53 lines
890 B
Ruby
53 lines
890 B
Ruby
|
# frozen_string_literal: true
|
||
|
|
||
|
class UserPolicy < ApplicationPolicy
|
||
|
def show?
|
||
|
raise Pundit::NotAuthorizedError if user.nil?
|
||
|
return true if user&.acts_as_admin?
|
||
|
|
||
|
user == record
|
||
|
end
|
||
|
|
||
|
def update?
|
||
|
raise Pundit::NotAuthorizedError if user.nil?
|
||
|
|
||
|
show?
|
||
|
end
|
||
|
|
||
|
def destroy?
|
||
|
raise Pundit::NotAuthorizedError if user.nil?
|
||
|
|
||
|
user&.acts_as_admin?
|
||
|
end
|
||
|
|
||
|
def create?
|
||
|
raise Pundit::NotAuthorizedError if user.nil?
|
||
|
|
||
|
user&.acts_as_admin?
|
||
|
end
|
||
|
|
||
|
def permitted_attributes
|
||
|
return base_attributes + %i[role] if user&.acts_as_admin?
|
||
|
|
||
|
base_attributes
|
||
|
end
|
||
|
|
||
|
def base_attributes
|
||
|
%i[
|
||
|
display_name
|
||
|
email
|
||
|
password
|
||
|
password_confirmation
|
||
|
]
|
||
|
end
|
||
|
|
||
|
class Scope < Scope
|
||
|
def resolve
|
||
|
raise Pundit::NotAuthorizedError if user.nil?
|
||
|
return scope if user.acts_as_admin?
|
||
|
|
||
|
scope.where(id: user.id)
|
||
|
end
|
||
|
end
|
||
|
end
|