From 071bf555dd1990f5cb03862d6fc62871146a3925 Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Mon, 23 Oct 2017 17:20:49 +0200
Subject: [PATCH 1/2] Remove display cancan alias

The `display` cancan alias is also defined by Spree/Solidus. And because Spree/Solidus clear all pre defined aliases in their Ability class it can happen that our alias is not working anymore. Their alias is then used instead.

As we actually do not need this alias anywhere except in the permissions definition we can just remove it.
---
 lib/alchemy/permissions.rb | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/lib/alchemy/permissions.rb b/lib/alchemy/permissions.rb
index 1e159e4a0a..b60d85fac3 100644
--- a/lib/alchemy/permissions.rb
+++ b/lib/alchemy/permissions.rb
@@ -35,7 +35,7 @@ module GuestUser
       def alchemy_guest_user_rules
         can([:show, :download], Alchemy::Attachment) { |a| !a.restricted? }
         can :see,               Alchemy::Page,       restricted: false, visible: true
-        can(:display,           Alchemy::Picture)    { |p| !p.restricted? }
+        can([:show, :thumbnail, :zoom], Alchemy::Picture) { |p| !p.restricted? }
 
         can :read, Alchemy::Content, Alchemy::Content.available.not_restricted do |c|
           c.public? && !c.restricted? && !c.trashed?
@@ -65,7 +65,7 @@ def alchemy_member_rules
         can [:show, :download], Alchemy::Attachment
         can :read,              Alchemy::Page,      Alchemy::Page.published, &:public?
         can :see,               Alchemy::Page,      restricted: true, visible: true
-        can :display,           Alchemy::Picture
+        can [:show, :thumbnail, :zoom], Alchemy::Picture
 
         can :read, Alchemy::Content, Alchemy::Content.available do |c|
           c.public? && !c.trashed?
@@ -215,11 +215,6 @@ def set_action_aliases
         :unlock,
         :visit,
         to: :edit_content
-
-      alias_action :show,
-        :thumbnail,
-        :zoom,
-        to: :display
     end
 
     # Include the role specific permissions.

From a4784453e8fa31fe290370e208e07fd5e6989c4a Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Mon, 23 Oct 2017 18:33:18 +0200
Subject: [PATCH 2/2] Remove unused picture permissions

The `:show`, `:thumbnail` and `:zoom` `Alchemy::Picture` cancan permissions are not used anywhere since we removed the frontend pictures controller in v3.5
---
 lib/alchemy/permissions.rb         |  2 --
 spec/libraries/permissions_spec.rb | 22 ----------------------
 2 files changed, 24 deletions(-)

diff --git a/lib/alchemy/permissions.rb b/lib/alchemy/permissions.rb
index b60d85fac3..e25d157f33 100644
--- a/lib/alchemy/permissions.rb
+++ b/lib/alchemy/permissions.rb
@@ -35,7 +35,6 @@ module GuestUser
       def alchemy_guest_user_rules
         can([:show, :download], Alchemy::Attachment) { |a| !a.restricted? }
         can :see,               Alchemy::Page,       restricted: false, visible: true
-        can([:show, :thumbnail, :zoom], Alchemy::Picture) { |p| !p.restricted? }
 
         can :read, Alchemy::Content, Alchemy::Content.available.not_restricted do |c|
           c.public? && !c.restricted? && !c.trashed?
@@ -65,7 +64,6 @@ def alchemy_member_rules
         can [:show, :download], Alchemy::Attachment
         can :read,              Alchemy::Page,      Alchemy::Page.published, &:public?
         can :see,               Alchemy::Page,      restricted: true, visible: true
-        can [:show, :thumbnail, :zoom], Alchemy::Picture
 
         can :read, Alchemy::Content, Alchemy::Content.available do |c|
           c.public? && !c.trashed?
diff --git a/spec/libraries/permissions_spec.rb b/spec/libraries/permissions_spec.rb
index 8891dbb1eb..cb3e70e1c8 100644
--- a/spec/libraries/permissions_spec.rb
+++ b/spec/libraries/permissions_spec.rb
@@ -33,15 +33,6 @@
       is_expected.not_to be_able_to(:show, restricted_attachment)
     end
 
-    it "can only see not restricted pictures" do
-      is_expected.to be_able_to(:show, picture)
-      is_expected.to be_able_to(:thumbnail, picture)
-      is_expected.to be_able_to(:zoom, picture)
-      is_expected.not_to be_able_to(:show, restricted_picture)
-      is_expected.not_to be_able_to(:thumbnail, restricted_picture)
-      is_expected.not_to be_able_to(:zoom, restricted_picture)
-    end
-
     it "can only visit not restricted pages" do
       is_expected.to be_able_to(:show, public_page)
       is_expected.not_to be_able_to(:show, restricted_page)
@@ -82,15 +73,6 @@
       is_expected.to be_able_to(:show, restricted_attachment)
     end
 
-    it "can see all pictures" do
-      is_expected.to be_able_to(:show, picture)
-      is_expected.to be_able_to(:thumbnail, picture)
-      is_expected.to be_able_to(:zoom, picture)
-      is_expected.to be_able_to(:show, restricted_picture)
-      is_expected.to be_able_to(:thumbnail, restricted_picture)
-      is_expected.to be_able_to(:zoom, restricted_picture)
-    end
-
     it "can visit restricted pages" do
       is_expected.to be_able_to(:show, public_page)
       is_expected.to be_able_to(:show, restricted_page)
@@ -134,10 +116,6 @@
       is_expected.to be_able_to(:info, :alchemy_admin_dashboard)
     end
 
-    it "can see picture thumbnails" do
-      is_expected.to be_able_to(:thumbnail, Alchemy::Picture)
-    end
-
     it "can edit page content" do
       is_expected.to be_able_to(:show, unpublic_page)
       is_expected.to be_able_to(:index, Alchemy::Page)