updated auth logic on public plans (#1966)

* updated auth logic on public plans

* added skip_authorization statement as 'authorize' is no longer used

Author: xsrust

app/controllers/plan_exports_controller.rb

@@ -8,6 +8,7 @@ def show
     @plan = Plan.includes(:answers).find(params[:plan_id])
 
     if privately_authorized? && export_params[:form].present?
+      skip_authorization
       @show_coversheet         = export_params[:project_details].present?
       @show_sections_questions = export_params[:question_headings].present?
       @show_unanswered         = export_params[:unanswered_questions].present?
@@ -93,7 +94,11 @@ def publicly_authorized?
   end
 
   def privately_authorized?
-    authorize @plan, :export?
+    if current_user.present?
+      PlanPolicy.new(current_user, @plan).export?
+    else
+      false
+    end
   end
 
   def export_params