# frozen_string_literal: true

class DeployKeyPolicy < BasePolicy
  with_options scope: :subject, score: 0
  condition(:private_deploy_key) { @subject.private? }

  # rubocop: disable CodeReuse/ActiveRecord
  condition(:has_deploy_key) { @user.project_deploy_keys.exists?(id: @subject.id) }
  # rubocop: enable CodeReuse/ActiveRecord

  rule { anonymous }.prevent_all

  rule { admin }.enable :update_deploy_key
  rule { private_deploy_key & has_deploy_key }.enable :update_deploy_key
end