skill-assessment-app/app/policies/user_policy.rb

# frozen_string_literal: true
class UserPolicy < ApplicationPolicy
  # User Access Policy
  #
  # Only Admins can view, create, or update, users
  # All other users can only access themselves (profile interface)

  def index?
    user.acts_as_admin?
  end

  def view?
    user.acts_as_admin? || user == record
  end

  def create?
    user.acts_as_admin?
  end

  def update?
    user.acts_as_admin? || user == record
  end

  def permitted_attributes
    return [:name, :email, :role, :password, quiz_ids: []] if user.acts_as_admin?
    [:name, :email, :password, :password_confirmation]
  end

  class Scope < Scope
    def resolve
      return scope if user.acts_as_admin?
      scope.where(id: user.id)
    end
  end
end
user policies 2016-09-20 14:22:20 -05:00			`# frozen_string_literal: true`
			`class UserPolicy < ApplicationPolicy`
quiz policies 2016-09-20 17:19:11 -05:00			`# User Access Policy`
			`#`
			`# Only Admins can view, create, or update, users`
user policy to allow profile edits 2016-09-21 11:03:45 -05:00			`# All other users can only access themselves (profile interface)`
quiz policies 2016-09-20 17:19:11 -05:00
dashboard controller 2016-09-21 17:04:08 -05:00			`def index?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`user.acts_as_admin?`
dashboard controller 2016-09-21 17:04:08 -05:00			`end`

user policies 2016-09-20 14:22:20 -05:00			`def view?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`user.acts_as_admin? \|\| user == record`
user policies 2016-09-20 14:22:20 -05:00			`end`

			`def create?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`user.acts_as_admin?`
user policies 2016-09-20 14:22:20 -05:00			`end`

			`def update?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`user.acts_as_admin? \|\| user == record`
user policies 2016-09-20 14:22:20 -05:00			`end`

policy strong_params 2016-09-21 15:50:02 -05:00			`def permitted_attributes`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`return [:name, :email, :role, :password, quiz_ids: []] if user.acts_as_admin?`
policy strong_params 2016-09-21 15:50:02 -05:00			`[:name, :email, :password, :password_confirmation]`
			`end`

user policies 2016-09-20 14:22:20 -05:00			`class Scope < Scope`
			`def resolve`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`return scope if user.acts_as_admin?`
dashboard controller 2016-09-21 17:04:08 -05:00			`scope.where(id: user.id)`
user policies 2016-09-20 14:22:20 -05:00			`end`
			`end`
			`end`