Class: UserPolicy

Inherits:

ApplicationPolicy

• Object
• ApplicationPolicy
• UserPolicy

Defined in:

app/policies/user_policy.rb

Overview

Authorizes access to User objects

See Also:

• https://github.com/elabs/pundit

Instance Method Summary

• #create? ⇒ false (also: #new?)

  Users only are created via invitation.

• #destroy? ⇒ Boolean

  Whether or not the user is a staff member.

• #edit? ⇒ Boolean (also: #update?)

  Whether or not the user is editing his/her own user record.

• #index? ⇒ false

  We don't allow all users to be enumerated.

• #show? ⇒ true

  Anyone can view any user's profile.

Methods inherited from ApplicationPolicy

#initialize, #scope, #user

Constructor Details

This class inherits a constructor from ApplicationPolicy

Instance Method Details

#create? ⇒ false Also known as: new?

Returns users only are created via invitation

Returns:

• (false) —

  users only are created via invitation

# File 'app/policies/user_policy.rb', line 16

def create?
  false
end

#destroy? ⇒ Boolean

Returns whether or not the user is a staff member

Returns:

• (Boolean) —

  whether or not the user is a staff member

# File 'app/policies/user_policy.rb', line 30

def destroy?
  organization_user.staff?
end

#edit? ⇒ Boolean Also known as: update?

Returns whether or not the user is editing his/her own user record

Returns:

• (Boolean) —

  whether or not the user is editing his/her own user record

# File 'app/policies/user_policy.rb', line 23

def edit?
  self? || organization_user.staff?
end

#index? ⇒ false

Note:

will change when we build a separate admin UI

Returns we don't allow all users to be enumerated

Returns:

• (false) —

  we don't allow all users to be enumerated

# File 'app/policies/user_policy.rb', line 6

def index?
  false
end

#show? ⇒ true

Returns anyone can view any user's profile

Returns:

• (true) —

  anyone can view any user's profile

# File 'app/policies/user_policy.rb', line 11

def show?
  true
end