61 lines
825 B
Ruby
61 lines
825 B
Ruby
# frozen_string_literal: true
|
|
class ApplicationPolicy
|
|
attr_reader :user, :record
|
|
|
|
def initialize(user, record)
|
|
raise Pundit::NotAuthorizedError, "Must be logged in." unless user
|
|
@user = user
|
|
@record = record
|
|
end
|
|
|
|
def index?
|
|
false
|
|
end
|
|
|
|
def show?
|
|
scope.where(id: record.id).exists?
|
|
end
|
|
|
|
def view?
|
|
show?
|
|
end
|
|
|
|
def create?
|
|
false
|
|
end
|
|
|
|
def new?
|
|
create?
|
|
end
|
|
|
|
def update?
|
|
false
|
|
end
|
|
|
|
def edit?
|
|
update?
|
|
end
|
|
|
|
def destroy?
|
|
false
|
|
end
|
|
|
|
def scope
|
|
Pundit.policy_scope!(user, record.class)
|
|
end
|
|
|
|
class Scope
|
|
attr_reader :user, :scope
|
|
|
|
def initialize(user, scope)
|
|
@user = user
|
|
@scope = scope
|
|
end
|
|
|
|
def resolve
|
|
# This is a closed system.
|
|
raise Pundit::NotAuthorizedError, "No access to resource."
|
|
end
|
|
end
|
|
end
|