32 lines
695 B
Ruby
32 lines
695 B
Ruby
# Base class for application policies
|
|
class ApplicationPolicy < ActionPolicy::Base
|
|
pre_check :allow_admins, :deny_verified_users
|
|
|
|
# admin is good! :)
|
|
def allow_admins
|
|
allow! if user.admin?
|
|
end
|
|
|
|
# no email verification no rights
|
|
def deny_verified_users
|
|
deny! unless user.verified?
|
|
end
|
|
|
|
# Configure additional authorization contexts here
|
|
# (`user` is added by default).
|
|
#
|
|
# authorize :account, optional: true
|
|
#
|
|
# Read more about authorization context: https://actionpolicy.evilmartians.io/#/authorization_context
|
|
|
|
|
|
private
|
|
|
|
# Define shared methods useful for most policies.
|
|
# For example:
|
|
#
|
|
# def owner?
|
|
# record.user_id == user.id
|
|
# end
|
|
end
|