14 lines
381 B
Ruby
14 lines
381 B
Ruby
# frozen_string_literal: true
|
|
|
|
class TodoPolicy < BasePolicy
|
|
desc 'User can only read own todos'
|
|
condition(:own_todo) do
|
|
@user && @subject.user_id == @user.id
|
|
end
|
|
condition(:can_read_target) do
|
|
@user && @subject.target&.readable_by?(@user)
|
|
end
|
|
|
|
rule { own_todo & can_read_target }.enable :read_todo
|
|
rule { own_todo & can_read_target }.enable :update_todo
|
|
end
|