about summary refs log tree commit diff
path: root/app/policies/user_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/policies/user_policy.rb')
-rw-r--r--app/policies/user_policy.rb24
1 files changed, 12 insertions, 12 deletions
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index d832bff75..aad20f366 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -2,52 +2,52 @@
 
 class UserPolicy < ApplicationPolicy
   def reset_password?
-    staff? && !record.staff?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def change_email?
-    staff? && !record.staff?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def disable_2fa?
-    admin? && !record.staff?
+    !defanged? && admin? && has_more_authority_than?(record)
   end
 
   def confirm?
-    staff? && !record.confirmed?
+    !defanged? && staff? && !record.confirmed?
   end
 
   def enable?
-    staff?
+    !defanged? && staff?
   end
 
   def approve?
-    staff? && !record.approved?
+    !defanged? && staff? && !record.approved?
   end
 
   def reject?
-    staff? && !record.approved?
+    !defanged? && staff? && !record.approved?
   end
 
   def disable?
-    staff? && !record.admin?
+    !defanged? && staff? && has_more_authority_than?(record)
   end
 
   def promote?
-    admin? && promoteable?
+    !defanged? && admin? && promoteable?
   end
 
   def demote?
-    admin? && !record.admin? && demoteable?
+    !defanged? && admin? && has_more_authority_than?(record) && demoteable?
   end
 
   private
 
   def promoteable?
-    record.approved? && (!record.staff? || !record.admin?)
+    record.approved? && !record.can_moderate?
   end
 
   def demoteable?
-    record.staff?
+    record.can_moderate?
   end
 end