From ffe1189272d958fccc450863019ad38ff34df98c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Feb 2026 07:38:15 +0000
Subject: [PATCH 1/3] Initial plan


From 0e9faa8186e872a8780d10bf66f097247fb5f988 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Feb 2026 21:31:51 +0000
Subject: [PATCH 2/3] Add missing authorization methods for share portal
 actions

Co-authored-by: maebeale <7607813+maebeale@users.noreply.github.com>
---
 app/policies/story_policy.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/policies/story_policy.rb b/app/policies/story_policy.rb
index 960f6d4e2..8344eebfd 100644
--- a/app/policies/story_policy.rb
+++ b/app/policies/story_policy.rb
@@ -5,10 +5,18 @@ def index?
     true
   end
 
+  def share_portal?
+    true
+  end
+
   def show?
     admin? || record.publicly_visible? || (authenticated? && record.published?)
   end
 
+  def show_share_portal?
+    show?
+  end
+
   # Scoping
   # See https://actionpolicy.evilmartians.io/#/scoping
   #

From 5873d77b4cc615755747fd2f77a2ed2ee36ff2a3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Feb 2026 21:37:42 +0000
Subject: [PATCH 3/3] Add tests for show_share_portal authorization

Co-authored-by: maebeale <7607813+maebeale@users.noreply.github.com>
---
 spec/requests/stories_spec.rb | 41 +++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/spec/requests/stories_spec.rb b/spec/requests/stories_spec.rb
index b2d2b5fd3..e80aa0640 100644
--- a/spec/requests/stories_spec.rb
+++ b/spec/requests/stories_spec.rb
@@ -61,6 +61,13 @@
       end
     end
 
+    describe "GET /show_share_portal" do
+      it "can view any story in share portal" do
+        get show_share_portal_story_url(private_story)
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
     describe "POST /create" do
       it "creates a story" do
         expect {
@@ -100,6 +107,23 @@
       end
     end
 
+    describe "GET /show_share_portal" do
+      it "can view published story in share portal" do
+        get show_share_portal_story_url(published_story)
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "can view publicly visible story in share portal" do
+        get show_share_portal_story_url(public_story)
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "cannot view private story in share portal" do
+        get show_share_portal_story_url(private_story)
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
     describe "POST /create" do
       it "is unauthorized" do
         post stories_url, params: { story: base_attributes }
@@ -134,6 +158,23 @@
       end
     end
 
+    describe "GET /show_share_portal" do
+      it "can view publicly visible story in share portal" do
+        get show_share_portal_story_url(public_story)
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "cannot view published-only story in share portal" do
+        get show_share_portal_story_url(published_story)
+        expect(response).to redirect_to(root_path)
+      end
+
+      it "cannot view private story in share portal" do
+        get show_share_portal_story_url(private_story)
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
     describe "POST /create" do
       it "redirects to root" do
         post stories_url, params: { story: base_attributes }