Merge branch 'master' into development

DMPRoadmap · Apr 7, 2022 · bf05372 · bf05372
2 parents 4eef78d + 0c719e8
commit bf05372
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/app/controllers/public_pages_controller.rb b/app/controllers/public_pages_controller.rb
@@ -30,7 +30,7 @@ def template_export
     @template = Template.live(params[:id])
     # covers authorization for this action.
     # Pundit dosent support passing objects into scoped policies
-    unless PublicPagePolicy.new(@template).template_export?
+    unless PublicPagePolicy.new(current_user, @template).template_export?
       msg = 'You are not authorized to export that template'
       redirect_to public_templates_path, notice: msg and return
       # raise Pundit::NotAuthorizedError

diff --git a/app/policies/public_page_policy.rb b/app/policies/public_page_policy.rb
@@ -3,7 +3,12 @@
 # Security rules for the public pages
 # Note the method names here correspond with controller actions
 class PublicPagePolicy < ApplicationPolicy
-  # NOTE: @user is the signed_in_user and @record is an instance of Plan
+  # rubocop:disable Lint/MissingSuper
+  def initialize(user, record = nil)
+    @user = user
+    @record = record
+  end
+  # rubocop:enable Lint/MissingSuper
 
   def plan_index?
     true
@@ -14,7 +19,7 @@ def template_index?
   end
 
   def template_export?
-    @record.present? && @record.published?
+    @user.present? && @record.published?
   end
 
   def plan_export?