rubocop + allow unauthed users to see all users
This commit is contained in:
parent
2eae89a6b7
commit
df29e48d8c
4 changed files with 9 additions and 8 deletions
|
@ -5,9 +5,9 @@ module Api
|
|||
def current
|
||||
@user = current_user
|
||||
authorize @user
|
||||
return show
|
||||
show # delegate to the normal show function
|
||||
end
|
||||
|
||||
|
||||
private
|
||||
|
||||
def searchable_columns
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# frozen_string_literal: true
|
||||
class MetacodePolicy < ApplicationPolicy
|
||||
def index?
|
||||
true
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
class UserPolicy < ApplicationPolicy
|
||||
def index?
|
||||
user.present?
|
||||
true
|
||||
end
|
||||
|
||||
def show?
|
||||
user.present?
|
||||
true
|
||||
end
|
||||
|
||||
def create?
|
||||
fail 'Create should be handled by Devise'
|
||||
raise 'Create should be handled by Devise'
|
||||
end
|
||||
|
||||
def update?
|
||||
|
@ -34,8 +35,7 @@ class UserPolicy < ApplicationPolicy
|
|||
|
||||
class Scope < Scope
|
||||
def resolve
|
||||
return scope.all if user.present?
|
||||
scope.none
|
||||
scope.all
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -8,7 +8,7 @@ module Api
|
|||
:generation
|
||||
|
||||
attribute :is_admin,
|
||||
if: -> { scope[:show_is_admin] && scope[:current_user] == object }
|
||||
if: -> { scope[:show_is_admin] && scope[:current_user] == object }
|
||||
|
||||
def avatar
|
||||
object.image.url(:sixtyfour)
|
||||
|
|
Loading…
Reference in a new issue