fab-manager/app/policies/user_policy.rb

# frozen_string_literal: true

# Check the access policies for API::MembersController and API::UsersController
class UserPolicy < ApplicationPolicy
  # Defines the scope of the users index, depending on the role of the current user
  class Scope < Scope
    def resolve
      if user.admin?
        scope.includes(:group, :training_credits, :machine_credits, statistic_profile: [subscriptions: [plan: [:credits]]], profile: [:user_avatar])
             .joins(:roles).where("users.is_active = 'true' AND roles.name = 'member'").order('users.created_at desc')
      else
        scope.includes(profile: [:user_avatar]).joins(:roles).where("users.is_active = 'true' AND roles.name = 'member'")
             .where(is_allow_contact: true).order('users.created_at desc')
      end
    end
  end

  def show?
    user.admin? || user.manager? || (record.is_allow_contact && record.member?) || (user.id == record.id)
  end

  def update?
    user.admin? || user.manager? || (user.id == record.id)
  end

  def destroy?
    user.admin? || (user.id == record.id)
  end

  %w[merge complete_tour].each do |action|
    define_method "#{action}?" do
      user.id == record.id
    end
  end

  %w[list index create_member].each do |action|
    define_method "#{action}?" do
      user.admin? || user.manager?
    end
  end

  %w[create mapping].each do |action|
    define_method "#{action}?" do
      user.admin?
    end
  end
end
[ongoing] import members from csv 2019-09-25 16:37:42 +02:00			`# frozen_string_literal: true`

			`# Check the access policies for API::MembersController and API::UsersController`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`class UserPolicy < ApplicationPolicy`
[ongoing] import members from csv 2019-09-25 16:37:42 +02:00			`# Defines the scope of the users index, depending on the role of the current user`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`class Scope < Scope`
			`def resolve`
refactored roles methods to match ruby conventions 2019-01-14 12:57:31 +01:00			`if user.admin?`
multiple fixes related to statistic_profile & invoicing_profile + fix users list while sorting by subscription 2019-06-05 12:11:51 +02:00			`scope.includes(:group, :training_credits, :machine_credits, statistic_profile: [subscriptions: [plan: [:credits]]], profile: [:user_avatar])`
improved member autocompletion with multiple words + refactored members controller 2019-01-21 15:17:56 +01:00			`.joins(:roles).where("users.is_active = 'true' AND roles.name = 'member'").order('users.created_at desc')`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`else`
improved member autocompletion with multiple words + refactored members controller 2019-01-21 15:17:56 +01:00			`scope.includes(profile: [:user_avatar]).joins(:roles).where("users.is_active = 'true' AND roles.name = 'member'")`
			`.where(is_allow_contact: true).order('users.created_at desc')`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`
			`end`
			`end`

			`def show?`
basic access to members management for managers 2020-04-27 17:48:13 +02:00			`user.admin? \|\| user.manager? \|\| (record.is_allow_contact && record.member?) \|\| (user.id == record.id)`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`

			`def update?`
basic access to members management for managers 2020-04-27 17:48:13 +02:00			`user.admin? \|\| user.manager? \|\| (user.id == record.id)`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`
release 2.0 rc 2016-03-23 18:39:41 +01:00
			`def destroy?`
[feature] admin can delete an user 2019-10-29 09:59:21 +01:00			`user.admin? \|\| (user.id == record.id)`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`end`

basic access to members management for managers 2020-04-27 17:48:13 +02:00			`%w[merge complete_tour].each do \|action\|`
			`define_method "#{action}?" do`
			`user.id == record.id`
			`end`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`end`
[feature] partial load of users list 2016-05-30 15:39:19 +02:00
manager can create memebrs & credit wallets 2020-04-28 15:34:17 +02:00			`%w[list index create_member].each do \|action\|`
basic access to members management for managers 2020-04-27 17:48:13 +02:00			`define_method "#{action}?" do`
			`user.admin? \|\| user.manager?`
			`end`
welcome tour + save completed tours in database 2020-02-18 17:36:45 +01:00			`end`

basic access to members management for managers 2020-04-27 17:48:13 +02:00			`%w[create mapping].each do \|action\|`
optimize usernames mapping in statistics 2016-06-21 14:39:44 +02:00			`define_method "#{action}?" do`
refactored roles methods to match ruby conventions 2019-01-14 12:57:31 +01:00			`user.admin?`
optimize usernames mapping in statistics 2016-06-21 14:39:44 +02:00			`end`
[feature] partial load of users list 2016-05-30 15:39:19 +02:00			`end`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`