# frozen_string_literal: true
class UserPolicy < ApplicationPolicy
  # User Access Policy
  #
  # Only Admins can view, create, or update, users
  # All other users can only access themselves (profile interface)

  def index?
    user.acts_as_admin?
  end

  def view?
    user.acts_as_admin? || user == record
  end

  def create?
    user.acts_as_admin?
  end

  def update?
    user.acts_as_admin? || user == record
  end

  def permitted_attributes
    return [:name, :email, :role, :password, quiz_ids: []] if user.acts_as_admin?
    [:name, :email, :password, :password_confirmation]
  end

  class Scope < Scope
    def resolve
      return scope if user.acts_as_admin?
      scope.where(id: user.id)
    end
  end
end