2019-06-27 16:26:07 +02:00
|
|
|
class ChampPolicy < ApplicationPolicy
|
2019-10-07 18:06:55 +02:00
|
|
|
class Scope < ApplicationScope
|
2019-06-27 16:26:07 +02:00
|
|
|
def resolve
|
2019-10-08 14:28:26 +02:00
|
|
|
if user.blank?
|
|
|
|
|
return scope.none
|
2019-06-27 16:26:07 +02:00
|
|
|
end
|
2019-10-08 14:28:26 +02:00
|
|
|
|
2020-04-01 16:05:54 +02:00
|
|
|
# The join must be the same for all elements of the WHERE clause.
|
|
|
|
|
joined_scope = scope
|
2019-10-08 14:28:26 +02:00
|
|
|
.left_outer_joins(dossier: { groupe_instructeur: [:instructeurs] })
|
2020-04-01 16:05:54 +02:00
|
|
|
|
|
|
|
|
# Users can access public champs on their own dossiers.
|
|
|
|
|
resolved_scope = joined_scope
|
2019-10-08 14:28:26 +02:00
|
|
|
.where('dossiers.user_id': user.id, private: false)
|
|
|
|
|
|
|
|
|
|
if instructeur.present?
|
|
|
|
|
# Additionnaly, instructeurs can access private champs
|
|
|
|
|
# on dossiers they are allowed to instruct.
|
2020-04-01 16:05:54 +02:00
|
|
|
instructeur_clause = joined_scope
|
2019-10-08 14:28:26 +02:00
|
|
|
.where('instructeurs.id': instructeur.id, private: true)
|
|
|
|
|
resolved_scope = resolved_scope.or(instructeur_clause)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
resolved_scope
|
2019-06-27 16:26:07 +02:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
