diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2022-07-05 02:41:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-05 02:41:40 +0200 |
commit | 44b2ee3485ba0845e5910cefcb4b1e2f84f34470 (patch) | |
tree | cc91189c9b36aaf0a04d339455c6d238992753a9 /app/policies/account_policy.rb | |
parent | 1b4054256f9d3302b44f71627a23bb0902578867 (diff) |
Add customizable user roles (#18641)
* Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
Diffstat (limited to 'app/policies/account_policy.rb')
-rw-r--r-- | app/policies/account_policy.rb | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb index cc23771e7..a744af81d 100644 --- a/app/policies/account_policy.rb +++ b/app/policies/account_policy.rb @@ -2,74 +2,66 @@ class AccountPolicy < ApplicationPolicy def index? - staff? + role.can?(:manage_users) end def show? - staff? + role.can?(:manage_users) end def warn? - staff? && !record.user&.staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def suspend? - staff? && !record.user&.staff? && !record.instance_actor? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) && !record.instance_actor? end def destroy? - record.suspended_temporarily? && admin? + record.suspended_temporarily? && role.can?(:delete_user_data) end def unsuspend? - staff? && record.suspension_origin_local? + role.can?(:manage_users) && record.suspension_origin_local? end def sensitive? - staff? && !record.user&.staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def unsensitive? - staff? + role.can?(:manage_users) end def silence? - staff? && !record.user&.staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def unsilence? - staff? + role.can?(:manage_users) end def redownload? - admin? + role.can?(:manage_federation) end def remove_avatar? - staff? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def remove_header? - staff? - end - - def subscribe? - admin? - end - - def unsubscribe? - admin? + role.can?(:manage_users, :manage_reports) && role.overrides?(record.user_role) end def memorialize? - admin? && !record.user&.admin? && !record.instance_actor? + role.can?(:delete_user_data) && role.overrides?(record.user_role) && !record.instance_actor? end def unblock_email? - staff? + role.can?(:manage_users) end def review? - staff? + role.can?(:manage_taxonomies) end end |