Migrate to Postgresql for better network handling. Add more user functionality.

app/policies/application_policy.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  private
+
+  def current_user
+    @user || Current.user
+  end
+  
+  class Scope
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+    
+    def resolve
+      raise NoMethodError, "You must define #resolve in #{self.class}"
+    end
+    
+    private
+    
+    attr_reader :user, :scope
+  end
+end

app/policies/network_range_policy.rb

@@ -0,0 +1,62 @@
+class NetworkRangePolicy < ApplicationPolicy
+  # NOTE: Up to Pundit v2.3.1, the inheritance was declared as
+  # `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
+  # In most cases the behavior will be identical, but if updating existing
+  # code, beware of possible changes to the ancestors:
+  # https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5
+
+  def index?
+    true # Anyone can browse network ranges
+  end
+
+  def show?
+    true # Anyone can view network range details
+  end
+
+  def lookup?
+    true # Anyone can lookup IP addresses
+  end
+
+  def new?
+    current_user.present? # Must be authenticated to create network ranges
+  end
+
+  def create?
+    current_user.present? # Must be authenticated to create network ranges
+  end
+
+  def edit?
+    return false unless current_user.present?
+    return true if current_user.admin?
+
+    # Users can edit their own network ranges
+    record.user == current_user
+  end
+
+  def update?
+    return false unless current_user.present?
+    return true if current_user.admin?
+
+    # Users can update their own network ranges
+    record.user == current_user
+  end
+
+  def destroy?
+    return false unless current_user.present?
+    return true if current_user.admin?
+
+    # Users can delete their own network ranges
+    record.user == current_user
+  end
+
+  def enrich?
+    update? # Same permissions as update
+  end
+
+  class Scope < ApplicationPolicy::Scope
+    def resolve
+      # All users can see all network ranges
+      scope.all
+    end
+  end
+end

app/policies/rule_policy.rb

@@ -0,0 +1,62 @@
+class RulePolicy < ApplicationPolicy
+  # NOTE: Up to Pundit v2.3.1, the inheritance was declared as
+  # `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
+  # In most cases the behavior will be identical, but if updating existing
+  # code, beware of possible changes to the ancestors:
+  # https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5
+
+  def index?
+    true # Anyone can browse rules
+  end
+
+  def show?
+    true # Anyone can view rule details
+  end
+
+  def new?
+    current_user.present? # Must be authenticated to create rules
+  end
+
+  def create?
+    current_user.present? # Must be authenticated to create rules
+  end
+
+  def edit?
+    return false unless current_user.present?
+    return true if current_user.admin?
+
+    # Users can edit their own rules
+    record.user == current_user
+  end
+
+  def update?
+    return false unless current_user.present?
+    return true if current_user.admin?
+
+    # Users can update their own rules
+    record.user == current_user
+  end
+
+  def destroy?
+    return false unless current_user.present?
+    return true if current_user.admin?
+
+    # Users can delete their own rules
+    record.user == current_user
+  end
+
+  def enable?
+    update?
+  end
+
+  def disable?
+    update?
+  end
+
+  class Scope < ApplicationPolicy::Scope
+    def resolve
+      # All users can see all rules
+      scope.all
+    end
+  end
+end