diff options
Diffstat (limited to 'app/serializers/member_user_entity.rb')
-rw-r--r-- | app/serializers/member_user_entity.rb | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/app/serializers/member_user_entity.rb b/app/serializers/member_user_entity.rb index b3d8efc9143..6a01c5bb297 100644 --- a/app/serializers/member_user_entity.rb +++ b/app/serializers/member_user_entity.rb @@ -16,7 +16,7 @@ class MemberUserEntity < UserEntity user.blocked? end - expose :two_factor_enabled do |user| + expose :two_factor_enabled, if: -> (user) { current_user_can_manage_members? || current_user?(user) } do |user| user.two_factor_enabled? end @@ -25,6 +25,18 @@ class MemberUserEntity < UserEntity user.status.emoji end end + + private + + def current_user_can_manage_members? + return false unless options[:source] + + Ability.allowed?(options[:current_user], :"admin_#{options[:source].to_ability_name}_member", options[:source]) + end + + def current_user?(user) + options[:current_user] == user + end end MemberUserEntity.prepend_mod_with('MemberUserEntity') |