6 files changed, 59 insertions, 13 deletions
diff --git a/app/controllers/lines_controller.rb b/app/controllers/lines_controller.rb
index 8c14de06d..a93084012 100644
--- a/app/controllers/lines_controller.rb
+++ b/app/controllers/lines_controller.rb
@@ -1,6 +1,6 @@
 class LinesController < BreadcrumbController
   include ApplicationHelper
-
+  before_action :check_policy, :only => [:edit, :update, :destroy]
   defaults :resource_class => Chouette::Line
   respond_to :html
   respond_to :xml
@@ -30,6 +30,16 @@ class LinesController < BreadcrumbController
     end
   end
 
+  def new
+    authorize resource_class
+    super
+  end
+
+  def create
+    authorize resource_class
+    super
+  end
+
   # overwrite inherited resources to use delete instead of destroy
   # foreign keys will propagate deletion)
   def destroy_resource(object)
@@ -85,6 +95,9 @@ class LinesController < BreadcrumbController
   alias_method :line_referential, :parent
 
   private
+  def check_policy
+    authorize resource
+  end
 
   def line_params
     params.require(:line).permit( :transport_mode, :network_id, :company_id, :objectid, :object_version, :creation_time, :creator_id, :name, :number, :published_name, :transport_mode_name, :registration_number, :comment, :mobility_restricted_suitability, :int_user_needs, :flexible_service, :group_of_lines, :group_of_line_ids, :group_of_line_tokens, :url, :color, :text_color, :stable_id, { footnotes_attributes: [ :code, :label, :_destroy, :id ] } )
diff --git a/app/controllers/stop_areas_controller.rb b/app/controllers/stop_areas_controller.rb
index 90820d932..8f6a1565a 100644
--- a/app/controllers/stop_areas_controller.rb
+++ b/app/controllers/stop_areas_controller.rb
@@ -63,7 +63,7 @@ class StopAreasController < BreadcrumbController
   end
 
   def new
-    authorize Chouette::StopArea
+    authorize resource_class
     @map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self)
     @map.editable = true
     new! do
@@ -72,7 +72,7 @@ class StopAreasController < BreadcrumbController
   end
 
   def create
-    authorize Chouette::StopArea
+    authorize resource_class
     @map = StopAreaMap.new( Chouette::StopArea.new).with_helpers(self)
     @map.editable = true
 
diff --git a/app/policies/group_of_line_policy.rb b/app/policies/group_of_line_policy.rb
new file mode 100644
index 000000000..5d42a23bd
--- /dev/null
+++ b/app/policies/group_of_line_policy.rb
@@ -0,0 +1,15 @@
+class GroupOfLinePolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def create?
+    false
+  end
+  def update?  ; create? end
+  def new?     ; create? end
+  def edit?    ; create? end
+  def destroy? ; create? end
+end
diff --git a/app/policies/line_policy.rb b/app/policies/line_policy.rb
new file mode 100644
index 000000000..61cf6c1b8
--- /dev/null
+++ b/app/policies/line_policy.rb
@@ -0,0 +1,15 @@
+class LinePolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def create?
+    false
+  end
+  def update?  ; create? end
+  def new?     ; create? end
+  def edit?    ; create? end
+  def destroy? ; create? end
+end
diff --git a/app/views/lines/_line.html.slim b/app/views/lines/_line.html.slim
index 552e9d29b..07275e043 100644
--- a/app/views/lines/_line.html.slim
+++ b/app/views/lines/_line.html.slim
@@ -14,11 +14,11 @@
 
       li
         .btn-group
-          - if edit
+          - if edit && policy(Chouette::Line).update?
             = link_to edit_line_referential_line_path(line.line_referential, line), class: 'btn btn-default btn-sm' do
               span.fa.fa-pencil
 
-          - if delete
+          - if delete && policy(Chouette::Line).destroy?
             = link_to line_referential_line_path(line.line_referential, line), method: :delete, data: { confirm: t('lines.actions.destroy_confirm') }, class: 'btn btn-danger btn-sm' do
               span.fa.fa-trash-o
 
@@ -50,4 +50,4 @@
         = line.human_attribute_name('group_of_line')
         = link_to_if( line.group_of_lines.first, line.group_of_lines.first.name, line_referential_group_of_line_path(line.line_referential, line.group_of_lines.first), :title => "#{line.human_attribute_name('group_of_line')} #{line.group_of_lines.first.name}")
       - else
-        = t('lines.form.several_group_of_lines', :count => line.group_of_lines.count)
-\ No newline at end of file
+        = t('lines.form.several_group_of_lines', :count => line.group_of_lines.count)
diff --git a/app/views/lines/show.html.slim b/app/views/lines/show.html.slim
index 590f35a27..af9a72b15 100644
--- a/app/views/lines/show.html.slim
+++ b/app/views/lines/show.html.slim
@@ -131,16 +131,19 @@ h3.routes = t('.itineraries')
 
 - content_for :sidebar do
   ul.actions
-    li
-      = link_to t('lines.actions.new'), new_line_referential_line_path(@line_referential), class: 'add'
-    li
-      = link_to t('lines.actions.edit'), edit_line_referential_line_path(@line_referential, @line), class: 'edit'
-    li
-      = link_to t('lines.actions.destroy'), line_referential_line_path(@line_referential, @line), method: :delete, :data => {:confirm =>  t('lines.actions.destroy_confirm')}, class: 'remove'
+    - if policy(Chouette::Line).create?
+      li
+        = link_to t('lines.actions.new'), new_line_referential_line_path(@line_referential), class: 'add'
+    - if policy(Chouette::Line).update?
+      li
+        = link_to t('lines.actions.edit'), edit_line_referential_line_path(@line_referential, @line), class: 'edit'
+    - if policy(Chouette::Line).destroy?
+      li
+        = link_to t('lines.actions.destroy'), line_referential_line_path(@line_referential, @line), method: :delete, :data => {:confirm =>  t('lines.actions.destroy_confirm')}, class: 'remove'
 
     - if !@line.hub_restricted? || (@line.hub_restricted? && @line.routes.size < 2)
       / FIXME #825
       li
         / = link_to t('routes.actions.new'), new_referential_line_route_path(@referential, @line), class: 'add'
 
-  = creation_tag(@line)
-\ No newline at end of file
+  = creation_tag(@line)