Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / policies / project_group_policy.rb
@xsrust xsrust on 16 Sep 2016 493 bytes added auth and removed json from project_groups controller. additionally added constraint to projects and plans controllers that all actions must be authenticated through pundit
Raw Blame History 
class ProjectGroupPolicy < ApplicationPolicy
  attr_reader :user
  attr_reader :project_group

  def initialize(user, project_group)
    raise Pundit::NotAuthorizedError, "must be logged in" unless user
    @user = user
    @project_group = project_group
  end

  def create?
    @project_group.project.administerable_by(@user.id)
  end

  def update?
    @project_group.project.administerable_by(@user.id)
  end

  def destroy?
    @project_group.project.administerable_by(@user.id)
  end
end