1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-12-15 00:24:09 +01:00
fab-manager/app/policies/user_policy.rb

52 lines
1.5 KiB
Ruby
Raw Normal View History

2019-09-25 16:37:42 +02:00
# frozen_string_literal: true
# Check the access policies for API::MembersController and API::UsersController
2015-05-05 03:10:25 +02:00
class UserPolicy < ApplicationPolicy
2019-09-25 16:37:42 +02:00
# Defines the scope of the users index, depending on the role of the current user
2015-05-05 03:10:25 +02:00
class Scope < Scope
def resolve
if user.admin?
scope.includes(:group, :training_credits, :machine_credits, statistic_profile: [subscriptions: [plan: [:credits]]], profile: [:user_avatar])
.joins(:roles).where("users.is_active = 'true' AND roles.name = 'member'").order('users.created_at desc')
2015-05-05 03:10:25 +02:00
else
scope.includes(profile: [:user_avatar]).joins(:roles).where("users.is_active = 'true' AND roles.name = 'member'")
.where(is_allow_contact: true).order('users.created_at desc')
2015-05-05 03:10:25 +02:00
end
end
end
def show?
user.admin? || user.manager? || (record.is_allow_contact && record.member?) || (user.id == record.id)
2015-05-05 03:10:25 +02:00
end
def current?
user.admin? || user.manager? || (user.id == record.id)
end
2015-05-05 03:10:25 +02:00
def update?
user.admin? || user.manager? || (user.id == record.id)
2015-05-05 03:10:25 +02:00
end
2016-03-23 18:39:41 +01:00
def destroy?
2019-10-29 09:59:21 +01:00
user.admin? || (user.id == record.id)
2016-03-23 18:39:41 +01:00
end
%w[merge complete_tour].each do |action|
define_method "#{action}?" do
user.id == record.id
end
2016-03-23 18:39:41 +01:00
end
2016-05-30 15:39:19 +02:00
%w[list index create_member validate].each do |action|
define_method "#{action}?" do
user.admin? || user.manager?
end
end
2020-05-04 18:32:25 +02:00
%w[create mapping update_role].each do |action|
define_method "#{action}?" do
user.admin?
end
2016-05-30 15:39:19 +02:00
end
2015-05-05 03:10:25 +02:00
end