29 lines
845 B
Ruby
29 lines
845 B
Ruby
# frozen_string_literal: true
|
|
|
|
class TodoPolicy < BasePolicy
|
|
desc 'User can only read own todos'
|
|
condition(:own_todo) do
|
|
@user && @subject.user_id == @user.id
|
|
end
|
|
|
|
desc "User can read the todo's target"
|
|
condition(:can_read_target) do
|
|
@user && @subject.target&.readable_by?(@user)
|
|
end
|
|
|
|
desc "Todo has confidential note"
|
|
condition(:has_confidential_note, scope: :subject) { @subject&.note&.confidential? }
|
|
|
|
desc "User can read the todo's confidential note"
|
|
condition(:can_read_todo_confidential_note) do
|
|
@user && @user.can?(:read_confidential_notes, @subject.target)
|
|
end
|
|
|
|
rule { own_todo & can_read_target }.enable :read_todo
|
|
rule { can?(:read_todo) }.enable :update_todo
|
|
|
|
rule { has_confidential_note & ~can_read_todo_confidential_note }.policy do
|
|
prevent :read_todo
|
|
prevent :update_todo
|
|
end
|
|
end
|