finished up rubocop fixes

.rubocop.yml

@@ -60,6 +60,9 @@ Layout/SpaceBeforeBrackets: # new in 1.7
 # --------
 Lint/AmbiguousAssignment: # new in 1.7
   Enabled: true
+Lint/AmbiguousBlockAssociation:
+  Exclude:
+    - 'spec/**/*'
 Lint/AmbiguousOperatorPrecedence: # new in 1.21
   Enabled: true
 Lint/AmbiguousRange: # new in 1.19

app/controllers/contributors_controller.rb

@@ -117,9 +117,10 @@ def process_org(hash:)
     allow = !Rails.configuration.x.application.restrict_orgs
     org = org_from_params(params_in: hash,
                           allow_create: allow)
-    return nil if org.blank? && !allow
 
     hash = remove_org_selection_params(params_in: hash)
+
+    return hash if org.blank? && !allow
     return hash unless org.present?
 
     hash[:org_id] = org.id

app/controllers/notes_controller.rb

@@ -31,11 +31,9 @@ def create
 
     @note.answer = @answer
     @note.text = note_params[:text]
-
     authorize @note
 
     @plan = @answer.plan
-
     @question = Question.find(note_params[:question_id])
 
     if @note.save

app/policies/annotation_policy.rb

@@ -3,25 +3,17 @@
 # Security rules for editing Annotations: Example Answers, Question level guidance
 # Note the method names here correspond with controller actions
 class AnnotationPolicy < ApplicationPolicy
-  attr_reader :user, :annotation
-
-  def initialize(user, annotation)
-    raise Pundit::NotAuthorizedError, 'must be logged in' unless user
-
-    super(user)
-    @user = user
-    @annotation = annotation
-  end
+  # NOTE: @user is the signed_in_user and @record is an instance of Annotation
 
   def create?
-    question = Question.find_by(id: @annotation.question_id)
+    question = Question.find_by(id: @record.question_id)
     return @user.can_modify_templates? && question.template.org_id == @user.org_id if question.present?
 
     false
   end
 
   def update?
-    @user.can_modify_templates? && annotation.template.org_id == @user.org_id
+    @user.can_modify_templates? && @record.template.org_id == @user.org_id
   end
 
   def destroy?

app/policies/answer_policy.rb

@@ -3,19 +3,11 @@
 # Security rules for answering questions
 # Note the method names here correspond with controller actions
 class AnswerPolicy < ApplicationPolicy
-  attr_reader :user, :answer
-
-  def initialize(user, answer)
-    raise Pundit::NotAuthorizedError, 'must be logged in' unless user
-
-    super(user)
-    @user = user
-    @answer = answer
-  end
+  # NOTE: @user is the signed_in_user and @record is an instance of Answer
 
   def create_or_update?
     # TODO: Remove the owner check after the Roles have been updated
     # is the plan editable by the user or the user is the owner of the plan
-    @answer.plan.editable_by?(@user.id) || @user == @answer.plan.owner
+    @answer.plan.editable_by?(@user.id) || @user == @record.plan.owner
   end
 end

app/policies/api/v0/departments_policy.rb

@@ -4,15 +4,7 @@ module Api
   module V0
     # Security rules for API V0 Departments endpoints
     class DepartmentsPolicy < ApplicationPolicy
-      attr_reader :user, :department
-
-      def initialize(user, department)
-        raise Pundit::NotAuthorizedError, _('must be logged in') unless user
-
-        super(user)
-        @user = user
-        @department = department
-      end
+      # NOTE: @user is the signed_in_user and @record is an instance of Department
 
       ##
       # an org-admin can create a department for their organisation
@@ -36,8 +28,8 @@ def users?
       # an org-admin may assign users (from their org) to a department (from their org)
       def assign_users?
         @user.can_org_admin? &&
-          @department.present? &&
-          @department.org == @user.org
+          @record.present? &&
+          @record.org == @user.org
       end
 
       ##

app/policies/api/v0/guidance_group_policy.rb

@@ -4,23 +4,20 @@ module Api
   module V0
     # Security rules for API V0 Guidance Group endpoints
     class GuidanceGroupPolicy < ApplicationPolicy
-      attr_reader :user, :guidance_group
+      # NOTE: @user is the signed_in_user and @record is the guidance_group
 
       def initialize(user, guidance_group)
-        raise Pundit::NotAuthorizedError, _('must be logged in') unless user
         unless user.org.token_permission_types.include? TokenPermissionType::GUIDANCES
           raise Pundit::NotAuthorizedError, _('must have access to guidances api')
         end
 
-        super(user)
-        @user = user
-        @guidance_group = guidance_group
+        super(user, guidance_group)
       end
 
       ##
       # is the plan editable by the user
       def show?
-        GuidanceGroup.can_view?(@user, @guidance_group)
+        GuidanceGroup.can_view?(@user, @record)
       end
 
       ##

app/policies/api/v0/guidance_policy.rb

@@ -4,23 +4,20 @@ module Api
   module V0
     # Security rules for API V0 Guidance endpoints
     class GuidancePolicy < ApplicationPolicy
-      attr_reader :user, :guidance
+      # NOTE: @user is the signed_in_user and @record is the guidance
 
       def initialize(user, guidance)
-        raise Pundit::NotAuthorizedError, _('must be logged in') unless user
         unless user.org.token_permission_types.include? TokenPermissionType::GUIDANCES
           raise Pundit::NotAuthorizedError, _('must have access to guidances api')
         end
 
-        super(user)
-        @user = user
-        @guidance = guidance
+        super(user, guidance)
       end
 
       ##
       # is the plan editable by the user
       def show?
-        Guidance.can_view(@user, @guidance.id)
+        Guidance.can_view(@user, @record.id)
       end
 
       ##

app/policies/api/v0/plans_policy.rb

@@ -4,23 +4,20 @@ module Api
   module V0
     # Security rules for API V0 Plan endpoints
     class PlansPolicy < ApplicationPolicy
-      attr_reader :user, :template
+      # NOTE: @user is the signed_in_user and @record is the plan
 
-      def initialize(user, template)
-        raise Pundit::NotAuthorizedError, _('must be logged in') unless user
+      def initialize(user, plan)
         unless user.org.token_permission_types.include? TokenPermissionType::PLANS
           raise Pundit::NotAuthorizedError, _('must have access to plans api')
         end
 
-        super(user)
-        @user     = user
-        @template = template
+        super(user, plan)
       end
 
       ##
       # users can create a plan if their template exists
       def create?
-        @template.present?
+        @record.present?
       end
 
       def index?

app/policies/api/v0/statistics_policy.rb

@@ -4,17 +4,14 @@ module Api
   module V0
     # Security rules for API V0 Usage Statistic endpoints
     class StatisticsPolicy < ApplicationPolicy
-      attr_reader :user
+      # NOTE: @user is the signed_in_user and @record is the statistic
 
       def initialize(user, statistic)
-        raise Pundit::NotAuthorizedError, _('must be logged in') unless user
         unless user.org.token_permission_types.include? TokenPermissionType::STATISTICS
           raise Pundit::NotAuthorizedError, _('must have access to guidances api')
         end
 
-        super(user)
-        @user = user
-        @statistic = statistic
+        super(user, statistic)
       end
 
       ##
@@ -30,7 +27,7 @@ def completed_plans?
       ##
       # need to check if your org owns this template
       def using_template?
-        @statistic.org_id == @user.org_id
+        @record.org_id == @user.org_id
       end
 
       ##

app/policies/api/v0/template_policy.rb

@@ -4,17 +4,12 @@ module Api
   module V0
     # Security rules for API V0 Template endpoints
     class TemplatePolicy < ApplicationPolicy
-      attr_reader :user, :template
-
       def initialize(user, template)
-        raise Pundit::NotAuthorizedError, _('must be logged in') unless user
         unless user.org.token_permission_types.include? TokenPermissionType::TEMPLATES
-          raise Pundit::NotAuthorizedError, _('must have access to guidances api')
+          raise Pundit::NotAuthorizedError, _('must have access to templates api')
         end
 
-        super(user)
-        @user = user
-        @template = template
+        super(user, template)
       end
 
       ##

app/policies/api/v1/plans_policy.rb

@@ -4,19 +4,11 @@ module Api
   module V1
     # Security rules for API V1 Plan endpoints
     class PlansPolicy < ApplicationPolicy
-      attr_reader :client, :plan
+      # NOTE: @user is either a User or an ApiClient
 
       # A helper method that takes the current client and returns the plans they
       # have acess to
       class Scope
-        attr_reader :client, :scope
-
-        def initialize(client, scope)
-          super(client)
-          @client = client
-          @scope = scope
-        end
-
         ## return the visible plans (via the API) to a given client
         # ALL can view: public
         # ApiClient can view: anything from the API client
@@ -25,32 +17,26 @@ def initialize(client, scope)
         # User (admin) can view: all from users of their organisation
         def resolve
           ids = Plan.publicly_visible.pluck(:id)
-          ids += plans_for_client if client.is_a?(ApiClient)
-          ids += plans_for_user if client.is_a?(User)
+          ids += plans_for_client if @user.is_a?(ApiClient)
+          ids += plans_for_user if @user.is_a?(User)
           Plan.where(id: ids.uniq)
         end
 
         private
 
         def plans_for_client
-          ids = client.plans.pluck(&:id)
-          ids += client.org.plans.pluck(&:id) if client.org.present?
+          ids = @user.plans.pluck(&:id)
+          ids += @user.org.plans.pluck(&:id) if @user.org.present?
           ids
         end
 
         def plans_for_user
-          ids = client.org.plans.organisationally_visible.pluck(:id)
-          ids += client.plans.pluck(:id)
-          ids += client.org.plans.pluck(:id) if client.can_org_admin?
+          ids = @user.org.plans.organisationally_visible.pluck(:id)
+          ids += @user.plans.pluck(:id)
+          ids += @user.org.plans.pluck(:id) if @user.can_org_admin?
           ids
         end
       end
-
-      def initialize(client, plan)
-        super(client)
-        @client = client
-        @plan = plan
-      end
     end
   end
 end

app/policies/api_client_policy.rb

@@ -3,12 +3,7 @@
 # Security rules for API Clients
 # Note the method names here correspond with controller actions
 class ApiClientPolicy < ApplicationPolicy
-  def initialize(user, *_args)
-    raise Pundit::NotAuthorizedError, _('must be logged in') unless user
-
-    super(user)
-    @user = user
-  end
+  # NOTE: @user is the signed_in_user
 
   def index?
     @user.can_super_admin?

app/policies/application_policy.rb

@@ -7,7 +7,6 @@ class ApplicationPolicy
   def initialize(user, record)
     raise Pundit::NotAuthorizedError, 'must be logged in' unless user
 
-    super(user)
     @user = user
     @record = record
   end

app/policies/department_policy.rb

@@ -3,15 +3,7 @@
 # Security rules for department editing
 # Note the method names here correspond with controller actions
 class DepartmentPolicy < ApplicationPolicy
-  attr_reader :user, :department
-
-  def initialize(user, department)
-    raise Pundit::NotAuthorizedError, 'must be logged in' unless user
-
-    super(user)
-    @user = user
-    @department = department
-  end
+  # NOTE: @user is the signed_in_user and @record is an instance of Department
 
   def new?
     @user.can_org_admin? || @user.can_super_admin?
@@ -22,17 +14,17 @@ def create?
   end
 
   def edit?
-    (@user.can_org_admin? && @user.org.id == @department.org_id) ||
+    (@user.can_org_admin? && @user.org.id == @record.org_id) ||
       @user.can_super_admin?
   end
 
   def update?
-    (@user.can_org_admin? && @user.org.id == @department.org_id) ||
+    (@user.can_org_admin? && @user.org.id == @record.org_id) ||
       @user.can_super_admin?
   end
 
   def destroy?
-    (@user.can_org_admin? && @user.org.id == @department.org_id) ||
+    (@user.can_org_admin? && @user.org.id == @record.org_id) ||
       @user.can_super_admin?
   end
 end