From ff95fcd8f254f22ca14b42a8a4956b8f143e3c68 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 4 Dec 2019 15:25:00 +0100 Subject: [PATCH] Allow all teachers of the same study group to edit their exercises --- app/policies/application_policy.rb | 13 +++++++++---- app/policies/exercise_policy.rb | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index 4e8ae44b..e81df385 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -26,11 +26,16 @@ class ApplicationPolicy private :no_one def everyone_in_study_group - study_group = @record.study_group - return false if study_group.blank? + if @record.respond_to? :study_group # e.g. submission + study_group = @record.study_group + return false if study_group.blank? - users_in_same_study_group = study_group.users - return false if users_in_same_study_group.blank? + users_in_same_study_group = study_group.users + else # e.g. exercise + study_groups = @record.user.study_groups + users_in_same_study_group = study_groups.collect{ |study_group| + study_group.users}.flatten + end users_in_same_study_group.include? @user end diff --git a/app/policies/exercise_policy.rb b/app/policies/exercise_policy.rb index ba30802d..41f735a0 100644 --- a/app/policies/exercise_policy.rb +++ b/app/policies/exercise_policy.rb @@ -8,7 +8,7 @@ class ExercisePolicy < AdminOrAuthorPolicy end [:clone?, :destroy?, :edit?, :update?].each do |action| - define_method(action) { admin? || author? } + define_method(action) { admin? || teacher_in_study_group || author? } end [:implement?, :working_times?, :intervention?, :search?, :submit?, :reload?].each do |action|