Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / policies / organisation_policy.rb
@xsrust xsrust on 16 Sep 2016 654 bytes forced auth on organisations_controller. TODO: re-check parent, children, and templates after AJAX removed
Raw Blame History 
class OrganisationPolicy < ApplicationPolicy
  attr_reader :user, :organisation

  def initialize(user, organisation)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @organisation = organisation
  end

  def admin_show?
    user.can_modify_org_details? && (user.organisation_id == organisation.id)
  end

  def admin_edit?
    user.can_modify_org_details? && (user.organisaiton_id == organisation.id)
  end

  def admin_update?
    user.can_modify_org_details? && (user.organisaiton_id == organisation.id)
  end

  def parent?
    true
  end

  def children?
    true
  end

  def templates?
    true
  end

end