app/policies/user_policy.rb

class UserPolicy < ApplicationPolicy
  def permitted_attributes_for_update
    if user.admin?
      [:role, :status]
    elsif user.moderator?
      [:status]
    else
      []
    end
  end

  def index?
    user.power_user?
  end

  def update?
    if user.admin?
      record.id != user.id
    elsif user.moderator?
      record.user?
    else
      false
    end
  end
end
Add users management to site settings (#126) 2022-06-24 14:39:35 +02:00			`class UserPolicy < ApplicationPolicy`
			`def permitted_attributes_for_update`
			`if user.admin?`
			`[:role, :status]`
			`elsif user.moderator?`
			`[:status]`
			`else`
			`[]`
			`end`
			`end`

			`def index?`
			`user.power_user?`
			`end`

			`def update?`
			`if user.admin?`
			`record.id != user.id`
			`elsif user.moderator?`
			`record.user?`
			`else`
			`false`
			`end`
			`end`
			`end`