module Authorization module People module V1 module User #Used in the controller def self.register? return true end def self.login? return true end def self.logout?(tokenUser) return true end def self.index?(tokenUser) return true end def self.show?(targetUser,tokenUser) return true end def self.update?(targetUser,tokenUser) if targetUser != tokenUser #Can only update your own data return false else return true end end #Used in the serializer, current_user may be nil def self.include_id?(current_user,user_object,options) action = options[:url_options][:_recall][:action] controller = options[:url_options][:_recall][:controller] return true end def self.include_email?(current_user,user_object,options) action = options[:url_options][:_recall][:action] controller = options[:url_options][:_recall][:controller] return true end def self.include_username?(current_user,user_object,options) action = options[:url_options][:_recall][:action] controller = options[:url_options][:_recall][:controller] return true end def self.include_created_at?(current_user,user_object,options) action = options[:url_options][:_recall][:action] controller = options[:url_options][:_recall][:controller] return true end def self.include_updated_at?(current_user,user_object,options) action = options[:url_options][:_recall][:action] controller = options[:url_options][:_recall][:controller] return true end def self.include_tokens?(current_user,user_object,options) action = options[:url_options][:_recall][:action] controller = options[:url_options][:_recall][:controller] #if action == "index" && controller == "people/api/v1/users" #return false #end return false end private end end end end