user_policy.rb 738 B

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. # frozen_string_literal: true
  2. class UserPolicy < ApplicationPolicy
  3. def reset_password?
  4. staff? && !record.staff?
  5. end
  6. def change_email?
  7. staff? && !record.staff?
  8. end
  9. def disable_2fa?
  10. admin? && !record.staff?
  11. end
  12. def confirm?
  13. staff? && !record.confirmed?
  14. end
  15. def enable?
  16. staff?
  17. end
  18. def approve?
  19. staff? && !record.approved?
  20. end
  21. def reject?
  22. staff? && !record.approved?
  23. end
  24. def disable?
  25. staff? && !record.admin?
  26. end
  27. def promote?
  28. admin? && promoteable?
  29. end
  30. def demote?
  31. admin? && !record.admin? && demoteable?
  32. end
  33. private
  34. def promoteable?
  35. record.approved? && (!record.staff? || !record.admin?)
  36. end
  37. def demoteable?
  38. record.staff?
  39. end
  40. end