fix hakiri issue and added authorization

app/controllers/rater_controller.rb

@@ -1,7 +1,14 @@
 class RaterController < ApplicationController
+  load_and_authorize_resource :rate
+
   def create
     if user_signed_in?
-      obj = params[:klass].classify.constantize.find(params[:id])
+      votable_type = ''
+      VotableField::VALID_VOTABLE_TYPES.each do |valid_votable_type|
+        votable_type = valid_votable_type
+        break if params[:klass] == votable_type
+      end
+      obj = votable_type.classify.constantize.find(params[:id])
       obj.rate params[:score].to_f, current_user, params[:dimension]
 
       render json: true

app/models/ability.rb

@@ -138,6 +138,7 @@ def signed_in_with_organizer_role(user)
     # ids of all the conferences for which the user has the 'organizer' role
     conf_ids_for_organizer = Conference.with_role(:organizer, user).pluck(:id)
 
+    can :manage, Rate, conference_id: conf_ids_for_organizer
     can :manage, VotableField, conference_id: conf_ids_for_organizer
     can :manage, Resource, conference_id: conf_ids_for_organizer
     can [:new, :create], Conference if user.has_role?(:organizer, :any)
@@ -193,6 +194,7 @@ def signed_in_with_cfp_role(user)
     # ids of all the conferences for which the user has the 'cfp' role
     conf_ids_for_cfp = Conference.with_role(:cfp, user).pluck(:id)
 
+    can :manage, Rate, conference_id: conf_ids_for_cfp
     can :manage, VotableField, conference_id: conf_ids_for_cfp
     can [:index, :show, :update], Resource, conference_id: conf_ids_for_cfp
     can :manage, Event, program: { conference_id: conf_ids_for_cfp }