Refs: #3446; metaprogrammed policy criteria

3 files changed, 62 insertions, 5 deletions

diff --git a/app/policies/boiv_policy.rb b/app/policies/boiv_policy.rb
index e29a2e6de..7f7534813 100644
--- a/app/policies/boiv_policy.rb
+++ b/app/policies/boiv_policy.rb
@@ -11,5 +11,4 @@ class BoivPolicy < ApplicationPolicy
   def show?
     boiv_read_offer?
   end
-  
 end
diff --git a/app/policies/chain.rb b/app/policies/chain.rb
new file mode 100644
index 000000000..4bf96bd84
--- /dev/null
+++ b/app/policies/chain.rb
@@ -0,0 +1,57 @@
+module Policies
+  # Implements the `chain_policies` macro as follows
+  #
+  #    chain_policies <method_chain>, policies:
+  #
+  # e.g.
+  #
+  #    chain_policies [:archived?, :!], policies: %i{create? edit?}
+  #
+  # which would establish a precondition `not archived` for the `create?` and `edit?`
+  # method, it is semantically identical to instrumenting both methods
+  # as follows:
+  #    
+  #    def create? # or edit?
+  #       archived?.! && <original code of method>
+  #    end
+  module Chain
+
+    # A local chain store implemented to avoid any possible side effect on client policies.
+    defined_chains = {}
+
+    # Using `define_method` in order to close over `defined_chains`
+    # We need to store the chains because the methods they will apply to
+    # are not defined yet.
+    define_method :chain_policies do |*conditions, policies:|
+      policies.each do | meth_name |
+        # self represents the client Policy
+        defined_chains[[self, meth_name]] = conditions
+      end
+    end
+    # Intercept method definition and check if a policy_chain has been registered for it‥.
+    define_method :method_added do |meth_name, *args, &blk|
+      # Delete potentially registered criteria conditions to‥.
+      # (i) protect against endless recursion via (:merthod_added → :define_method → :method_added → ‥.
+      # (ii) get the condition
+      conditions = defined_chains.delete([self, meth_name])
+      return unless conditions
+
+      instrument_method(meth_name, conditions)
+    end
+
+    private
+
+    # Access to the closure is not necessary anymore, normal metaprogramming can take place :)
+    def instrument_method(meth_name, conditions)
+      orig_method = instance_method(meth_name)
+      # In case of warnings remove original method here, depends on Ruby Version, ok in 2.3.1
+      define_method meth_name do |*a, &b|
+        # Method chain describing the chained policy precondition.
+        conditions.inject(self) do | result, msg |
+          result.send msg
+        end &&
+        orig_method.bind(self).(*a, &b)
+      end
+    end
+  end
+end
diff --git a/app/policies/time_table_policy.rb b/app/policies/time_table_policy.rb
index 059edb8c6..4b2bf0cd9 100644
--- a/app/policies/time_table_policy.rb
+++ b/app/policies/time_table_policy.rb
@@ -1,27 +1,28 @@
+require_relative 'chain'
 class TimeTablePolicy < BoivPolicy
+  extend Policies::Chain
+
   class Scope < Scope
     def resolve
       scope
     end
   end
 
+  chain_policies :archived?, :!, policies: %i{create? destroy? duplicate? edit?}
+
   def create?
-    !archived? &&
       user.has_permission?('time_tables.create') # organisation match via referential is checked in the view
   end
 
   def edit?
-    !archived? &&
       organisation_match? && user.has_permission?('time_tables.edit')
   end
 
   def destroy?
-    !archived? &&
       organisation_match? && user.has_permission?('time_tables.destroy')
   end
 
   def duplicate?
-    !archived? &&
       organisation_match? && create?
   end