class UserPolicy < BasePolicy
  include Gitlab::CurrentSettings

  desc "The application is restricted from public visibility"
  condition(:restricted_public_level, scope: :global) do
    current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
  end

  desc "The current user is the user in question"
  condition(:user_is_self, score: 0) { @subject == @user }

  desc "This is the ghost user"
  condition(:subject_ghost, scope: :subject, score: 0) { @subject.ghost? }

  rule { ~restricted_public_level }.enable :read_user
  rule { ~anonymous }.enable :read_user

  rule { user_is_self | admin }.enable :destroy_user
  rule { subject_ghost }.prevent :destroy_user
end