# frozen_string_literal: true class UserPolicy < ApplicationPolicy # User Access Policy # # Only Admins can view, create, or update, users # All other users can only access themselves (profile interface) def view? user.admin? || user == record end def create? user.admin? end def update? user.admin? || user == record end class Scope < Scope def resolve return scope if user.admin? raise Pundit::NotAuthorizedError, "No access to resource." end end end