Quik Course 29

carlomunguia · carlomunguia · commit 9ff40b299d8e · 2023-03-20T23:53:22.000-05:00
added enrollment policy, updated enrollments controller with auths, updated users &amp; lessons policies to register when someone can view courses properly when purchased
diff --git a/app/controllers/enrollments_controller.rb b/app/controllers/enrollments_controller.rb
@@ -5,6 +5,7 @@ class EnrollmentsController < ApplicationController
   # GET /enrollments or /enrollments.json
   def index
     @enrollments = Enrollment.all
+    authorize @enrollments
   end
 
   # GET /enrollments/1 or /enrollments/1.json
@@ -18,6 +19,7 @@ def new
 
   # GET /enrollments/1/edit
   def edit
+    authorize @enrollment
   end
 
   # POST /enrollments or /enrollments.json
@@ -34,6 +36,7 @@ def create
 
   # PATCH/PUT /enrollments/1 or /enrollments/1.json
   def update
+    authorize @enrollment
     respond_to do |format|
       if @enrollment.update(enrollment_params)
         format.html do
@@ -52,6 +55,7 @@ def update
 
   # DELETE /enrollments/1 or /enrollments/1.json
   def destroy
+    authorize @enrollment
     @enrollment.destroy
 
     respond_to do |format|
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -6,6 +6,7 @@ def index
 
     @q = User.ransack(params[:q])
     @users = @q.result(distinct: true)
+    authorize @users
   end
 
   def show
diff --git a/app/models/course.rb b/app/models/course.rb
@@ -38,6 +38,6 @@ def self.levels
   tracked owner: Proc.new { |controller, model| controller.current_user }
 
   def bought(user)
-    self.enrollments.where(user_id: [user.id, course_id: [self.id].empty?])
+    self.enrollments.where(user_id: [user.id], course_id: [self.id]).empty?
   end
 end
diff --git a/app/policies/enrollment_policy.rb b/app/policies/enrollment_policy.rb
@@ -0,0 +1,23 @@
+class EnrollmentPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  def index?
+    @user.has_role?(:admin)
+  end
+
+  def edit?
+    @record.user_id == @user.id
+  end
+
+  def update?
+    @record.user_id == @user.id
+  end
+
+  def destroy?
+    @user.has_role?(:admin)
+  end
+end
diff --git a/app/policies/lesson_policy.rb b/app/policies/lesson_policy.rb
@@ -6,7 +6,8 @@ def resolve
   end
 
   def show?
-    @user&.has_role?(:admin || @record.course.user_id == @user.id)
+    @user&.has_role?(:admin || @record.course.user_id == @user.id) ||
+      @record.course.bought(@user) == false
   end
 
   def edit?
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
@@ -6,6 +6,10 @@ def resolve
     end
   end
 
+  def index?
+    @user.has_role?(:admin)
+  end
+
   def edit?
     @user.has_role?(:admin)
   end
diff --git a/app/views/courses/show.html.haml b/app/views/courses/show.html.haml
@@ -13,7 +13,8 @@
     = render 'courses/course', course: @course
   .col-lg-6
     .fa.fa-plus
-    = link_to 'Add Lesson', new_course_lesson_path(@course, @lesson), class: 'btn btn-primary btn-sm btn-block'
-    %p
+    - if policy(@course).edit?
+      = link_to 'Add Lesson', new_course_lesson_path(@course, @lesson), class: 'btn btn-primary btn-sm btn-block'
+      %p
     - @lessons.each do |lesson|
       = render 'lessons/lesson', lesson: lesson
