trabajo-afectivo/app/policies/controllers/organizations_controller_policy.rb

class Controllers::OrganizationsControllerPolicy < Controllers::ApplicationControllerPolicy
  permit! :import_example, to: 'admin.organization'
  permit! :import_start, to: 'admin.user'
  permit! %i[create update destroy search history], to: ['ticket.agent', 'admin.organization']

  def show?
    return true if user.permissions?(['ticket.agent', 'admin.organization'])

    record.params[:id].to_i == user.organization_id
  end
end
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`class Controllers::OrganizationsControllerPolicy < Controllers::ApplicationControllerPolicy`
Revert "Fixes #2605 - Deletion via API impossible when user logged in at some point." This reverts commit 0242c05165e5680f41803140b3da8dda38e2dbe0. 2020-12-08 13:23:33 +00:00			`permit! :import_example, to: 'admin.organization'`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`permit! :import_start, to: 'admin.user'`
Revert "Fixes #2605 - Deletion via API impossible when user logged in at some point." This reverts commit 0242c05165e5680f41803140b3da8dda38e2dbe0. 2020-12-08 13:23:33 +00:00			`permit! %i[create update destroy search history], to: ['ticket.agent', 'admin.organization']`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00
			`def show?`
			`return true if user.permissions?(['ticket.agent', 'admin.organization'])`

			`record.params[:id].to_i == user.organization_id`
			`end`
			`end`