Added acces rules for jobs, operator/jobs and admin/dashboard view, including lazy loading for cancel button in broadcasts

2024-09-13 14:27:50 +02:00
parent 64289d045d
commit 418b41556e
19 changed files with 145 additions and 11 deletions
--- a/app/policies/job_policy.rb
+++ b/app/policies/job_policy.rb
@@ -1,9 +1,12 @@
 class JobPolicy < ApplicationPolicy
+  skip_pre_check :allow_admins, only: :cancel?
+
+  def cancel?
+    record.open? && (user == record.costumer || user.operator? || user.admin?)
+  end
+
  # See https://actionpolicy.evilmartians.io/#/writing_policies
  #
-  # def index?
-  #   true
-  # end
  #
  # def update?
  #   # here we can access our context and record