user_policy.rb 1.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. class UserPolicy < ApplicationPolicy
  2. def show?
  3. return true if user.permissions?('admin.*')
  4. return true if own_account?
  5. return true if user.permissions?('ticket.agent')
  6. # check same organization for customers
  7. return false if !user.permissions?('ticket.customer')
  8. same_organization?
  9. end
  10. def update?
  11. return true if user.permissions?('admin.user')
  12. # forbid non-agents to change users
  13. return false if !user.permissions?('ticket.agent')
  14. # allow agents to change customers
  15. record.permissions?('ticket.customer')
  16. end
  17. def destroy?
  18. user.permissions?('admin.user')
  19. end
  20. private
  21. def own_account?
  22. record.id == user.id
  23. end
  24. def same_organization?
  25. return false if record.organization_id.blank?
  26. return false if user.organization_id.blank?
  27. record.organization_id == user.organization_id
  28. end
  29. class Scope < ApplicationPolicy::Scope
  30. def resolve
  31. if user.permissions?(['ticket.agent', 'admin.user'])
  32. scope.all
  33. else
  34. scope.where(id: user.id)
  35. end
  36. end
  37. end
  38. end