From 818bacf718594441052820ea0e7b33b9491a5b71 Mon Sep 17 00:00:00 2001
From: Zog
Date: Mon, 18 Dec 2017 11:53:16 +0100
Subject: Refs #5325@0.5h; Use policies for calendar sharing

Use policies to determine if a user is allowed to share a calendar,
instead of a hardcoded string
---
 app/models/user.rb              |  2 +-
 app/policies/calendar_policy.rb | 17 +++++++----------
 2 files changed, 8 insertions(+), 11 deletions(-)

(limited to 'app')

diff --git a/app/models/user.rb b/app/models/user.rb
index 37d35209a..1342f60ed 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -36,7 +36,7 @@ class User < ActiveRecord::Base
     self.name         = extra[:full_name]
     self.email        = extra[:email]
     self.organisation = Organisation.sync_update extra[:organisation_code], extra[:organisation_name], extra[:functional_scope]
-    self.permissions  = Stif::PermissionTranslator.translate(extra[:permissions])
+    self.permissions  = Stif::PermissionTranslator.translate(extra[:permissions], self.organisation)
   end
 
   def self.portail_api_request
diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index 074c41d8d..3ba708ec9 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -5,18 +5,15 @@ class CalendarPolicy < ApplicationPolicy
     end
   end
 
-  def create? 
+  def create?
     !archived? && user.has_permission?('calendars.create')
   end
-  def destroy?
-    !archived? & organisation_match? && user.has_permission?('calendars.destroy')
-  end
-  def update?
-    !archived? && organisation_match? && user.has_permission?('calendars.update')
-  end
+  def destroy?; instance_permission("destroy") end
+  def update?; instance_permission("update") end
+  def share?; instance_permission("share") end
 
-  def share?
-    user.organisation.name == 'STIF' # FIXME
+  private
+  def instance_permission permission
+    !archived? & organisation_match? && user.has_permission?("calendars.#{permission}")
   end
-
 end
-- 
cgit v1.2.3


From 6d5ca1fe9782f4e43b38079a920ab0770e2d1cce Mon Sep 17 00:00:00 2001
From: Zog
Date: Tue, 19 Dec 2017 13:16:03 +0100
Subject: Refs #5325; Fix calendat policy

Remove the "!archived?" condition which makes no sense here.
---
 app/policies/calendar_policy.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/policies/calendar_policy.rb b/app/policies/calendar_policy.rb
index 3ba708ec9..c2da8c924 100644
--- a/app/policies/calendar_policy.rb
+++ b/app/policies/calendar_policy.rb
@@ -6,7 +6,7 @@ class CalendarPolicy < ApplicationPolicy
   end
 
   def create?
-    !archived? && user.has_permission?('calendars.create')
+    user.has_permission?('calendars.create')
   end
   def destroy?; instance_permission("destroy") end
   def update?; instance_permission("update") end
@@ -14,6 +14,6 @@ class CalendarPolicy < ApplicationPolicy
 
   private
   def instance_permission permission
-    !archived? & organisation_match? && user.has_permission?("calendars.#{permission}")
+    organisation_match? && user.has_permission?("calendars.#{permission}")
   end
 end
-- 
cgit v1.2.3