Use author_in_programming_group? policy for files & RfCs

* Allow all members of a programming group to list and solve RfCs * Also adjust policy specs to respect programming groups
2023-08-22 09:23:20 +02:00
parent 9d1be1eeff
commit 01accdae58
7 changed files with 101 additions and 19 deletions
--- a/app/controllers/request_for_comments_controller.rb
+++ b/app/controllers/request_for_comments_controller.rb
@ -44,7 +44,11 @@ class RequestForCommentsController < ApplicationController
  # GET /my_request_for_comments
  def my_comment_requests
    @search = policy_scope(RequestForComment)
+      .joins(:submission)
      .where(user: current_user)
+      .or(policy_scope(RequestForComment)
+            .joins(:submission)
+            .where(submission: {contributor: current_user.programming_groups}))
      .order(created_at: :desc) # Order for the LIMIT part of the query
      .ransack(params[:q])

--- a/app/models/submission.rb
+++ b/app/models/submission.rb
@ -124,8 +124,8 @@ class Submission < ApplicationRecord
    (contributor_id + exercise.created_at.to_i) % 10 == 1
  end

-  def own_unsolved_rfc(user = self.user)
-    Pundit.policy_scope(user, RequestForComment).unsolved.find_by(exercise:, user:)
+  def own_unsolved_rfc(user)
+    Pundit.policy_scope(user, RequestForComment).joins(:submission).where(submission: {contributor:}).unsolved.find_by(exercise:)
  end

  def unsolved_rfc(user = self.user)
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@ -50,9 +50,21 @@ class ApplicationPolicy
  private :teacher_in_study_group?

  def author_in_programming_group?
-    return false unless @record.contributor.programming_group?
+    if @record.respond_to? :contributor # e.g. submission
+      possible_programming_group = @record.contributor

-    @record.contributor.users.include?(@user)
+    elsif @record.respond_to? :context # e.g. file
+      possible_programming_group = @record.context.contributor
+
+    elsif @record.respond_to? :submission # e.g. request_for_comment
+      possible_programming_group = @record.submission.contributor
+    else
+      return false
+    end
+
+    return false unless possible_programming_group.programming_group?
+
+    possible_programming_group.users.include?(@user)
  end
  private :author_in_programming_group?

--- a/app/policies/code_ocean/file_policy.rb
+++ b/app/policies/code_ocean/file_policy.rb
@ -38,7 +38,7 @@ module CodeOcean
      if @record.context.is_a?(Exercise)
        admin? || author?
      elsif @record.context.is_a?(Submission) && @record.context.exercise.allow_file_creation
-        author?
+        author? || author_in_programming_group?
      else
        no_one
      end
--- a/app/policies/request_for_comment_policy.rb
+++ b/app/policies/request_for_comment_policy.rb
@ -6,7 +6,7 @@ class RequestForCommentPolicy < ApplicationPolicy
  end

  def show?
-    admin? || author? || rfc_visibility
+    admin? || author? || author_in_programming_group? || rfc_visibility
  end

  def destroy?
@ -14,11 +14,11 @@ class RequestForCommentPolicy < ApplicationPolicy
  end

  def mark_as_solved?
-    admin? || author?
+    admin? || author? || author_in_programming_group?
  end

  def set_thank_you_note?
-    admin? || author?
+    admin? || author? || author_in_programming_group?
  end

  def clear_question?