From 6bc889d741f968d15fee9430d5ae7e5d99b19945 Mon Sep 17 00:00:00 2001
From: Bryan Larsen <bryan@larsen.st>
Date: Mon, 3 Jun 2013 16:38:26 +0200
Subject: [PATCH] task-assignment-permissions

The stories, tasks and task assignments associated with the project
need permissions similar to that of their containing project.  Let's
set their permission to check their containing project:

SHOW_PATCH
---
 app/models/story.rb           | 6 +++---
 app/models/task.rb            | 6 +++---
 app/models/task_assignment.rb | 8 ++++----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/models/story.rb b/app/models/story.rb
index 8e2f419..adadd86 100644
--- a/app/models/story.rb
+++ b/app/models/story.rb
@@ -19,15 +19,15 @@ class Story < ActiveRecord::Base
   # --- Permissions --- #
 
   def create_permitted?
-    acting_user.administrator?
+    project.creatable_by?(acting_user)
   end
 
   def update_permitted?
-    acting_user.signed_up? && !project_changed?
+    project.updatable_by?(acting_user)
   end
 
   def destroy_permitted?
-    acting_user.administrator?
+    project.destroyable_by?(acting_user)
   end
 
   def view_permitted?(field)
diff --git a/app/models/task.rb b/app/models/task.rb
index 1516794..7894bf4 100644
--- a/app/models/task.rb
+++ b/app/models/task.rb
@@ -18,15 +18,15 @@ class Task < ActiveRecord::Base
   # --- Permissions --- #
 
   def create_permitted?
-    acting_user.administrator?
+    story.creatable_by?(acting_user)
   end
 
   def update_permitted?
-    acting_user.signed_up? && !story_changed?
+    story.updatable_by?(acting_user)
   end
 
   def destroy_permitted?
-    acting_user.administrator?
+    story.destroyable_by?(acting_user)
   end
 
   def view_permitted?(field)
diff --git a/app/models/task_assignment.rb b/app/models/task_assignment.rb
index 8b3a892..5ff8749 100644
--- a/app/models/task_assignment.rb
+++ b/app/models/task_assignment.rb
@@ -13,19 +13,19 @@ class TaskAssignment < ActiveRecord::Base
   # --- Permissions --- #
 
   def create_permitted?
-    acting_user.administrator?
+    task.creatable_by?(acting_user)
   end
 
   def update_permitted?
-    acting_user.administrator?
+    task.updatable_by?(acting_user)
   end
 
   def destroy_permitted?
-    acting_user.administrator?
+    task.destroyable_by?(acting_user)
   end
 
   def view_permitted?(field)
-    true
+    task.viewable_by?(acting_user)
   end
 
 end