transferred Code Ocean from original repository to GitHub

app/policies/admin_only_policy.rb

@@ -0,0 +1,5 @@
+class AdminOnlyPolicy < ApplicationPolicy
+  [:create?, :destroy?, :edit?, :index?, :new?, :show?, :update?].each do |action|
+    define_method(action) { admin? }
+  end
+end

app/policies/admin_or_author_policy.rb

@@ -0,0 +1,9 @@
+class AdminOrAuthorPolicy < ApplicationPolicy
+  [:create?, :index?, :new?].each do |action|
+    define_method(action) { @user.internal? }
+  end
+
+  [:destroy?, :edit?, :show?, :update?].each do |action|
+    define_method(action) { admin? || author? }
+  end
+end

app/policies/application_policy.rb

@@ -0,0 +1,40 @@
+class ApplicationPolicy
+  def admin?
+    @user.admin?
+  end
+  private :admin?
+
+  def everyone
+    true
+  end
+  private :everyone
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+    require_user!
+  end
+
+  def no_one
+    false
+  end
+  private :no_one
+
+  def require_user!
+    raise Pundit::NotAuthorizedError unless @user
+  end
+  private :require_user!
+
+  class Scope
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+      require_user!
+    end
+
+    def require_user!
+      raise Pundit::NotAuthorizedError unless @user
+    end
+    private :require_user!
+  end
+end

app/policies/code_ocean/file_policy.rb

@@ -0,0 +1,23 @@
+module CodeOcean
+  class FilePolicy < AdminOrAuthorPolicy
+    def author?
+      @user == @record.context.author
+    end
+
+    def create?
+      if @record.context.is_a?(Exercise)
+        admin? || author?
+      else
+        author?
+      end
+    end
+
+    def destroy?
+      if @record.context.is_a?(Exercise)
+        admin? || author?
+      else
+        no_one
+      end
+    end
+  end
+end

app/policies/consumer_policy.rb

@@ -0,0 +1,5 @@
+class ConsumerPolicy < AdminOnlyPolicy
+  def show?
+    super || @user.consumer == @record
+  end
+end

app/policies/error_policy.rb

@@ -0,0 +1,5 @@
+class ErrorPolicy < AdminOrAuthorPolicy
+  def author?
+    @user == @record.execution_environment.author
+  end
+end

app/policies/execution_environment_policy.rb

@@ -0,0 +1,10 @@
+class ExecutionEnvironmentPolicy < AdminOrAuthorPolicy
+  def author?
+    @user == @record.author
+  end
+  private :author?
+
+  [:execute_command?, :shell?].each do |action|
+    define_method(action) { admin? || author? }
+  end
+end

app/policies/exercise_policy.rb

@@ -0,0 +1,24 @@
+class ExercisePolicy < AdminOrAuthorPolicy
+  def author?
+    @user == @record.author
+  end
+  private :author?
+
+  [:clone?, :statistics?].each do |action|
+    define_method(action) { admin? || author? }
+  end
+
+  [:implement?, :submit?].each do |action|
+    define_method(action) { everyone }
+  end
+
+  class Scope < Scope
+    def resolve
+      if @user.admin?
+        @scope.all
+      else
+        @scope.where("user_id = #{@user.id} OR public = TRUE")
+      end
+    end
+  end
+end

app/policies/external_user_policy.rb

@@ -0,0 +1,2 @@
+class ExternalUserPolicy < AdminOnlyPolicy
+end

app/policies/file_type_policy.rb

@@ -0,0 +1,6 @@
+class FileTypePolicy < AdminOrAuthorPolicy
+  def author?
+    @user == @record.author
+  end
+  private :author?
+end

app/policies/hint_policy.rb

@@ -0,0 +1,5 @@
+class HintPolicy < AdminOrAuthorPolicy
+  def author?
+    @user == @record.execution_environment.author
+  end
+end

app/policies/internal_user_policy.rb

@@ -0,0 +1,9 @@
+class InternalUserPolicy < AdminOnlyPolicy
+  def destroy?
+    super && !@record.admin?
+  end
+
+  def show?
+    super || @record == @user
+  end
+end

app/policies/submission_policy.rb

@@ -0,0 +1,18 @@
+class SubmissionPolicy < ApplicationPolicy
+  def author?
+    @user == @record.author
+  end
+  private :author?
+
+  def create?
+    everyone
+  end
+
+  [:download_file?, :render_file?, :run?, :score?, :show?, :statistics?, :stop?, :test?].each do |action|
+    define_method(action) { admin? || author? }
+  end
+
+  def index?
+    admin?
+  end
+end