WIP All things processed and annotated

rails-girls-summer-of-code · May 17, 2018 · bfaeb99 · bfaeb99
1 parent 6b4664e
commit bfaeb99
Show file tree

Hide file tree

Showing 3 changed files with 446 additions and 441 deletions.
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -3,77 +3,77 @@
 class Ability
   include CanCan::Ability
 
-  USER_PAGES = [User, Team] #todo
-  PUBLIC_PAGES = [Activity, Team, Project, Conference].freeze
-  LOGGED_IN_PAGES = [Comment] # now: create comments #todo
-  APPLICATION_PAGES = [Application, ApplicationDraft] # todo
-
   def initialize(user)
     user ||= User.new
 
     alias_action :create, :read, :update, :destroy, to: :crud
+
     # guest user
-    can :read, [User, Team, Project, Activity]
+    can :read, Activity # pro forma ; Activity has no authorisation restriction, except for kind: :mailing
+    can :read, [User, Team, Project, Conference]
+
+    return unless signed_in?(user)
 
     # unconfirmed, logged in user
-    can :read, USER_PAGES
     can :update, User, id: user.id
     can :resend_confirmation_instruction, User, id: user.id
     can :read_email, User, hide_email: false # view helper # delete? only used once
-    can :read, PUBLIC_PAGES # pro forma ; Activity has no authorisation restriction, except for kind: :mailing
 
-    return unless user.confirmed?
+    return unless user.confirmed? && signed_in?(user)
+
     # confirmed user
     can [:update, :destroy], User, id: user.id
     can :resend_confirmation_instruction, User, id: user.id
+    can :create, Project
+    can [:join, :create], Team
+    # the validation is tested in spec/models/team_spec.rb:33
+    # Should this be in ability at all?
+    # can :crud, Team do |team|
+    #   team.new_record?
+    # end
+    #  => delete
     can :index, Mailing
     can :read, Mailing do |mailing|
       mailing.recipient? user
     end
-    can :create, Project
-    # can :crud, Team do |team|
-    #   team.new_record?
-    # end ????  => delete
 
-    # all members in a team
-    # if user in any team ... end # or just A confirmed user
-    can :crud, Team do |team|
+    # Members in a team
+    can [:update, :destroy], Team do |team|
       on_team?(user, team)
     end
 
-    # what is restricted to the current season ?
+    # Add / split restrictions for current season?
 
     # current_student
-    if user.current_student?  # TODO is this the best check?
+    if user.current_student? # TODO is this the best check?
+      can :create, Team if user.teams.none?
       can :create, Conference
     end
 
     # supervisor
     if user.supervisor?
-        can :read, :users_info
-        # explanation for this simpler declaration:
-        # The unconfirmed user ^ above had this declaration:
-        #   `can :read_email, User, hide_email: false`
-        # is defined for all users: all can read an email address that is not hidden
-        # Here, the hide_email attribute doesnt matter: a supervisor can read it anyway
-        # See specs added to check this behaviour
-        can :read_email, User do |other_user|
-          supervises?(other_user, user)
-        end
+      can :read, :users_info
+      # explanation for this simpler declaration:
+      # The unconfirmed user ^ above had this declaration:
+      #   `can :read_email, User, hide_email: false`
+      # is defined for all users: all can read an email address that is not hidden
+      # Here, the hide_email attribute doesnt matter: a supervisor can read it anyway
+      # See specs added to check this behaviour
+      can :read_email, User do |other_user|
+        supervises?(other_user, user)
+      end
     end
 
     # project submitter
-    can :crud, Project, submitter_id: user.id if user.confirmed?
+    can [:update, :destroy], Project, submitter_id: user.id
     can :use_as_template, Project do |project|
       user == project.submitter && !project.season&.current?
     end
 
     # admin
     if user.admin?
       can :manage, :all
-      # can :read_email, User   # view helper # redundant; admin can manage all
-                                # used only once -> delete?
-      # MEMO add cannot's only; and only after this line
+      # MEMO add "cannot's" only; and only after this line
       cannot :create, User # this only happens through GitHub
     end
 
@@ -96,10 +96,10 @@ def initialize(user)
       team.students.include?(user)
     end
 
-    cannot :create, Team do |team|
-      on_team_for_season?(user, team.season) || !user.confirmed?
-    end
-
+    # cannot :create, Team do |team|
+    #   on_team_for_season?(user, team.season) || !user.confirmed?
+    # end
+    # todo join helpdesk team
     can :join, Team do |team|
       team.helpdesk_team? and signed_in?(user) and user.confirmed? and not on_team?(user, team)
     end