mirror of
https://github.com/mastodon/mastodon
synced 2024-11-25 07:36:31 +09:00
2f34b747b3
* Allow moderators to disable/enable login * Instead of rejecting login, show forbidden error when login disabled Avoid confusion because when login is rejected, the message is that the account is not activated, which is wrong. * Fix tests
46 lines
609 B
Ruby
46 lines
609 B
Ruby
# frozen_string_literal: true
|
|
|
|
class UserPolicy < ApplicationPolicy
|
|
def reset_password?
|
|
staff? && !record.staff?
|
|
end
|
|
|
|
def change_email?
|
|
staff? && !record.staff?
|
|
end
|
|
|
|
def disable_2fa?
|
|
admin? && !record.staff?
|
|
end
|
|
|
|
def confirm?
|
|
staff? && !record.confirmed?
|
|
end
|
|
|
|
def enable?
|
|
staff?
|
|
end
|
|
|
|
def disable?
|
|
staff? && !record.admin?
|
|
end
|
|
|
|
def promote?
|
|
admin? && promoteable?
|
|
end
|
|
|
|
def demote?
|
|
admin? && !record.admin? && demoteable?
|
|
end
|
|
|
|
private
|
|
|
|
def promoteable?
|
|
!record.staff? || !record.admin?
|
|
end
|
|
|
|
def demoteable?
|
|
record.staff?
|
|
end
|
|
end
|