1# frozen_string_literal: true 2 3class IdentityProviderPolicy < BasePolicy 4 desc "Provider is SAML or CAS3" 5 condition(:protected_provider, scope: :subject, score: 0) { %w(saml cas3).include?(@subject.to_s) } 6 7 rule { anonymous }.prevent_all 8 9 rule { default }.policy do 10 enable :unlink 11 enable :link 12 end 13 14 rule { protected_provider }.prevent(:unlink) 15end 16 17IdentityProviderPolicy.prepend_mod_with('IdentityProviderPolicy') 18