Add consumer-based RfC Visibility settings

This setting will be useful to increase data protection, where users might not be allowed to see RfCs from other contexts.
2023-02-20 09:35:21 +01:00
parent abede713f9
commit 9c3392b324
14 changed files with 146 additions and 14 deletions
--- a/app/policies/request_for_comment_policy.rb
+++ b/app/policies/request_for_comment_policy.rb
@ -48,4 +48,30 @@ class RequestForCommentPolicy < ApplicationPolicy
  def rfcs_with_my_comments?
    everyone
  end
+
+  class Scope < Scope
+    def resolve
+      if @user.admin?
+        @scope.all
+      else
+        case @user.consumer.rfc_visibility
+          when 'all'
+            @scope.all
+          when 'consumer'
+            rfcs_with_users = @scope.distinct
+              .joins('LEFT OUTER JOIN external_users ON request_for_comments.user_type = \'ExternalUser\' AND request_for_comments.user_id = external_users.id')
+              .joins('LEFT OUTER JOIN internal_users ON request_for_comments.user_type = \'InternalUser\' AND request_for_comments.user_id = internal_users.id')
+
+            rfcs_with_users.where(external_users: {consumer_id: @user.consumer.id})
+              .or(rfcs_with_users.where(internal_users: {consumer_id: @user.consumer.id}))
+          when 'study_group'
+            @scope.distinct
+              .joins(:submission)
+              .where(submission: {study_group: @user.current_study_group_id})
+          else
+            @scope.none
+        end
+      end
+    end
+  end
 end