skill-assessment-app/app/policies/user_policy.rb
2016-09-21 17:04:08 -05:00

36 lines
678 B
Ruby

# frozen_string_literal: true
class UserPolicy < ApplicationPolicy
# User Access Policy
#
# Only Admins can view, create, or update, users
# All other users can only access themselves (profile interface)
def index?
user.admin?
end
def view?
user.admin? || user == record
end
def create?
user.admin?
end
def update?
user.admin? || user == record
end
def permitted_attributes
return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
[:name, :email, :password, :password_confirmation]
end
class Scope < Scope
def resolve
return scope if user.admin?
scope.where(id: user.id)
end
end
end