user policy to allow profile edits

2016-09-21 11:03:45 -05:00
parent 8ad98215c1
commit 75a4fbf71a
4 changed files with 81 additions and 18 deletions
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@ -3,9 +3,10 @@ class UserPolicy < ApplicationPolicy
  # User Access Policy
  #
  # Only Admins can view, create, or update, users
+  # All other users can only access themselves (profile interface)

  def view?
-    user.admin? && show?
+    user.admin? || user == record
  end

  def create?
@ -13,7 +14,7 @@ class UserPolicy < ApplicationPolicy
  end

  def update?
-    user.admin?
+    user.admin? || user == record
  end

  class Scope < Scope