# frozen_string_literal: true
# Policy for updating profiles, provided by rockstart class UserPolicy < ApplicationPolicy
# def index? # false # end # def show? # false # end # def create? # false # end def update? current_user? end def destroy? # Prevent admins from destroying themselves current_user? && !record.admin? end def permitted_attributes if current_user? # Allow a user to update their own details %i[name] else [] end end private def current_user? user.persisted? && user.id == record.id end # Safe scope for User class Scope < Scope def resolve
<%- if auth0? -%>
raise Pundit::NotDefinedError, "Cannot scope Users"
<%- else -%>
user.persisted? ? scope.where(id: user.id) : scope.none
<%- end -%>
end end
end