From ac39e3f8ed64595d0c34ff3a199277f0bd48a11a Mon Sep 17 00:00:00 2001
From: Tom Johnson <tom@curationexperts.com>
Date: Fri, 3 Aug 2018 09:35:06 -0700
Subject: [PATCH] Allow approvers to read and edit Etds and FileSets

This ensures approvers can read (download) and edit Works and FileSets. Since
there's not an explicit "approving" group that we can use to set ACLs for these
works, we need to set the `can` permissions explictly. Whenever
`can_review_submissions?` is `true`, we let users read and edit a work, as well
as forcing `test_download` to `true`.

Connected to #1206, #1216.
---
 app/models/ability.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 6bdd8b7ce..0ed40bd56 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -5,12 +5,17 @@ class Ability
 
   # Define any customized permissions here.
   def custom_permissions
+    can [:read, :edit], String if can_review_submissions?
     return unless admin?
     can [:create, :show, :add_user, :remove_user, :index, :edit, :update, :destroy], Role
     can [:destroy], ActiveFedora::Base
     can [:read], Schools::School
   end
 
+  def test_download(id)
+    super || can_review_submissions?
+  end
+
   def ipe_permissions
     can :create, InProgressEtd if registered_user?
     can :update, InProgressEtd, user_ppid: current_user.ppid