Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / policies / user_policy.rb
@xsrust xsrust on 5 Jan 2017 569 bytes updated user policy for organisation->org renaming
Raw Blame History 
class UserPolicy < ApplicationPolicy
  attr_reader :user

  def initialize(user, users)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @users = users
  end

  def admin_index?
    @user.can_grant_permissions?
  end

  def admin_grant_permissions?
    @user.can_grant_permissions? && (@users.org_id == @user.org_id)
  end

  def admin_update_permissions?
    @user.can_grant_permissions?  && (@users.org_id == @user.org_id)
  end

  class Scope < Scope
    def resolve
      scope.where(org_id: user.org_id)
    end
  end

end