Policies

Role of Policies

A Policy is an abstraction around roles in your application. It's a protection before doing an operation or before retrieving data for a particular context.

Location

  • app/policies/
  • Should be suffix with _policy.rb

Usage

It can be used in many places like the Services, Controllers, Presenters, Views.

Naming

It should ends with Policy and contains the name of the model in relation to this policy or the name of the service related to it. Example:

  • CompanyPolicy
  • UserPolicy
  • JobOfferPolicy

Structure

  • It should inherit from ApplicationPolicy
  • It should be initialized with a role (context) and a data.
  • It should only include method with question mark like #read?, #create?, #forward_to_admin?, #duplicate?
  • It's read-only.

Code

module Backend
  # Policy class for the Company model
  class CompanyPolicy < ApplicationPolicy
    include Presentation
    include Filter
    include Scope

    attr_reader :company

    def initialize(role, company = nil)
      super role
      @company = company
    end

    # Does the role give the right to create a company?
    # True for: jt_admins, school_admins
    #
    # @return [Boolean]
    def create?
      role.in_role_set?(:jt_admins, :school_admins)
    end

    # Allow acces to payments history
    # @return [Boolean]
    def show_payments_history?
      role.in_role_set?(:jt_admins) || company_offers_and_belongs_to_the_company?
    end

    # Does the role give the right to administrate the payments of the company?
    # True for jt_admins
    #
    # To be able to administrate the payments give the authorisation to:
    #   - see the payment/history page
    #   - see the link to this page
    #
    # @return [Boolean]
    def administrate_payments?
      #
    end

    # Does the role give the right to administrate the company?
    # True for jt_admins, and school_admins if the company is private to the school
    #
    # To be able to administrate the company give the authorisation to:
    #   - edit the configuration of the company
    #   - enable or disable the company
    #   - publish the company
    #
    # @return [Boolean]
    def administrate?
      #
    end

    # Does the role give the right to see company parameters page?
    #
    # @return [Boolean]
    def see_parameters?
      #
    end

    private

    def school_admins_and_belongs_to_the_school?
      #
    end

    def company_offers_and_belongs_to_the_company?
      #
    end

    def company_super_admin_and_belongs_to_the_company?
      #
    end

    def belongs_to_the_company?
      #
    end

    def belongs_to_the_school?
      #
    end
  end
end

results matching ""

    No results matching ""