771c9d4ba8
Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
61 lines
841 B
Ruby
61 lines
841 B
Ruby
# frozen_string_literal: true
|
|
|
|
class UserPolicy < ApplicationPolicy
|
|
def reset_password?
|
|
staff? && !record.staff?
|
|
end
|
|
|
|
def change_email?
|
|
staff? && !record.staff?
|
|
end
|
|
|
|
def disable_2fa?
|
|
admin? && !record.staff?
|
|
end
|
|
|
|
def disable_sign_in_token_auth?
|
|
staff?
|
|
end
|
|
|
|
def enable_sign_in_token_auth?
|
|
staff?
|
|
end
|
|
|
|
def confirm?
|
|
staff? && !record.confirmed?
|
|
end
|
|
|
|
def enable?
|
|
staff?
|
|
end
|
|
|
|
def approve?
|
|
staff? && !record.approved?
|
|
end
|
|
|
|
def reject?
|
|
staff? && !record.approved?
|
|
end
|
|
|
|
def disable?
|
|
staff? && !record.admin?
|
|
end
|
|
|
|
def promote?
|
|
admin? && promoteable?
|
|
end
|
|
|
|
def demote?
|
|
admin? && !record.admin? && demoteable?
|
|
end
|
|
|
|
private
|
|
|
|
def promoteable?
|
|
record.approved? && (!record.staff? || !record.admin?)
|
|
end
|
|
|
|
def demoteable?
|
|
record.staff?
|
|
end
|
|
end
|