Add moderator role and add pundit policies for admin actions (#5635)

* Add moderator role and add pundit policies for admin actions * Add rake task for turning user into mod and revoking it again * Fix handling of unauthorized exception * Deliver new report e-mails to staff, not just admins * Add promote/demote to admin UI, hide some actions conditionally * Fix unused i18n
author: Eugen Rochko <eugen@zeonfederated.com> 2017-11-11 20:23:33 +0100
committer: GitHub <noreply@github.com> 2017-11-11 20:23:33 +0100
commit: 7bb8b0b2fc0e2e42a4234fed18198cbb7439fe9f (patch)
tree: f629ef40a5e7253c3d7bf353959951c93e5aad6f /app/policies/user_policy.rb
parent: 2b1190065c54f071ae384f6e05b4a087987febba (diff)
1 files changed, 41 insertions, 0 deletions
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
new file mode 100644
index 00000000000..aae207d06f1
--- /dev/null
+++ b/app/policies/user_policy.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+class UserPolicy < ApplicationPolicy
+  def reset_password?
+    staff? && !record.staff?
+  end
+
+  def disable_2fa?
+    admin? && !record.staff?
+  end
+
+  def confirm?
+    staff? && !record.confirmed?
+  end
+
+  def enable?
+    admin?
+  end
+
+  def disable?
+    admin? && !record.admin?
+  end
+
+  def promote?
+    admin? && promoteable?
+  end
+
+  def demote?
+    admin? && !record.admin? && demoteable?
+  end
+
+  private
+
+  def promoteable?
+    !record.staff? || !record.admin?
+  end
+
+  def demoteable?
+    record.staff?
+  end
+end
author	Eugen Rochko <eugen@zeonfederated.com>	2017-11-11 20:23:33 +0100
committer	GitHub <noreply@github.com>	2017-11-11 20:23:33 +0100
commit	7bb8b0b2fc0e2e42a4234fed18198cbb7439fe9f (patch)
tree	f629ef40a5e7253c3d7bf353959951c93e5aad6f /app/policies/user_policy.rb
parent	2b1190065c54f071ae384f6e05b4a087987febba (diff)