055e5939b4
* Allow Member-level users to vote. * Don't allow Banned or Restricted users to create favorites any more. Banned and Restricted users aren't allowed to upvote or favorite any more to prevent sockpuppet accounts from upvoting even after they're banned.
24 lines
440 B
Ruby
24 lines
440 B
Ruby
class PostVotePolicy < ApplicationPolicy
|
|
def create?
|
|
unbanned? && user.is_member?
|
|
end
|
|
|
|
def destroy?
|
|
unbanned? && record.user == user
|
|
end
|
|
|
|
def show?
|
|
user.is_admin? || record.user == user || (record.is_positive? && !record.user.enable_private_favorites?)
|
|
end
|
|
|
|
def can_see_voter?
|
|
show?
|
|
end
|
|
|
|
def api_attributes
|
|
attributes = super
|
|
attributes -= [:user_id] unless can_see_voter?
|
|
attributes
|
|
end
|
|
end
|