app/policies/api_key_policy.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

class ApiKeyPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
      scope
    end
  end

  def destroy?
    organisation_match? && user.has_permission?('api_keys.destroy')
  end

  def create?
    user.has_permission?('api_keys.create')
  end

  def update?
    record.try(:organisation_id) == user.organisation_id &&
      user.has_permission?('api_keys.update')
  end
end