From b2376edb5e4ea996f63b8b6e9b53d1ca0a1ce7b7 Mon Sep 17 00:00:00 2001 From: Lucas Leandro Date: Fri, 18 Apr 2025 14:42:50 -0300 Subject: [PATCH 1/2] fixes pundit create? to only create record if user is owner --- app/policies/event_procedure_policy.rb | 2 +- app/policies/health_insurance_policy.rb | 2 +- app/policies/medical_shift_policy.rb | 2 +- app/policies/patient_policy.rb | 2 +- app/policies/procedure_policy.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/policies/event_procedure_policy.rb b/app/policies/event_procedure_policy.rb index d985a2ca..3f6ac846 100644 --- a/app/policies/event_procedure_policy.rb +++ b/app/policies/event_procedure_policy.rb @@ -9,7 +9,7 @@ def index? end def create? - user.present? + user_owner? end def update? diff --git a/app/policies/health_insurance_policy.rb b/app/policies/health_insurance_policy.rb index 1ce90814..715b5927 100644 --- a/app/policies/health_insurance_policy.rb +++ b/app/policies/health_insurance_policy.rb @@ -6,6 +6,6 @@ def index? end def create? - user.present? + user_owner? end end diff --git a/app/policies/medical_shift_policy.rb b/app/policies/medical_shift_policy.rb index 70d2a2d3..660d0637 100644 --- a/app/policies/medical_shift_policy.rb +++ b/app/policies/medical_shift_policy.rb @@ -17,7 +17,7 @@ def index? end def create? - user.present? + user_owner? end def update? diff --git a/app/policies/patient_policy.rb b/app/policies/patient_policy.rb index 5fb741da..5fdfc9e9 100644 --- a/app/policies/patient_policy.rb +++ b/app/policies/patient_policy.rb @@ -9,7 +9,7 @@ def index? end def create? - user.present? + user_owner? end def update? diff --git a/app/policies/procedure_policy.rb b/app/policies/procedure_policy.rb index 9a7f0baa..4224fbd3 100644 --- a/app/policies/procedure_policy.rb +++ b/app/policies/procedure_policy.rb @@ -6,7 +6,7 @@ def index? end def create? - user.present? + user_owner? end def update? From 0c310edd1abe5775b4d204ebe3a67be070981078 Mon Sep 17 00:00:00 2001 From: Lucas Leandro Date: Fri, 16 May 2025 13:27:09 -0300 Subject: [PATCH 2/2] change create polices --- app/controllers/api/v1/procedures_controller.rb | 3 +-- app/policies/event_procedure_policy.rb | 2 +- app/policies/health_insurance_policy.rb | 2 +- app/policies/medical_shift_policy.rb | 2 +- app/policies/patient_policy.rb | 2 +- app/policies/procedure_policy.rb | 2 +- 6 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/controllers/api/v1/procedures_controller.rb b/app/controllers/api/v1/procedures_controller.rb index 7f2e1468..58140ad3 100644 --- a/app/controllers/api/v1/procedures_controller.rb +++ b/app/controllers/api/v1/procedures_controller.rb @@ -15,9 +15,8 @@ def index end def create - authorize(Procedure) result = Procedures::Create.result(attributes: procedure_params, user: current_user) - + authorize(result.procedure) if result.success? render json: result.procedure, status: :created else diff --git a/app/policies/event_procedure_policy.rb b/app/policies/event_procedure_policy.rb index 3f6ac846..d985a2ca 100644 --- a/app/policies/event_procedure_policy.rb +++ b/app/policies/event_procedure_policy.rb @@ -9,7 +9,7 @@ def index? end def create? - user_owner? + user.present? end def update? diff --git a/app/policies/health_insurance_policy.rb b/app/policies/health_insurance_policy.rb index 715b5927..1ce90814 100644 --- a/app/policies/health_insurance_policy.rb +++ b/app/policies/health_insurance_policy.rb @@ -6,6 +6,6 @@ def index? end def create? - user_owner? + user.present? end end diff --git a/app/policies/medical_shift_policy.rb b/app/policies/medical_shift_policy.rb index 660d0637..70d2a2d3 100644 --- a/app/policies/medical_shift_policy.rb +++ b/app/policies/medical_shift_policy.rb @@ -17,7 +17,7 @@ def index? end def create? - user_owner? + user.present? end def update? diff --git a/app/policies/patient_policy.rb b/app/policies/patient_policy.rb index 5fdfc9e9..5fb741da 100644 --- a/app/policies/patient_policy.rb +++ b/app/policies/patient_policy.rb @@ -9,7 +9,7 @@ def index? end def create? - user_owner? + user.present? end def update? diff --git a/app/policies/procedure_policy.rb b/app/policies/procedure_policy.rb index 4224fbd3..9a7f0baa 100644 --- a/app/policies/procedure_policy.rb +++ b/app/policies/procedure_policy.rb @@ -6,7 +6,7 @@ def index? end def create? - user_owner? + user.present? end def update?