Refs #2263 : CalendarPolicy, translations...

6 files changed, 19 insertions, 15 deletions

diff --git a/app/controllers/calendars_controller.rb b/app/controllers/calendars_controller.rb
index 81eb029a6..9784820f9 100644
--- a/app/controllers/calendars_controller.rb
+++ b/app/controllers/calendars_controller.rb
@@ -1,13 +1,15 @@
 class CalendarsController < BreadcrumbController
   defaults resource_class: Calendar
-  before_action :check_policy, except: [:index, :new, :create]
+  before_action :check_policy, only: [:edit, :update, :destroy]
 
   respond_to :html
   respond_to :js, only: :index
 
   private
   def calendar_params
-    params.require(:calendar).permit(:id, :name, :short_name, :shared, periods_attributes: [:id, :begin, :end, :_destroy], date_values_attributes: [:id, :value, :_destroy])
+    permitted_params = [:id, :name, :short_name, periods_attributes: [:id, :begin, :end, :_destroy], date_values_attributes: [:id, :value, :_destroy]]
+    permitted_params << :shared if policy(Calendar).share?
+    params.require(:calendar).permit(*permitted_params)
   end
 
   def sort_column
@@ -20,7 +22,7 @@ class CalendarsController < BreadcrumbController
 
   protected
   def resource
-    @calendar = current_organisation.calendars.find_by_id(params[:id])
+    @calendar = Calendar.where('organisation_id = ? OR shared = true', current_organisation.id).find_by_id(params[:id])
   end
 
   def build_resource
@@ -32,7 +34,7 @@ class CalendarsController < BreadcrumbController
   def collection
     return @calendars if @calendars
 
-    @q = current_organisation.calendars.search(params[:q])
+    @q = Calendar.where('organisation_id = ? OR shared = true', current_organisation.id).search(params[:q])
     calendars = @q.result
     calendars = calendars.order(sort_column + ' ' + sort_direction) if sort_column && sort_direction
     @calendars = calendars.paginate(page: params[:page])
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index f1f8ebad4..1c455f391 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -18,8 +18,7 @@ class CalendarPolicy < ApplicationPolicy
   def destroy? ; modify? end
 
   def share?
-    # something like current_user.has_permission(:shared_calendar)
-    true
+    user.organisation_id == 1 # FIXME
   end
 
   def modify?
diff --git a/app/views/calendars/_calendars.html.slim b/app/views/calendars/_calendars.html.slim
index 25a4bb171..261052baf 100644
--- a/app/views/calendars/_calendars.html.slim
+++ b/app/views/calendars/_calendars.html.slim
@@ -8,5 +8,5 @@
     = will_paginate @calendars, container: false, renderer: RemoteBootstrapPaginationLinkRenderer
 
 - else
-  = replacement_msg t('calendars.index.search_no_results')
+  = replacement_msg t('.search_no_results')
 
diff --git a/app/views/calendars/_form.html.slim b/app/views/calendars/_form.html.slim
index 1a1172a7b..a97c16565 100644
--- a/app/views/calendars/_form.html.slim
+++ b/app/views/calendars/_form.html.slim
@@ -18,7 +18,8 @@
             = render 'period_fields', f: period
           .links
             = link_to_add_association t('simple_form.labels.calendar.add_a_date_range'), f, :periods, class: 'btn btn-primary btn-xs'
-        = f.input :shared
+        - if policy(@calendar).share?
+          = f.input :shared
         .form-actions
           = f.button :submit, as: :button, class: 'btn btn-info'
           = link_to t('cancel'), calendars_path, class: 'btn btn-default'
diff --git a/app/views/calendars/index.html.slim b/app/views/calendars/index.html.slim
index 9dd638681..41cd3d70c 100644
--- a/app/views/calendars/index.html.slim
+++ b/app/views/calendars/index.html.slim
@@ -6,13 +6,13 @@
       .panel-heading
         .row
           .col-md-3
-            = f.label t('calendars.activerecord.attributes.calendar.short_name')
+            = f.label Calendar.human_attribute_name(:short_name)
             = f.search_field :short_name_cont, class: 'form-control'
           .col-md-3
-            = f.label t('calendars.activerecord.attributes.calendar.shared')
+            = f.label Calendar.human_attribute_name(:shared)
             = f.select :shared_eq, [[t('.shared'), true], [t('.not_shared'), false]], { include_blank: '' }, { class: 'form-control', style: 'width: 100%', 'data-select2ed': 'true', 'data-select2ed-placeholder': t('.all') }
           .col-md-3
-            = f.label t('.date')
+            = f.label Calendar.human_attribute_name(:date)
             = f.date_field :contains_date, class: 'form-control'
 
           .col-md-3
diff --git a/app/views/calendars/show.html.slim b/app/views/calendars/show.html.slim
index 169d59f57..c0671fa94 100644
--- a/app/views/calendars/show.html.slim
+++ b/app/views/calendars/show.html.slim
@@ -38,7 +38,9 @@ p
 
 - content_for(:sidebar) do
   ul.actions
-    li
-      = link_to t('calendars.actions.edit'), edit_calendar_path(@calendar), class: 'edit'
-    li
-      = link_to t('calendars.actions.destroy'), calendar_path(@calendar), method: :delete, data: { confirm: t('calendars.actions.destroy_confirm') }, class: 'remove'
+    - if policy(@calendar).edit?
+      li
+        = link_to t('calendars.actions.edit'), edit_calendar_path(@calendar), class: 'edit'
+    - if policy(@calendar).destroy?
+      li
+        = link_to t('calendars.actions.destroy'), calendar_path(@calendar), method: :delete, data: { confirm: t('calendars.actions.destroy_confirm') }, class: 'remove'