From e5619547d5544a043dfec173f17020b09f882a98 Mon Sep 17 00:00:00 2001
From: hellekin <hellekin@cepheide.org>
Date: Thu, 11 Feb 2021 20:40:00 +0100
Subject: [FIX] Availability of agents

---
 app/controllers/resources_controller.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'app/controllers/resources_controller.rb')

diff --git a/app/controllers/resources_controller.rb b/app/controllers/resources_controller.rb
index 52d89ea..2fa392f 100644
--- a/app/controllers/resources_controller.rb
+++ b/app/controllers/resources_controller.rb
@@ -18,13 +18,15 @@ class ResourcesController < ApplicationController
   def create
     # TODO Background job to list similar items
     # TODO If there's a match, return to user with new record or list of mergeable ones
-    return 403 unless (current_user_editor? || current_user_observer?)
 
     classification = resource_params.delete(:classification) || { section_ids: [] }
 
+    Rails.logger.info resource_params
+
     @resource = current_agent.resources.build(resource_params)
 
     respond_to do |format|
+      Rails.logger.info "format: #{format} - Res: #{@resource.inspect}"
       if @resource.save
         classification[:section_ids].each { |id| @resource.classifications.find_or_create_by(section_id: id)  }
         format.html { redirect_to @resource, notice: 'Merci de votre contribution !' }
@@ -43,8 +45,7 @@ class ResourcesController < ApplicationController
   # GET /resources/:id/edit
   def edit
     # TODO Add a moderation queue for unauthorized but valid changes
-    flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless (current_user_editor? || current_user_maintainer?)
-
+    flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless @resource.agent == current_agent
 
     Rails.logger.info "EDIT: #{@resource.uuid} #{@resource.name} // #{current_agent.id}"
   end
@@ -56,7 +57,8 @@ class ResourcesController < ApplicationController
     # 2. Validate each change
     # 3. Moderate queue or save
 
-    return 403 unless (current_user_editor? || current_user_maintainer?)
+    # TODO: pass this to current_agent and version resource
+    return 403 unless current_agent == @resource.agent
 
     respond_to do |format|
       if @resource.update(resource_params)
@@ -78,7 +80,7 @@ class ResourcesController < ApplicationController
   def destroy
     # Check list
     # 1. User belongs to Agent and is :maintainer?
-    if !current_user_maintainer?
+    if @resource.agent != current_agent
       msg = 'You must be a maintainer to delete resources!'
       respond_to do |format|
         format.html { redirect_to :show, notice: msg }
-- 
cgit v1.2.3