# frozen_string_literal: true

class WafPolicyPolicy < ApplicationPolicy
  def index?
    true # All authenticated users can view policies
  end

  def show?
    true # All authenticated users can view policy details
  end

  def new?
    user.admin? || user.editor?
  end

  def create?
    user.admin? || user.editor?
  end

  def edit?
    user.admin? || (user.editor? && record.user == user)
  end

  def update?
    user.admin? || (user.editor? && record.user == user)
  end

  def destroy?
    user.admin? || (user.editor? && record.user == user)
  end

  def activate?
    user.admin? || (user.editor? && record.user == user)
  end

  def deactivate?
    user.admin? || (user.editor? && record.user == user)
  end

  def new_country?
    create?
  end

  def create_country?
    create?
  end

  class Scope < ApplicationPolicy::Scope
    def resolve
      if user.admin?
        scope.all
      else
        # Non-admin users can only see their own policies
        scope.where(user: user)
      end
    end
  end
end