group_member_policy.rb 568 Bytes
Newer Older
1 2
# frozen_string_literal: true

3
class GroupMemberPolicy < BasePolicy
4
  delegate :group
5

6 7
  with_scope :subject
  condition(:last_owner) { @subject.group.last_owner?(@subject.user) }
8

9 10 11
  desc "Membership is users' own"
  with_score 0
  condition(:is_target_user) { @user && @subject.user_id == @user.id }
12

13 14
  rule { anonymous }.prevent_all
  rule { last_owner }.prevent_all
15

16 17 18
  rule { can?(:admin_group_member) }.policy do
    enable :update_group_member
    enable :destroy_group_member
19 20
  end

21 22
  rule { is_target_user }.policy do
    enable :destroy_group_member
23 24
  end
end