eae3c1942d
Allow site owner to read dmails sent to other users. This is make it easier to investigate spam without having to drop into the dev console.
39 lines
737 B
Ruby
39 lines
737 B
Ruby
class DmailPolicy < ApplicationPolicy
|
|
def create?
|
|
unbanned?
|
|
end
|
|
|
|
def index?
|
|
user.is_member?
|
|
end
|
|
|
|
def mark_all_as_read?
|
|
user.is_member?
|
|
end
|
|
|
|
def update?
|
|
user.is_member? && record.owner_id == user.id
|
|
end
|
|
|
|
def show?
|
|
return true if user.is_owner?
|
|
user.is_member? && (record.owner_id == user.id || record.valid_key?(request.params[:key]))
|
|
end
|
|
|
|
def reportable?
|
|
unbanned? && record.owner_id == user.id && record.is_recipient? && !record.is_automated? && !record.from.is_moderator?
|
|
end
|
|
|
|
def permitted_attributes_for_create
|
|
[:title, :body, :to_name, :to_id]
|
|
end
|
|
|
|
def permitted_attributes_for_update
|
|
[:is_read, :is_deleted]
|
|
end
|
|
|
|
def api_attributes
|
|
super + [:key]
|
|
end
|
|
end
|