Limit access to the study group dashboard to teachers of that group

Also rename teacher_in_study_group? to add a `?` at the end
2019-05-15 17:41:00 +02:00
parent 652dc7001e
commit 5dd641082e
3 changed files with 8 additions and 4 deletions
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@ -41,10 +41,10 @@ class ApplicationPolicy
  end
  private :everyone_in_study_group

-  def teacher_in_study_group
+  def teacher_in_study_group?
    teacher? && everyone_in_study_group
  end
-  private :teacher_in_study_group
+  private :teacher_in_study_group?

  def initialize(user, record)
    @user = user
--- a/app/policies/exercise_policy.rb
+++ b/app/policies/exercise_policy.rb
@ -3,10 +3,14 @@ class ExercisePolicy < AdminOrAuthorPolicy
    admin?
  end

-  [:show?, :study_group_dashboard?, :feedback?, :requests_for_comments?, :statistics?].each do |action|
+  [:show?, :feedback?, :requests_for_comments?, :statistics?].each do |action|
    define_method(action) { admin? || teacher? }
  end

+  def :study_group_dashboard?
+    admin? || teacher_in_study_group?
+  end
+
  [:clone?, :destroy?, :edit?, :update?, :export_external_check?, :export_external_confirm?].each do |action|
    define_method(action) { admin? || teacher_in_study_group || author? }
  end
--- a/app/policies/submission_policy.rb
+++ b/app/policies/submission_policy.rb
@ -14,6 +14,6 @@ class SubmissionPolicy < ApplicationPolicy


  def show_study_group?
-    admin? || teacher_in_study_group
+    admin? || teacher_in_study_group?
  end
 end