2 files changed, 17 insertions, 2 deletions

diff --git a/app/helpers/newapplication_helper.rb b/app/helpers/newapplication_helper.rb
index edcad76c3..ac57997d1 100644
--- a/app/helpers/newapplication_helper.rb
+++ b/app/helpers/newapplication_helper.rb
@@ -155,7 +155,10 @@ module NewapplicationHelper
             content_tag :li, link_to(t("actions.#{action}"), polymorph_url, method: :put)
           end
         else
-          content_tag :li, link_to(t("actions.#{action}"), polymorph_url)
+          permission = "#{action}?"
+          if !policy(item).respond_to?(permission) || policy(item).public_send(permission)
+            content_tag :li, link_to(t("actions.#{action}"), polymorph_url)
+          end
         end
       end.join.html_safe
     end
diff --git a/app/helpers/table_builder_helper/custom_links.rb b/app/helpers/table_builder_helper/custom_links.rb
index abb907678..e185bf77b 100644
--- a/app/helpers/table_builder_helper/custom_links.rb
+++ b/app/helpers/table_builder_helper/custom_links.rb
@@ -40,6 +40,14 @@ module TableBuilderHelper
 
     def actions_after_policy_check
       @actions.select do |action|
+        # TODO: My idea would be to push authorization logic into policies
+        #       Eventually the code should look like:
+        #       select do |action|
+        #         Pundit.policy(@user_context, @obj).send("#{action}?")
+        #       end
+        #       This puts the responsability where it belongs to and allows
+        #       for easy and fast unit testing of the BL, always a goos sign.
+
         # Has policy and can destroy
         (action == :delete &&
             Pundit.policy(@user_context, @obj).present? &&
@@ -64,6 +72,10 @@ module TableBuilderHelper
           # Object is archived
           (action == :unarchive && @obj.archived?) ||
 
+          !Pundit.policy(@user_context, @obj).respond_to?("#{action}?") ||
+          Pundit.policy(@user_context, @obj).public_send("#{action}?") ||
+            
+
           action_is_allowed_regardless_of_policy(action)
       end
     end
@@ -71,7 +83,7 @@ module TableBuilderHelper
     private
 
     def action_is_allowed_regardless_of_policy(action)
-      ![:delete, :edit, :archive, :unarchive].include?(action)
+      ![:delete, :edit, :archive, :unarchive, :duplicate, :actualize].include?(action)
     end
   end
 end