app/policies/user_policy.rb


1
2
3
4
5
6
7
8
9
10
11
12
13

class UserPolicy < BasePolicy
  def rules
    can! :read_user if @user || !restricted_public_level?

    if @user
      if @user.admin? || @subject == @user
        can! :destroy_user
      end

      cannot! :destroy_user if @subject.ghost?
    end
  end
end