Initial install of action policy

app/policies/application_policy.rb

@@ -0,0 +1,18 @@
+# Base class for application policies
+class ApplicationPolicy < ActionPolicy::Base
+  # Configure additional authorization contexts here
+  # (`user` is added by default).
+  #
+  #   authorize :account, optional: true
+  #
+  # Read more about authorization context: https://actionpolicy.evilmartians.io/#/authorization_context
+
+  private
+
+  # Define shared methods useful for most policies.
+  # For example:
+  #
+  #  def owner?
+  #    record.user_id == user.id
+  #  end
+end

app/policies/job_policy.rb

@@ -0,0 +1,20 @@
+class JobPolicy < ApplicationPolicy
+  # See https://actionpolicy.evilmartians.io/#/writing_policies
+  #
+  # def index?
+  #   true
+  # end
+  #
+  # def update?
+  #   # here we can access our context and record
+  #   user.admin? || (user.id == record.user_id)
+  # end
+
+  # Scoping
+  # See https://actionpolicy.evilmartians.io/#/scoping
+  #
+  # relation_scope do |relation|
+  #   next relation if user.admin?
+  #   relation.where(user: user)
+  # end
+end