app/policies/user_policy.rb
# frozen_string_literal: true
class UserPolicy < ApplicationPolicy
def reset_password?
role.can?(:manage_user_access) && role.overrides?(record.role)
end
def change_email?
role.can?(:manage_user_access) && role.overrides?(record.role)
end
def disable_2fa?
role.can?(:manage_user_access) && role.overrides?(record.role)
end
def change_role?
role.can?(:manage_roles) && role.overrides?(record.role)
end
def confirm?
role.can?(:manage_user_access) && !record.confirmed?
end
def enable?
role.can?(:manage_users)
end
def approve?
role.can?(:manage_users) && !record.approved?
end
def reject?
role.can?(:manage_users) && !record.approved?
end
def disable?
role.can?(:manage_users) && role.overrides?(record.role)
end
end