# frozen_string_literal: true class UserPolicy < ApplicationPolicy # User Access Policy # # Only Admins can view, create, or update, users def view? user.admin? && show? end def create? user.admin? end def update? user.admin? end class Scope < Scope def resolve return scope if user.admin? raise Pundit::NotAuthorizedError, "No access to resource." end end end