diff --git a/app/controllers/concerns/palace_attendees_mixin.rb b/app/controllers/concerns/palace_attendees_mixin.rb index 3d2ffafdda..fe60418078 100644 --- a/app/controllers/concerns/palace_attendees_mixin.rb +++ b/app/controllers/concerns/palace_attendees_mixin.rb @@ -3,13 +3,13 @@ def new invite = PalaceInvite.find(params[:palace_invite_id]) @enable_edition = true @form_answer = invite.form_answer - authorize @form_answer, :update? + authorize invite, :update? palace_attendee = invite.palace_attendees.build render_attendee_form(palace_attendee, invite) end def create - authorize form_answer, :update? + authorize palace_invite, :update? limit = palace_invite.attendees_limit if palace_invite.palace_attendees.count < limit palace_attendee = palace_invite.palace_attendees.create(create_params) @@ -21,7 +21,7 @@ def create end def update - authorize form_answer, :update? + authorize palace_invite, :update? palace_attendee = palace_invite.palace_attendees.find(params[:id]) log_event if palace_attendee.update(create_params) @@ -29,7 +29,7 @@ def update end def destroy - authorize form_answer, :update? + authorize palace_invite, :update? palace_attendee = palace_invite.palace_attendees.find(params[:id]) log_event if palace_attendee.destroy respond_to do |format| diff --git a/app/controllers/concerns/palace_invites_mixin.rb b/app/controllers/concerns/palace_invites_mixin.rb index acd1d614ff..e462649242 100644 --- a/app/controllers/concerns/palace_invites_mixin.rb +++ b/app/controllers/concerns/palace_invites_mixin.rb @@ -1,7 +1,7 @@ module PalaceInvitesMixin def submit @invite = PalaceInvite.find(params[:id]) - authorize @invite.form_answer, :update? + authorize @invite, :update? @invite.submit! diff --git a/app/policies/palace_invite_policy.rb b/app/policies/palace_invite_policy.rb new file mode 100644 index 0000000000..5846e93ffd --- /dev/null +++ b/app/policies/palace_invite_policy.rb @@ -0,0 +1,6 @@ +class PalaceInvitePolicy < ApplicationPolicy + def update? + admin? || + subject.lead_or_assigned?(record.form_answer) + end +end