Class: UserPolicy

Inherits:

ApplicationPolicy

• Object
• ApplicationPolicy
• UserPolicy

Defined in:

lib/kowl/templates/app/policies/user_policy.rb

Instance Attribute Summary

Attributes inherited from ApplicationPolicy

#current_user, #record

Instance Method Summary

• #create? ⇒ Boolean
• #destroy? ⇒ Boolean
• #edit? ⇒ Boolean
• #impersonate? ⇒ Boolean
• #index? ⇒ Boolean
• #new? ⇒ Boolean

  Account should not be create-able, unless someone is explicitly signing up to create an account.

• #show? ⇒ Boolean
• #update? ⇒ Boolean

Methods inherited from ApplicationPolicy

#admin?, #initialize, #staff?, #staff_member?

Constructor Details

This class inherits a constructor from ApplicationPolicy

Instance Method Details

#create? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 13

def create?
  false
end

#destroy? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 35

def destroy?
  # This was added because a user shouldn't be able to delete themselves from the admin dashboard
  admin? && current_user.id != record.id
end

#edit? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 31

def edit?
  update?
end

#impersonate? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 40

def impersonate?
  admin? && current_user.id != record.id
end

#index? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 4

def index?
  admin?
end

#new? ⇒ Boolean

Account should not be create-able, unless someone is explicitly signing up to create an account

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 9

def new?
  false
end

#show? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 17

def show?
  # Admins should be able to see all users
  # Staff members should only be able to see people who aren't superusers
  # And everyone should see records for themselves
  admin? || (staff? && record.role != 'superuser') || (staff_member? && current_user.id == record.id)
end

#update? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kowl/templates/app/policies/user_policy.rb', line 24

def update?
  # Ensure only superusers can edit other superusers.
  # => This is because we don't want a staff member editing a superuser/manager's account
  # => If the current_user only has the staff as role they can only edit someone who isn't a superuser
  admin? || (staff? && record.role != 'superuser') || (staff_member? && current_user.id == record.id)
end