Add self_editing? method to user role policy (#33476)

2025-01-07 02:50:19 -05:00
parent dd937e115a
commit edf62d4fe3
1 changed files with 8 additions and 2 deletions
--- a/app/policies/user_role_policy.rb
+++ b/app/policies/user_role_policy.rb
@@ -10,10 +10,16 @@ class UserRolePolicy < ApplicationPolicy
  end

  def update?
-    role.can?(:manage_roles) && (role.overrides?(record) || role.id == record.id)
+    role.can?(:manage_roles) && (role.overrides?(record) || self_editing?)
  end

  def destroy?
-    !record.everyone? && role.can?(:manage_roles) && role.overrides?(record) && role.id != record.id
+    !record.everyone? && role.can?(:manage_roles) && role.overrides?(record) && !self_editing?
+  end
+
+  private
+
+  def self_editing?
+    role.id == record.id
  end
 end