switch to irc-like oper behavior; require mods & admins to explicitly oper up using `fangs`/`op` bangtag or toggling defang setting in profile; auto-defang after 15 mins or with `defang`/`deop` bangtag

1 files changed, 12 insertions, 12 deletions

diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index d832bff75..aad20f366 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -2,52 +2,52 @@
 
 class UserPolicy < ApplicationPolicy
   def reset_password?
-    staff? && !record.staff?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def change_email?
-    staff? && !record.staff?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def disable_2fa?
-    admin? && !record.staff?
+    !defanged? && admin? && has_more_authority_than?(record)
   end
 
   def confirm?
-    staff? && !record.confirmed?
+    !defanged? && staff? && !record.confirmed?
   end
 
   def enable?
-    staff?
+    !defanged? && staff?
   end
 
   def approve?
-    staff? && !record.approved?
+    !defanged? && staff? && !record.approved?
   end
 
   def reject?
-    staff? && !record.approved?
+    !defanged? && staff? && !record.approved?
   end
 
   def disable?
-    staff? && !record.admin?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def promote?
-    admin? && promoteable?
+    !defanged? && admin? && promoteable?
   end
 
   def demote?
-    admin? && !record.admin? && demoteable?
+    !defanged? && admin? && has_more_authority_than?(record) && demoteable?
   end
 
   private
 
   def promoteable?
-    record.approved? && (!record.staff? || !record.admin?)
+    record.approved? && !record.can_moderate?
   end
 
   def demoteable?
-    record.staff?
+    record.can_moderate?
   end
 end