Merge pull request #71 from manuka/destroy-own-content

Destroy own content
dumparkltd · Jan 4, 2024 · f07c047 · f07c047
2 parents 38860aa + d60c2a5
commit f07c047
Show file tree

Hide file tree

Showing 49 changed files with 1,649 additions and 480 deletions.
diff --git a/app/controllers/actor_categories_controller.rb b/app/controllers/actor_categories_controller.rb
@@ -1,6 +1,4 @@
 class ActorCategoriesController < ApplicationController
-  before_action :set_and_authorize_actor_category, only: [:show, :destroy]
-
   # GET /actor_categories
   def index
     @actor_categories = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -35,9 +33,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_actor_category
-    @actor_category = policy_scope(base_object).find(params[:id])
-    authorize @actor_category
+  def authorize!
+    @actor_category = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @actor_category || base_object
   end
 
   def base_object

diff --git a/app/controllers/actor_measures_controller.rb b/app/controllers/actor_measures_controller.rb
@@ -1,6 +1,4 @@
 class ActorMeasuresController < ApplicationController
-  before_action :set_and_authorize_actor_measure, only: [:show, :update, :destroy]
-
   # GET /actor_measures/:id
   def show
     authorize @actor_measure
@@ -35,17 +33,17 @@ def destroy
   # PATCH/PUT /actor_categories/1
   def update
     if @actor_measure.update!(permitted_attributes(@actor_measure))
-      set_and_authorize_actor_measure
       render json: serialize(@actor_measure)
     end
   end
 
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_actor_measure
-    @actor_measure = policy_scope(base_object).find(params[:id])
-    authorize @actor_measure
+  def authorize!
+    @actor_measure = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @actor_measure || base_object
   end
 
   def base_object

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -11,7 +11,7 @@ class ApplicationController < ActionController::Base
   layout :layout_by_resource
 
   before_action :authenticate_user!, only: [:create, :update, :destroy], unless: :devise_controller?
-  before_action :authorize_base_object!, only: [:show, :index, :update, :destroy]
+  before_action :authorize!
   after_action :verify_authorized, except: [:index, :sign_in], unless: :devise_controller?
   after_action :verify_policy_scoped, only: :index, unless: :devise_controller?
 
@@ -26,7 +26,7 @@ def pundit_user
 
   protected
 
-  def authorize_base_object!
+  def authorize!
     authorize(base_object) if defined?(base_object)
   end
 

diff --git a/app/controllers/bookmarks_controller.rb b/app/controllers/bookmarks_controller.rb
@@ -1,7 +1,7 @@
 class BookmarksController < ApplicationController
   before_action :authenticate_user!
   before_action :set_and_authorize_bookmark, only: [:update, :destroy]
-  skip_before_action :authorize_base_object!
+  skip_before_action :authorize!
   skip_after_action :verify_authorized, only: [:show]
 
   def forbidden

diff --git a/app/controllers/categories_controller.rb b/app/controllers/categories_controller.rb
@@ -1,6 +1,4 @@
 class CategoriesController < ApplicationController
-  before_action :set_and_authorize_category, only: [:show, :update, :destroy]
-
   # GET /categories
   def index
     @categories = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -32,8 +30,8 @@ def update
     if params[:category][:updated_at] && DateTime.parse(params[:category][:updated_at]).to_i != @category.updated_at.to_i
       return render json: '{"error":"Record outdated"}', status: :unprocessable_entity
     end
+
     if @category.update!(permitted_attributes(@category))
-      set_and_authorize_category
       render json: serialize(@category)
     end
   end
@@ -46,9 +44,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_category
-    @category = policy_scope(base_object).find(params[:id])
-    authorize @category
+  def authorize!
+    @category = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @category || base_object
   end
 
   def base_object

diff --git a/app/controllers/due_dates_controller.rb b/app/controllers/due_dates_controller.rb
@@ -1,6 +1,6 @@
 class DueDatesController < ApplicationController
   before_action :set_and_authorize_due_date, only: [:show, :update, :destroy]
-  skip_before_action :authorize_base_object!
+  skip_before_action :authorize!
 
   # GET /due_dates
   def index

diff --git a/app/controllers/indicators_controller.rb b/app/controllers/indicators_controller.rb
@@ -1,6 +1,4 @@
 class IndicatorsController < ApplicationController
-  before_action :set_and_authorize_indicator, only: [:show, :update, :destroy]
-
   # GET /indicators
   def index
     @indicators = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -33,8 +31,8 @@ def update
     if params[:indicator][:updated_at] && DateTime.parse(params[:indicator][:updated_at]).to_i != @indicator.updated_at.to_i
       return render json: '{"error":"Record outdated"}', status: :unprocessable_entity
     end
+
     if @indicator.update!(permitted_attributes(@indicator))
-      set_and_authorize_indicator
       render json: serialize(@indicator)
     end
   end
@@ -46,6 +44,13 @@ def destroy
 
   private
 
+  # Use callbacks to share common setup or constraints between actions.
+  def authorize!
+    @indicator = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @indicator || base_object
+  end
+
   def base_object
     if params[:measure_id]
       Measure.find(params[:measure_id]).indicators
@@ -54,12 +59,6 @@ def base_object
     end
   end
 
-  # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_indicator
-    @indicator = policy_scope(base_object).find(params[:id])
-    authorize @indicator
-  end
-
   def serialize(target, serializer: IndicatorSerializer)
     super
   end

diff --git a/app/controllers/measure_actors_controller.rb b/app/controllers/measure_actors_controller.rb
@@ -1,6 +1,4 @@
 class MeasureActorsController < ApplicationController
-  before_action :set_and_authorize_measure_actor, only: [:show, :update, :destroy]
-
   # GET /measure_actors/:id
   def show
     @measure_actor = policy_scope(base_object).find(params[:id])
@@ -36,17 +34,17 @@ def destroy
   # PATCH/PUT /actor_categories/1
   def update
     if @measure_actor.update!(permitted_attributes(@measure_actor))
-      set_and_authorize_measure_actor
       render json: serialize(@measure_actor)
     end
   end
 
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_measure_actor
-    @measure_actor = policy_scope(base_object).find(params[:id])
-    authorize @measure_actor
+  def authorize!
+    @measure_actor = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @measure_actor || base_object
   end
 
   def base_object

diff --git a/app/controllers/measure_categories_controller.rb b/app/controllers/measure_categories_controller.rb
@@ -1,6 +1,4 @@
 class MeasureCategoriesController < ApplicationController
-  before_action :set_and_authorize_measure_category, only: [:show, :update, :destroy]
-
   # GET /measure_categories
   def index
     @measure_categories = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -30,7 +28,6 @@ def create
   # PATCH/PUT /measure_categories/1
   def update
     if @measure_category.update!(permitted_attributes(@measure_category))
-      set_and_authorize_measure_category
       render json: serialize(@measure_category)
     end
   end
@@ -43,9 +40,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_measure_category
-    @measure_category = policy_scope(base_object).find(params[:id])
-    authorize @measure_category
+  def authorize!
+    @measure_category = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @measure_category || base_object
   end
 
   def base_object

diff --git a/app/controllers/measure_indicators_controller.rb b/app/controllers/measure_indicators_controller.rb
@@ -1,6 +1,4 @@
 class MeasureIndicatorsController < ApplicationController
-  before_action :set_and_authorize_measure_indicator, only: [:show, :update, :destroy]
-
   # GET /measure_indicators
   def index
     @measure_indicators = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -30,7 +28,6 @@ def create
   # PATCH/PUT /measure_indicators/1
   def update
     if @measure_indicator.update!(permitted_attributes(@measure_indicator))
-      set_and_authorize_measure_indicator
       render json: serialize(@measure_indicator)
     end
   end
@@ -43,9 +40,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_measure_indicator
-    @measure_indicator = policy_scope(base_object).find(params[:id])
-    authorize @measure_indicator
+  def authorize!
+    @measure_indicator = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @measure_indicator || base_object
   end
 
   def base_object

diff --git a/app/controllers/measure_measures_controller.rb b/app/controllers/measure_measures_controller.rb
@@ -1,6 +1,4 @@
 class MeasureMeasuresController < ApplicationController
-  before_action :set_and_authorize_measure_measure, only: [:show, :update, :destroy]
-
   # GET /measure_measures
   def index
     @measure_measures = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -42,9 +40,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_measure_measure
-    @measure_measure = policy_scope(base_object).find(params[:id])
-    authorize @measure_measure
+  def authorize!
+    @measure_measure = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @measure_measure || base_object
   end
 
   def base_object

diff --git a/app/controllers/measure_resources_controller.rb b/app/controllers/measure_resources_controller.rb
@@ -1,6 +1,4 @@
 class MeasureResourcesController < ApplicationController
-  before_action :set_and_authorize_measure_resource, only: [:show, :destroy]
-
   # GET /measure_resources
   def index
     @measure_resources = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -35,9 +33,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_measure_resource
-    @measure_resource = policy_scope(base_object).find(params[:id])
-    authorize @measure_resource
+  def authorize!
+    @measure_resource = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @measure_resource || base_object
   end
 
   def base_object

diff --git a/app/controllers/measures_controller.rb b/app/controllers/measures_controller.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class MeasuresController < ApplicationController
-  before_action :set_and_authorize_measure, only: [:show, :update, :destroy]
-
   # GET /measures
   def index
     @measures = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -40,7 +38,6 @@ def update
       send_published_notification!(@measure) if originally_draft && !@measure.draft?
       @measure.queue_task_updated_notifications!(user_id: current_user.id)
 
-      set_and_authorize_measure
       render json: serialize(@measure)
     end
   end
@@ -75,9 +72,10 @@ def send_published_notification!(measure)
   end
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_measure
-    @measure = policy_scope(base_object).find(params[:id])
-    authorize @measure
+  def authorize!
+    @measure = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @measure || base_object
   end
 
   def serialize(target, serializer: MeasureSerializer)

diff --git a/app/controllers/memberships_controller.rb b/app/controllers/memberships_controller.rb
@@ -1,6 +1,4 @@
 class MembershipsController < ApplicationController
-  before_action :set_and_authorize_membership, only: [:show, :destroy]
-
   # GET /memberships
   def index
     @memberships = policy_scope(base_object).order(created_at: :desc).page(params[:page])
@@ -35,9 +33,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_membership
-    @membership = policy_scope(base_object).find(params[:id])
-    authorize @membership
+  def authorize!
+    @membership = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @membership || base_object
   end
 
   def base_object

diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
@@ -1,6 +1,4 @@
 class PagesController < ApplicationController
-  before_action :set_and_authorize_page, only: [:show, :update, :destroy]
-
   # GET /pages
   def index
     @pages = policy_scope(base_object).order(created_at: :desc)
@@ -33,7 +31,6 @@ def update
       return render json: '{"error":"Record outdated"}', status: :unprocessable_entity
     end
     if @page.update!(permitted_attributes(@page))
-      set_and_authorize_page
       render json: serialize(@page)
     end
   end
@@ -46,9 +43,10 @@ def destroy
   private
 
   # Use callbacks to share common setup or constraints between actions.
-  def set_and_authorize_page
-    @page = policy_scope(base_object).find(params[:id])
-    authorize @page
+  def authorize!
+    @page = policy_scope(base_object)&.find(params[:id]) if params[:id]
+
+    authorize @page || base_object
   end
 
   def base_object