app/permissions/decidim/consultations/permissions.rb in decidim-consultations-0.27.5 vs app/permissions/decidim/consultations/permissions.rb in decidim-consultations-0.27.6
- old
+ new
@@ -3,10 +3,12 @@
module Decidim
module Consultations
class Permissions < Decidim::DefaultPermissions
def permissions
allowed_public_anonymous_action?
+ allowed_public_embed_consultation_action?
+ allowed_public_embed_question_action?
return permission_action unless user
allowed_public_action?
@@ -20,11 +22,11 @@
def question
@question ||= context.fetch(:question, nil)
end
def consultation
- @consultation ||= context.fetch(:consultation, nil)
+ @consultation ||= context.fetch(:current_participatory_space, nil) || context.fetch(:consultation, nil)
end
def authorized?(permission_action, resource: nil)
return unless resource || question
@@ -41,9 +43,27 @@
when :consultation
toggle_allow(consultation.published? || user&.admin?)
when :question
toggle_allow(question.published? || user&.admin?)
end
+ end
+
+ def allowed_public_embed_consultation_action?
+ return unless permission_action.action == :embed &&
+ [:consultation, :participatory_space].include?(permission_action.subject) &&
+ consultation
+
+ return disallow! unless consultation.published?
+
+ allow!
+ end
+
+ def allowed_public_embed_question_action?
+ return unless permission_action.action == :embed && permission_action.subject == :question && question
+
+ return disallow! unless question.published?
+
+ allow!
end
def allowed_public_action?
return unless permission_action.scope == :public
return unless permission_action.subject == :question