app/policies/post_policy.rb

class PostPolicy < ApplicationPolicy
  def permitted_attributes_for_create
    [:title, :description, :board_id]
  end

  def permitted_attributes_for_update
    if user.moderator?
      [:title, :description, :board_id, :post_status_id, :approval_status]
    else
      [:title, :description]
    end
  end

  def update?
    user == record.user or user.moderator?
  end

  def destroy?
    user == record.user or user.moderator?
  end
end
Improve rails controllers (#118) 2022-06-10 12:03:33 +02:00			`class PostPolicy < ApplicationPolicy`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`def permitted_attributes_for_create`
			`[:title, :description, :board_id]`
			`end`

			`def permitted_attributes_for_update`
Add role 'owner' to users (#185) 2023-01-18 21:11:27 +01:00			`if user.moderator?`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`[:title, :description, :board_id, :post_status_id, :approval_status]`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`else`
			`[:title, :description]`
			`end`
			`end`

Improve rails controllers (#118) 2022-06-10 12:03:33 +02:00			`def update?`
Add role 'owner' to users (#185) 2023-01-18 21:11:27 +01:00			`user == record.user or user.moderator?`
Improve rails controllers (#118) 2022-06-10 12:03:33 +02:00			`end`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00
			`def destroy?`
Add role 'owner' to users (#185) 2023-01-18 21:11:27 +01:00			`user == record.user or user.moderator?`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`end`
Improve rails controllers (#118) 2022-06-10 12:03:33 +02:00			`end`