Add authorization for toggle_favorite and rename route

differentreality · differentreality · commit 05de157bc440 · 2019-10-24T19:05:54.000+03:00
diff --git a/app/controllers/proposals_controller.rb b/app/controllers/proposals_controller.rb
@@ -6,7 +6,8 @@ class ProposalsController < ApplicationController
   load_resource :program, through: :conference, singleton: true
   load_and_authorize_resource :event, parent: false, through: :program
   # We authorize manually in these actions
-  skip_authorize_resource :event, only: [:confirm, :restart, :toogle_favorite, :withdraw]
+  skip_authorize_resource :event, only: [:confirm, :restart, :withdraw]
+
 
   def index
     @event = @program.events.new
@@ -87,7 +88,8 @@ def update
       render action: 'edit'
     end
   end
-  def toogle_favorite
+
+  def toggle_favorite
     user = User.find(params[:favourite_user_id])
     users = @event.favourite_users
     if users.include? user
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -110,6 +110,10 @@ def signed_in(user)
       event.users.include?(user)
     end
 
+    can :toggle_favorite, Event do |event|
+      event.scheduled?
+    end
+
     # can manage the commercials of their own events
     can :manage, Commercial, commercialable_type: 'Event', commercialable_id: user.events.pluck(:id)
 
diff --git a/app/views/schedules/_event.html.haml b/app/views/schedules/_event.html.haml
@@ -11,7 +11,7 @@
       = link_to('#', onClick: 'starClicked();') do
         %span#star-events{ class: "fa fa-lg #{ event.favourite_users.exists?(current_user.id) ? 'fa-star' : 'fa-star-o' }", |
                            "aria-hidden" => "true", |
-                           "data-url" => toogle_favorite_conference_program_proposal_path(@conference.short_title, event.id), |
+                           "data-url" => toggle_favorite_conference_program_proposal_path(@conference.short_title, event.id), |
                            "data-user" => current_user.id }
     %span.h3
       = event.title
diff --git a/app/views/schedules/_schedule_item.html.haml b/app/views/schedules/_schedule_item.html.haml
@@ -11,7 +11,7 @@
         = link_to('#', onClick: 'starClicked();') do
           %span#star{ class: "fa fa-lg #{ event.favourite_users.exists?(current_user.id) ? 'fa-star' : 'fa-star-o' }", |
                       "aria-hidden" =>"true", |
-                      "data-url" => toogle_favorite_conference_program_proposal_path(@conference.short_title, event.id), |
+                      "data-url" => toggle_favorite_conference_program_proposal_path(@conference.short_title, event.id), |
                       "data-user" => current_user.id }
       = event.title
 
diff --git a/config/routes.rb b/config/routes.rb
@@ -174,7 +174,7 @@
           patch '/withdraw' => 'proposals#withdraw'
           patch '/confirm' => 'proposals#confirm'
           patch '/restart' => 'proposals#restart'
-          patch :toogle_favorite
+          patch :toggle_favorite
         end
       end
       resources :tracks, except: :destroy do
