From 638e84752da5fed5243bbd321422cd33a8ac327b Mon Sep 17 00:00:00 2001
From: Rodribm10 <rodrigobm10@me.com>
Date: Sun, 19 Apr 2026 01:37:13 -0300
Subject: [PATCH] feat(captain-memory): add ContactMemoryPolicy (Pundit)

---
 .../policies/captain/contact_memory_policy.rb | 17 ++++++++++
 .../captain/contact_memory_policy_spec.rb     | 32 +++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 enterprise/app/policies/captain/contact_memory_policy.rb
 create mode 100644 spec/enterprise/policies/captain/contact_memory_policy_spec.rb

diff --git a/enterprise/app/policies/captain/contact_memory_policy.rb b/enterprise/app/policies/captain/contact_memory_policy.rb
new file mode 100644
index 000000000..c1c447329
--- /dev/null
+++ b/enterprise/app/policies/captain/contact_memory_policy.rb
@@ -0,0 +1,17 @@
+class Captain::ContactMemoryPolicy < ApplicationPolicy
+  def index?
+    @account_user.present?
+  end
+
+  def update?
+    @account_user&.administrator?
+  end
+
+  def destroy?
+    @account_user&.administrator?
+  end
+
+  def bulk_destroy?
+    @account_user&.administrator?
+  end
+end
diff --git a/spec/enterprise/policies/captain/contact_memory_policy_spec.rb b/spec/enterprise/policies/captain/contact_memory_policy_spec.rb
new file mode 100644
index 000000000..e2b22dc6c
--- /dev/null
+++ b/spec/enterprise/policies/captain/contact_memory_policy_spec.rb
@@ -0,0 +1,32 @@
+require 'rails_helper'
+
+RSpec.describe Captain::ContactMemoryPolicy, type: :policy do
+  subject { described_class }
+
+  let(:account) { create(:account) }
+  let(:admin) { create(:user, account: account, role: :administrator) }
+  let(:agent) { create(:user, account: account, role: :agent) }
+  let(:admin_context) { { user: admin, account: account, account_user: admin.account_users.first } }
+  let(:agent_context) { { user: agent, account: account, account_user: agent.account_users.first } }
+  let(:record) { create(:captain_contact_memory, account: account) }
+
+  permissions :index? do
+    context 'when user is administrator' do
+      it { expect(subject).to permit(admin_context, record) }
+    end
+
+    context 'when user is agent' do
+      it { expect(subject).to permit(agent_context, record) }
+    end
+  end
+
+  permissions :update?, :destroy?, :bulk_destroy? do
+    context 'when user is administrator' do
+      it { expect(subject).to permit(admin_context, record) }
+    end
+
+    context 'when user is agent' do
+      it { expect(subject).not_to permit(agent_context, record) }
+    end
+  end
+end