Updates

2025-11-14 16:35:49 +11:00
parent df94ac9720
commit 6433f6c5bb
30 changed files with 833 additions and 245 deletions
--- a/app/policies/waf_policy_policy.rb
+++ b/app/policies/waf_policy_policy.rb
@@ -2,39 +2,39 @@

 class WafPolicyPolicy < ApplicationPolicy
  def index?
-    true # All authenticated users can view policies
+    !user.viewer? # All authenticated users except viewers can view policies
  end

  def show?
-    true # All authenticated users can view policy details
+    !user.viewer? # All authenticated users except viewers can view policy details
  end

  def new?
-    user.admin? || user.editor?
+    !user.viewer? # All authenticated users except viewers can create policies
  end

  def create?
-    user.admin? || user.editor?
+    !user.viewer? # All authenticated users except viewers can create policies
  end

  def edit?
-    user.admin? || (user.editor? && record.user == user)
+    !user.viewer? # All authenticated users except viewers can edit policies
  end

  def update?
-    user.admin? || (user.editor? && record.user == user)
+    !user.viewer? # All authenticated users except viewers can update policies
  end

  def destroy?
-    user.admin? || (user.editor? && record.user == user)
+    !user.viewer? # All authenticated users except viewers can destroy policies
  end

  def activate?
-    user.admin? || (user.editor? && record.user == user)
+    !user.viewer? # All authenticated users except viewers can activate policies
  end

  def deactivate?
-    user.admin? || (user.editor? && record.user == user)
+    !user.viewer? # All authenticated users except viewers can deactivate policies
  end

  def new_country?
@@ -45,14 +45,38 @@ class WafPolicyPolicy < ApplicationPolicy
    create?
  end

+  # ASN policy permissions
+  def new_asn?
+    create?
+  end
+
+  def create_asn?
+    create?
+  end
+
+  # Company policy permissions
+  def new_company?
+    create?
+  end
+
+  def create_company?
+    create?
+  end
+
+  # Network type policy permissions
+  def new_network_type?
+    create?
+  end
+
+  def create_network_type?
+    create?
+  end
+
  class Scope < ApplicationPolicy::Scope
    def resolve
-      if user.admin?
-        scope.all
-      else
-        # Non-admin users can only see their own policies
-        scope.where(user: user)
-      end
+      # All authenticated users except viewers can view all policies
+      # since WAF policies are system-wide security rules
+      scope.all
    end
  end
 end