app/policies/application_policy.rb
# frozen_string_literal: true
# Base class for permissions. Defaults to no access
# default ApplicationPolicy generated from Pundit
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
raise Pundit::NotAuthorizedError, 'must be logged in' unless user
@user = user
@record = record
end
def index?
false
end
def show?
false
end
def create?
false
end
def new?
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope # rubocop:disable Style/Documentation
attr_reader :user, :scope
def initialize(user, scope)
raise Pundit::NotAuthorizedError, 'must be logged in' unless user
@user = user
@scope = scope
end
def resolve
scope
end
end
private
def user_can_modify_event?(user, event)
user.superuser? || user.events.include?(event)
end
end