use member settings, remove show, tighter pundit

2023-09-01 15:22:24 +03:00
parent 973ede68b2
commit 55cade0df5
6 changed files with 37 additions and 65 deletions
--- a/app/policies/admin_policy.rb
+++ b/app/policies/admin_policy.rb
@ -0,0 +1,11 @@
+# allows to edit/detroy own data
+# which can be viewed by anyone
+class AdminPolicy < ApplicationPolicy
+  def edit?
+    member.admin?
+  end
+  alias :update? :edit?
+  alias :show? :edit?
+  alias :destroy? :edit?
+
+end
--- a/app/policies/member_policy.rb
+++ b/app/policies/member_policy.rb
@ -1,4 +1,13 @@
-class MemberPolicy < EditOwnPolicy
+class MemberPolicy < AdminPolicy
+
+  def update?
+    return true if member.admin?
+    owner?
+  end
+
+  def owner?
+    member == record.member
+  end

  class Scope < Scope
  end