app/policies/project_member_policy.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

class ProjectMemberPolicy < BasePolicy
  def rules
    # anonymous users have no abilities here
    return unless @user

    target_user = @subject.user
    project = @subject.project

    return if target_user == project.owner

    can_manage = Ability.allowed?(@user, :admin_project_member, project)

    if can_manage
      can! :update_project_member
      can! :destroy_project_member
    end

    if @user == target_user
      can! :destroy_project_member
    end
  end
end