user policies

app/policies/application_policy.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    raise Pundit::NotAuthorizedError, "Must be logged in." unless user
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    scope.where(id: record.id).exists?
+  end
+
+  def view?
+    show?
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      # This is a closed system.
+      raise Pundit::NotAuthorizedError, "No access to resource."
+    end
+  end
+end

app/policies/user_policy.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+class UserPolicy < ApplicationPolicy
+  def view?
+    user.admin? && show?
+  end
+
+  def create?
+    user.admin?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  class Scope < Scope
+    def resolve
+      return scope if user.admin?
+      raise Pundit::NotAuthorizedError, "No access to resource."
+    end
+  end
+end