permissions :update? do
    it 'denies updating if viewed user is not current user' do
      expect(UserPolicy).not_to permit(current_user, other_user)
    end
    it 'grants update if user is current user' do