admin_ability.rb in decidim-0.5.0

- old
+ new

@@ -24,20 +24,37 @@
             organization == user.organization
           end
 
           can :manage, Feature
           can :manage, :admin_users
+
+          can :manage, :managed_users
+          cannot [:new, :create], :managed_users if empty_available_authorizations?
+          can :impersonate, Decidim::User do |user_to_impersonate|
+            user_to_impersonate.managed? && Decidim::ImpersonationLog.active.empty?
+          end
+          can :promote, Decidim::User do |user_to_promote|
+            user_to_promote.managed? && Decidim::ImpersonationLog.active.empty?
+          end
+
           can :manage, Moderation
           can :manage, Attachment
           can :manage, Scope
+          can :manage, ScopeType
           can :manage, Newsletter
           can [:create, :index, :new, :read, :invite], User
 
           can [:destroy], [User] do |user_to_destroy|
             user != user_to_destroy
           end
 
           can [:index, :verify, :reject], UserGroup
+        end
+
+        private
+
+        def empty_available_authorizations?
+          @context[:current_organization] && @context[:current_organization].available_authorizations.empty?
         end
       end
     end
   end
 end