class ApplicationPolicy attr_reader :user, :record def initialize(user, record) @user = user @record = record end def index? false end def show? scope.where(id: record.id).exists? end def create? false end def new? create? end def update? false end def edit? update? end def destroy? false end # TODO: update this function to enable some flag in the interface # so that admins usually can't do super admin stuff unless they # explicitly say they want to (E.g. seeing/editing/deleting private # maps - they should be able to, but not by accident) def admin_override user && user.admin end def scope Pundit.policy_scope!(user, record.class) end class Scope attr_reader :user, :scope def initialize(user, scope) @user = user @scope = scope end def resolve scope.all end end end