skill-assessment-app/app/policies/user_policy.rb

36 lines
726 B
Ruby
Raw Permalink Normal View History

2016-09-20 14:22:20 -05:00
# frozen_string_literal: true
class UserPolicy < ApplicationPolicy
2016-09-20 17:19:11 -05:00
# User Access Policy
#
# Only Admins can view, create, or update, users
2016-09-21 11:03:45 -05:00
# All other users can only access themselves (profile interface)
2016-09-20 17:19:11 -05:00
2016-09-21 17:04:08 -05:00
def index?
2016-09-22 13:30:30 -05:00
user.acts_as_admin?
2016-09-21 17:04:08 -05:00
end
2016-09-20 14:22:20 -05:00
def view?
2016-09-22 13:30:30 -05:00
user.acts_as_admin? || user == record
2016-09-20 14:22:20 -05:00
end
def create?
2016-09-22 13:30:30 -05:00
user.acts_as_admin?
2016-09-20 14:22:20 -05:00
end
def update?
2016-09-22 13:30:30 -05:00
user.acts_as_admin? || user == record
2016-09-20 14:22:20 -05:00
end
2016-09-21 15:50:02 -05:00
def permitted_attributes
2016-09-22 13:30:30 -05:00
return [:name, :email, :role, :password, quiz_ids: []] if user.acts_as_admin?
2016-09-21 15:50:02 -05:00
[:name, :email, :password, :password_confirmation]
end
2016-09-20 14:22:20 -05:00
class Scope < Scope
def resolve
2016-09-22 13:30:30 -05:00
return scope if user.acts_as_admin?
2016-09-21 17:04:08 -05:00
scope.where(id: user.id)
2016-09-20 14:22:20 -05:00
end
end
end