1 |
class RequestPolicy < AuthenticatedPolicy |
× |
2 |
class Scope < ApplicationPolicy::Scope |
× |
3 |
def resolve |
× |
4 |
if user.is_admin?
|
× |
5 |
scope.all |
× |
6 |
else
|
× |
7 |
scope.where{(requester_id == user.id) | (requestee_id == user.id)} |
× |
8 |
end
|
× |
9 |
end
|
× |
10 |
end
|
× |
11 |
|
× |
12 |
def index? |
× |
13 |
true
|
× |
14 |
end
|
× |
15 |
|
× |
16 |
def manage? |
× |
17 |
user.is_admin? |
× |
18 |
end
|
× |
19 |
|
× |
20 |
def inspect? |
× |
21 |
user.is_staff? |
× |
22 |
end
|
× |
23 |
|
× |
24 |
def show? |
× |
25 |
user.is_staff? |
× |
26 |
end
|
× |
27 |
|
× |
28 |
def accept? |
× |
29 |
(user.is_admin? || record.requestee_id == user.id) && record.pending? |
× |
30 |
end
|
× |
31 |
|
× |
32 |
def reject? |
× |
33 |
accept? |
× |
34 |
end
|
× |
35 |
|
× |
36 |
def cancel? |
× |
37 |
(user.is_admin? || record.requester_id == user.id) && record.pending? |
× |
38 |
end
|
× |
39 |
end
|
× |
40 |
|
× |