- # frozen_string_literal: true
-
- class UserPolicy < ApplicationPolicy
- def reset_password?
- role.can?(:manage_user_access) && role.overrides?(record.role)
- end
-
- def change_email?
- role.can?(:manage_user_access) && role.overrides?(record.role)
- end
-
- def disable_2fa?
- role.can?(:manage_user_access) && role.overrides?(record.role)
- end
-
- def change_role?
- role.can?(:manage_roles) && role.overrides?(record.role)
- end
-
- def confirm?
- role.can?(:manage_user_access) && !record.confirmed?
- end
-
- def enable?
- role.can?(:manage_users)
- end
-
- def approve?
- role.can?(:manage_users) && !record.approved?
- end
-
- def reject?
- role.can?(:manage_users) && !record.approved?
- end
-
- def disable?
- role.can?(:manage_users) && role.overrides?(record.role)
- end
- end
|