2015-01-08 18:35:52 -05:00
|
|
|
#mixin for all guardian methods dealing with group permissions
|
|
|
|
module GroupGuardian
|
|
|
|
|
|
|
|
# Edit authority for groups means membership changes only.
|
|
|
|
# Automatic groups are not represented in the GROUP_USERS
|
|
|
|
# table and thus do not allow membership changes.
|
|
|
|
def can_edit_group?(group)
|
2015-11-09 08:52:04 -05:00
|
|
|
(group.users.where('group_users.owner').include?(user) || is_admin?) && !group.automatic
|
2015-01-08 18:35:52 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|