2 files changed, 47 insertions, 0 deletions

diff --git a/app/policies/api_key_policy.rb b/app/policies/api_key_policy.rb
new file mode 100644
index 000000000..7b4c22e33
--- /dev/null
+++ b/app/policies/api_key_policy.rb
@@ -0,0 +1,19 @@
+class ApiKeyPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope
+    end
+  end
+
+  def destroy?
+    organisation_match? && user.has_permission?('api_keys.destroy')
+  end
+
+  def create?
+    organisation_match? && user.has_permission?('api_keys.create')
+  end
+
+  def update?
+    organisation_match? && user.has_permission?('api_keys.update')
+  end
+end
diff --git a/spec/policies/api_key_policy_spec.rb b/spec/policies/api_key_policy_spec.rb
new file mode 100644
index 000000000..5b9d59fa3
--- /dev/null
+++ b/spec/policies/api_key_policy_spec.rb
@@ -0,0 +1,28 @@
+require 'rails_helper'
+
+RSpec.describe ApiKeyPolicy do
+
+  let(:user) { User.new }
+
+  subject { described_class }
+
+  permissions ".scope" do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+
+  permissions :show? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+
+  permissions :create? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+
+  permissions :update? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+
+  permissions :destroy? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+end