pet-rescue icon indicating copy to clipboard operation
pet-rescue copied to clipboard

Update policies for deactivated adopters/fosterers

Open mononoken opened this issue 8 months ago • 0 comments

Pending

#773

Description

This ticket will require some thinking about what an adopter or fosterer should be able to view, based on their new deactivated status. Feel free to ask questions about different scenarios. It will also require reading some Action Policy docs. Look at our wiki for a brief intro to Action Policy.

We are adding the ability for adopters or fosterers to be deactivated. However, the initial addition of deactivation doesn't actually prevent adopters and fosterers from viewing or doing actions. Lets change that using the project's policies.

We need to update the policies listed in the criteria to reject deactivated adopters/fosterers. We should handle this logic similarly to how staff account deactivation works.

Look at #verify_active_staff! in app/policies/application_policy.rb for some reference to how this is working for the deactivated staff currently.

Note: Not all of these necessarily need to be updated. Look at the actions, think about whether a user who has a deactivated account should be able to still do the action if the AdopterFosterAccount is deactivated. It may be they should not be able to do any of the below actions and we need to add the precheck to all. But there may be some where we still want them to be able to view things.

Acceptance Criteria

  • [ ] Create a shared verify method in application_policy.rb
  • [ ] Review and update policies:
    • [ ] adoptable_pet_policy.rb
    • [ ] adopter_application_policy.rb
    • [ ] adopter_foster_account_policy.rb
    • [ ] adopter_foster_dashboard_policy.rb
    • [ ] adopter_foster_profile_policy.rb
    • [ ] dashboard_policy.rb
    • [ ] default_pet_task_policy.rb
    • [ ] faq_policy.rb
    • [ ] form_policy.rb
    • [ ] fosterer_invitation_policy.rb
    • [ ] invitation_policy.rb
    • [ ] like_policy.rb
    • [ ] match_policy.rb
    • [ ] organization_profile_policy.rb
    • [ ] page_text_policy.rb
    • [ ] pet_policy.rb
    • [ ] profile_review_policy.rb
    • [ ] question_policy.rb
    • [ ] staff_account_policy.rb
    • [ ] staff_invitation_policy.rb
    • [ ] task_policy.rb
    • [ ] user_roles_policy.rb

mononoken avatar May 31 '24 20:05 mononoken