# frozen_string_literal: true
|
|
|
|
class UserPolicy < ApplicationPolicy
|
|
def reset_password?
|
|
role.can?(:manage_user_access) && role.overrides?(record.role)
|
|
end
|
|
|
|
def change_email?
|
|
role.can?(:manage_user_access) && role.overrides?(record.role)
|
|
end
|
|
|
|
def disable_2fa?
|
|
role.can?(:manage_user_access) && role.overrides?(record.role)
|
|
end
|
|
|
|
def change_role?
|
|
role.can?(:manage_roles) && role.overrides?(record.role)
|
|
end
|
|
|
|
def confirm?
|
|
role.can?(:manage_user_access) && !record.confirmed?
|
|
end
|
|
|
|
def enable?
|
|
role.can?(:manage_users)
|
|
end
|
|
|
|
def approve?
|
|
role.can?(:manage_users) && !record.approved?
|
|
end
|
|
|
|
def reject?
|
|
role.can?(:manage_users) && !record.approved?
|
|
end
|
|
|
|
def disable?
|
|
role.can?(:manage_users) && role.overrides?(record.role)
|
|
end
|
|
end
|