class NetworkRangePolicy < ApplicationPolicy
  # NOTE: Up to Pundit v2.3.1, the inheritance was declared as
  # `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
  # In most cases the behavior will be identical, but if updating existing
  # code, beware of possible changes to the ancestors:
  # https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5

  def index?
    true # Anyone can browse network ranges
  end

  def show?
    true # Anyone can view network range details
  end

  def lookup?
    true # Anyone can lookup IP addresses
  end

  def new?
    current_user.present? # Must be authenticated to create network ranges
  end

  def create?
    current_user.present? # Must be authenticated to create network ranges
  end

  def edit?
    return false unless current_user.present?
    return true if current_user.admin?

    # Users can edit their own network ranges
    record.user == current_user
  end

  def update?
    return false unless current_user.present?
    return true if current_user.admin?

    # Users can update their own network ranges
    record.user == current_user
  end

  def destroy?
    return false unless current_user.present?
    return true if current_user.admin?

    # Users can delete their own network ranges
    record.user == current_user
  end

  def enrich?
    update? # Same permissions as update
  end

  class Scope < ApplicationPolicy::Scope
    def resolve
      # All users can see all network ranges
      scope.all
    end
  end
end