1,6 @@
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
-  config.eager_load = false
-
   # The test environment is used exclusively to run your application's
   # test suite. You never need to work with it otherwise. Remember that
   # your test database is "scratch space" for the test suite and is wiped