Allow teachers to register a passkey for themselves

Author: MrSerth

app/controllers/webauthn_credentials_controller.rb

@@ -112,7 +112,7 @@ def set_user_and_authorize
       @user = InternalUser.find(params[:internal_user_id])
     end
     params[:user_id] = @user.id_with_type # for the breadcrumbs
-    authorize(@user, :update?)
+    authorize(@user, :register_webauthn_credential?)
   end
 
   def set_webauthn_credential

app/policies/external_user_policy.rb

@@ -21,6 +21,10 @@ def change_codeharbor_link?
     admin? || @record == @user
   end
 
+  def register_webauthn_credential?
+    admin? || (@record == @user && Pundit.policy(@user, WebauthnCredential).new?)
+  end
+
   class Scope < Scope
     def resolve
       if @user.admin?

app/policies/internal_user_policy.rb

@@ -17,6 +17,10 @@ def show?
     define_method(action) { admin? || @record == @user }
   end
 
+  def register_webauthn_credential?
+    admin? || (@record == @user && Pundit.policy(@user, WebauthnCredential).new?)
+  end
+
   class Scope < Scope
     def resolve
       if @user.admin?