Fixes for the review made by @javierm

this commit will be merged with the others when the chages
are accepted

app/controllers/application_controller.rb

@@ -27,8 +27,16 @@ class ApplicationController < ActionController::Base
   respond_to :html
   helper_method :current_budget
 
+  before_action :set_user_for_ckeditor_pictures
+
   private
 
+    def set_user_for_ckeditor_pictures
+      if request.path == '/ckeditor/pictures' && request.request_method == 'POST'
+        params['user_id'] = current_user.id
+      end
+    end
+
     def authenticate_http_basic
       authenticate_or_request_with_http_basic do |username, password|
         username == Rails.application.secrets.http_basic_username && password == Rails.application.secrets.http_basic_password

app/controllers/ckeditor/pictures_controller.rb

@@ -1,5 +1,7 @@
 class Ckeditor::PicturesController < Ckeditor::ApplicationController
+
   load_and_authorize_resource
+
   def index
     @pictures = Ckeditor.picture_adapter.find_all(ckeditor_pictures_scope)
     @pictures = Ckeditor::Paginatable.new(@pictures).page(params[:page])
@@ -10,7 +12,7 @@ class Ckeditor::PicturesController < Ckeditor::ApplicationController
   end
 
   def create
-    @picture = Ckeditor.picture_model.new
+    @picture = Ckeditor.picture_model.new(user_id: current_user.id)
     respond_with_asset(@picture)
   end
 
@@ -30,7 +32,7 @@ class Ckeditor::PicturesController < Ckeditor::ApplicationController
     end
 
     def authorize_resource
-      model = (@picture || Ckeditor.picture_model)
+      model = @picture || Ckeditor.picture_model
       @authorization_adapter.try(:authorize, params[:action], model)
     end
-end
+end

app/models/abilities/common.rb

@@ -5,6 +5,9 @@ module Abilities
     def initialize(user)
       merge Abilities::Everyone.new(user)
 
+      can :access, :ckeditor   # needed to access Ckeditor filebrowser
+      can [:access, :create, :destroy], Ckeditor::Picture, id: user.id
+
       can [:read, :update], User, id: user.id
 
       can :read, Debate

app/models/abilities/everyone.rb

@@ -3,10 +3,8 @@ module Abilities
     include CanCan::Ability
 
     def initialize(user)
-      can :access, :ckeditor   # needed to access Ckeditor filebrowser
-      can [:access, :read, :create, :destroy], Ckeditor::Picture
-      can [:access, :read, :create, :destroy], Ckeditor::AttachmentFile
 
+      can :read, Ckeditor::Picture
       can [:read, :map], Debate
       can [:read, :map, :summary, :share], Proposal
       can :read, Comment

app/models/ckeditor/attachment_file.rb

@@ -1,13 +0,0 @@
-class Ckeditor::AttachmentFile < Ckeditor::Asset
-  has_attached_file :data,
-                    url: '/ckeditor_assets/attachments/:id/:filename',
-                    path: ':rails_root/public/ckeditor_assets/attachments/:id/:filename'
-
-  validates_attachment_presence :data
-  validates_attachment_size :data, less_than: 100.megabytes
-  do_not_validate_attachment_file_type :data
-
-  def url_thumb
-    @url_thumb ||= Ckeditor::Utils.filethumb(filename)
-  end
-end

app/models/ckeditor/picture.rb

@@ -4,9 +4,9 @@ class Ckeditor::Picture < Ckeditor::Asset
                     path: ':rails_root/public/ckeditor_assets/pictures/:id/:style_:basename.:extension',
                     styles: { content: '800>', thumb: '118x100#' }
 
-  validates_attachment_presence :data
-  validates_attachment_size :data, less_than: 2.megabytes
-  validates_attachment_content_type :data, content_type: /\Aimage/
+  # validates_attachment_presence :data
+  # validates_attachment_size :data, less_than: 2.megabytes
+  # validates_attachment_content_type :data, content_type: /\Aimage/
 
   def url_content
     url(:content)