2021-01-25 17:42:30 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
# Check the access policies for API::PaymentSchedulesController
|
|
|
|
|
class PaymentSchedulePolicy < ApplicationPolicy
|
2021-02-09 15:44:56 +01:00
|
|
|
%w[list? cash_check? cancel?].each do |action|
|
2021-02-09 12:09:26 +01:00
|
|
|
define_method action do
|
|
|
|
|
user.admin? || user.manager?
|
|
|
|
|
end
|
2021-01-25 17:42:30 +01:00
|
|
|
end
|
|
|
|
|
|
2021-02-09 12:09:26 +01:00
|
|
|
%w[refresh_item? download? pay_item?].each do |action|
|
|
|
|
|
define_method action do
|
|
|
|
|
user.admin? || user.manager? || (record.invoicing_profile.user_id == user.id)
|
|
|
|
|
end
|
2021-01-25 17:42:30 +01:00
|
|
|
end
|
|
|
|
|
end
|
