2016-09-20 14:22:20 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
class UserPolicy < ApplicationPolicy
|
2016-09-20 17:19:11 -05:00
|
|
|
# User Access Policy
|
|
|
|
#
|
|
|
|
# Only Admins can view, create, or update, users
|
2016-09-21 11:03:45 -05:00
|
|
|
# All other users can only access themselves (profile interface)
|
2016-09-20 17:19:11 -05:00
|
|
|
|
2016-09-21 17:04:08 -05:00
|
|
|
def index?
|
|
|
|
user.admin?
|
|
|
|
end
|
|
|
|
|
2016-09-20 14:22:20 -05:00
|
|
|
def view?
|
2016-09-21 11:03:45 -05:00
|
|
|
user.admin? || user == record
|
2016-09-20 14:22:20 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def create?
|
|
|
|
user.admin?
|
|
|
|
end
|
|
|
|
|
|
|
|
def update?
|
2016-09-21 11:03:45 -05:00
|
|
|
user.admin? || user == record
|
2016-09-20 14:22:20 -05:00
|
|
|
end
|
|
|
|
|
2016-09-21 15:50:02 -05:00
|
|
|
def permitted_attributes
|
|
|
|
return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
|
|
|
|
[:name, :email, :password, :password_confirmation]
|
|
|
|
end
|
|
|
|
|
2016-09-20 14:22:20 -05:00
|
|
|
class Scope < Scope
|
|
|
|
def resolve
|
|
|
|
return scope if user.admin?
|
2016-09-21 17:04:08 -05:00
|
|
|
scope.where(id: user.id)
|
2016-09-20 14:22:20 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|