mirror of
https://github.com/astuto/astuto.git
synced 2025-12-16 11:47:56 +01:00
27 lines
448 B
Ruby
27 lines
448 B
Ruby
class UserPolicy < ApplicationPolicy
|
|
def permitted_attributes_for_update
|
|
if user.admin?
|
|
[:role, :status]
|
|
elsif user.moderator?
|
|
[:status]
|
|
else
|
|
[]
|
|
end
|
|
end
|
|
|
|
def index?
|
|
user.moderator?
|
|
end
|
|
|
|
def update?
|
|
if user.owner?
|
|
true
|
|
elsif user.admin?
|
|
record.role == 'moderator' || record.role == 'user'
|
|
elsif user.moderator?
|
|
record.role == 'user'
|
|
else
|
|
false
|
|
end
|
|
end
|
|
end |