implements security policy for document types

madoleary · madoleary · commit 4972d6ff652e · 2024-04-18T12:24:14.000+02:00
diff --git a/app/policies/document_type_policy.rb b/app/policies/document_type_policy.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# app/policies/document_type_policy.rb
+class DocumentTypePolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def show?
+    index?
+  end
+
+  def create?
+    !user.nil?
+  end
+
+  def new?
+    create?
+  end
+
+  def edit?
+    (!user.nil? && owner?) || !user.nil? && privileged?
+  end
+
+  def update?
+    edit?
+  end
+
+  def review?
+    !user.nil? && privileged?
+  end
+
+  def destroy?
+    false
+  end
+
+  private
+
+  def privileged?
+    user.curator? || user.admin?
+  end
+
+  def owner?
+    record.user.nil? ? (user.curator? || user.admin?) : (user == record.user)
+  end
+end
