Merge pull request #2509 from bitzesty/fix-palace-invite-edit

create new policy for palace invite updates

app/controllers/concerns/palace_attendees_mixin.rb

@@ -3,13 +3,13 @@ def new
     invite = PalaceInvite.find(params[:palace_invite_id])
     @enable_edition = true
     @form_answer = invite.form_answer
-    authorize @form_answer, :update?
+    authorize invite, :update?
     palace_attendee = invite.palace_attendees.build
     render_attendee_form(palace_attendee, invite)
   end
 
   def create
-    authorize form_answer, :update?
+    authorize palace_invite, :update?
     limit = palace_invite.attendees_limit
     if palace_invite.palace_attendees.count < limit
       palace_attendee = palace_invite.palace_attendees.create(create_params)
@@ -21,15 +21,15 @@ def create
   end
 
   def update
-    authorize form_answer, :update?
+    authorize palace_invite, :update?
 
     palace_attendee = palace_invite.palace_attendees.find(params[:id])
     log_event if palace_attendee.update(create_params)
     render_attendee_form(palace_attendee, palace_invite)
   end
 
   def destroy
-    authorize form_answer, :update?
+    authorize palace_invite, :update?
     palace_attendee = palace_invite.palace_attendees.find(params[:id])
     log_event if palace_attendee.destroy
     respond_to do |format|

app/controllers/concerns/palace_invites_mixin.rb

@@ -1,7 +1,7 @@
 module PalaceInvitesMixin
   def submit
     @invite = PalaceInvite.find(params[:id])
-    authorize @invite.form_answer, :update?
+    authorize @invite, :update?
 
     @invite.submit!
 

app/policies/palace_invite_policy.rb

@@ -0,0 +1,6 @@
+class PalaceInvitePolicy < ApplicationPolicy
+  def update?
+    admin? ||
+      subject.lead_or_assigned?(record.form_answer)
+  end
+end