From b32754dc018b3d187b1b65f41d1b7d922e1541fc Mon Sep 17 00:00:00 2001
From: maebeale <maebeale@users.noreply.github.com>
Date: Sat, 7 Mar 2026 21:22:04 -0500
Subject: [PATCH] Allow workshop log owners to see Edit button and access edit
 form

The edit? policy action was not defined in WorkshopLogPolicy, so it
fell through to ApplicationPolicy#manage? (admin-only). Owners could
update via the controller but never saw the Edit button or reached the
edit form. Adding edit? with the same rule as update? fixes this.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 app/policies/workshop_log_policy.rb       |  4 ++
 spec/policies/workshop_log_policy_spec.rb | 65 +++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 spec/policies/workshop_log_policy_spec.rb

diff --git a/app/policies/workshop_log_policy.rb b/app/policies/workshop_log_policy.rb
index d9de20a08..74502563d 100644
--- a/app/policies/workshop_log_policy.rb
+++ b/app/policies/workshop_log_policy.rb
@@ -13,6 +13,10 @@ def create?
     authenticated?
   end
 
+  def edit?
+    admin? || owner?
+  end
+
   def update?
     admin? || owner?
   end
diff --git a/spec/policies/workshop_log_policy_spec.rb b/spec/policies/workshop_log_policy_spec.rb
new file mode 100644
index 000000000..0baca5585
--- /dev/null
+++ b/spec/policies/workshop_log_policy_spec.rb
@@ -0,0 +1,65 @@
+require "rails_helper"
+
+RSpec.describe WorkshopLogPolicy, type: :policy do
+  let(:admin_user) { build_stubbed(:user, :admin) }
+  let(:owner_user) { build_stubbed(:user) }
+  let(:other_user) { build_stubbed(:user) }
+
+  let(:workshop_log) { build_stubbed(:workshop_log, created_by: owner_user) }
+
+  def policy_for(record: workshop_log, user:)
+    described_class.new(record, user: user)
+  end
+
+  describe "#edit?" do
+    context "with admin user" do
+      subject { policy_for(user: admin_user) }
+
+      it { is_expected.to be_allowed_to(:edit?) }
+    end
+
+    context "with owner user" do
+      subject { policy_for(user: owner_user) }
+
+      it { is_expected.to be_allowed_to(:edit?) }
+    end
+
+    context "with other user" do
+      subject { policy_for(user: other_user) }
+
+      it { is_expected.not_to be_allowed_to(:edit?) }
+    end
+
+    context "with no user" do
+      subject { policy_for(user: nil) }
+
+      it { is_expected.not_to be_allowed_to(:edit?) }
+    end
+  end
+
+  describe "#update?" do
+    context "with admin user" do
+      subject { policy_for(user: admin_user) }
+
+      it { is_expected.to be_allowed_to(:update?) }
+    end
+
+    context "with owner user" do
+      subject { policy_for(user: owner_user) }
+
+      it { is_expected.to be_allowed_to(:update?) }
+    end
+
+    context "with other user" do
+      subject { policy_for(user: other_user) }
+
+      it { is_expected.not_to be_allowed_to(:update?) }
+    end
+
+    context "with no user" do
+      subject { policy_for(user: nil) }
+
+      it { is_expected.not_to be_allowed_to(:update?) }
+    end
+  end
+end