2020-04-27 12:12:29 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-07-12 17:46:01 +02:00
|
|
|
# Check the access policies for API::SlotsReservationsController
|
|
|
|
class SlotsReservationPolicy < ApplicationPolicy
|
2016-03-23 18:39:41 +01:00
|
|
|
def update?
|
|
|
|
# check that the update is allowed and the prevention delay has not expired
|
2020-05-13 15:02:03 +02:00
|
|
|
delay = Setting.get('booking_move_delay').to_i
|
2020-05-25 16:47:06 +02:00
|
|
|
enabled = Setting.get('booking_move_enable')
|
2016-03-23 18:39:41 +01:00
|
|
|
|
|
|
|
# these condition does not apply to admins
|
2020-04-27 12:12:29 +02:00
|
|
|
user.admin? || user.manager? ||
|
2023-02-14 13:10:58 +01:00
|
|
|
(record.reservation.user == user && enabled && ((record.slot.start_at - Time.current).to_i / 3600 >= delay))
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
def cancel?
|
2020-04-27 12:12:29 +02:00
|
|
|
user.admin? || user.manager? || record.reservation.user == user
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
end
|