From 7d21530bc7721fefd6c1304b66316e059cc55bcd Mon Sep 17 00:00:00 2001
From: Rodribm10 <rodrigobm10@me.com>
Date: Wed, 15 Apr 2026 10:06:47 -0300
Subject: [PATCH] feat(lifecycle): add Pundit policies for rule/config/delivery

---
 .../captain/lifecycle/config_policy.rb        |  9 ++++++
 .../captain/lifecycle/delivery_policy.rb      |  9 ++++++
 .../policies/captain/lifecycle/rule_policy.rb | 21 ++++++++++++
 .../captain/lifecycle/rule_policy_spec.rb     | 32 +++++++++++++++++++
 4 files changed, 71 insertions(+)
 create mode 100644 enterprise/app/policies/captain/lifecycle/config_policy.rb
 create mode 100644 enterprise/app/policies/captain/lifecycle/delivery_policy.rb
 create mode 100644 enterprise/app/policies/captain/lifecycle/rule_policy.rb
 create mode 100644 spec/enterprise/policies/captain/lifecycle/rule_policy_spec.rb

diff --git a/enterprise/app/policies/captain/lifecycle/config_policy.rb b/enterprise/app/policies/captain/lifecycle/config_policy.rb
new file mode 100644
index 000000000..f077e6522
--- /dev/null
+++ b/enterprise/app/policies/captain/lifecycle/config_policy.rb
@@ -0,0 +1,9 @@
+class Captain::Lifecycle::ConfigPolicy < ApplicationPolicy
+  def show?
+    true
+  end
+
+  def update?
+    @account_user.administrator?
+  end
+end
diff --git a/enterprise/app/policies/captain/lifecycle/delivery_policy.rb b/enterprise/app/policies/captain/lifecycle/delivery_policy.rb
new file mode 100644
index 000000000..2aa564d9a
--- /dev/null
+++ b/enterprise/app/policies/captain/lifecycle/delivery_policy.rb
@@ -0,0 +1,9 @@
+class Captain::Lifecycle::DeliveryPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def show?
+    true
+  end
+end
diff --git a/enterprise/app/policies/captain/lifecycle/rule_policy.rb b/enterprise/app/policies/captain/lifecycle/rule_policy.rb
new file mode 100644
index 000000000..d310be264
--- /dev/null
+++ b/enterprise/app/policies/captain/lifecycle/rule_policy.rb
@@ -0,0 +1,21 @@
+class Captain::Lifecycle::RulePolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def show?
+    true
+  end
+
+  def create?
+    @account_user.administrator?
+  end
+
+  def update?
+    @account_user.administrator?
+  end
+
+  def destroy?
+    @account_user.administrator?
+  end
+end
diff --git a/spec/enterprise/policies/captain/lifecycle/rule_policy_spec.rb b/spec/enterprise/policies/captain/lifecycle/rule_policy_spec.rb
new file mode 100644
index 000000000..cf5e6bb12
--- /dev/null
+++ b/spec/enterprise/policies/captain/lifecycle/rule_policy_spec.rb
@@ -0,0 +1,32 @@
+require 'rails_helper'
+
+RSpec.describe Captain::Lifecycle::RulePolicy, type: :policy do
+  subject { described_class }
+
+  let(:account) { create(:account) }
+  let(:admin) { create(:user, account: account, role: :administrator) }
+  let(:agent) { create(:user, account: account, role: :agent) }
+  let(:admin_context) { { user: admin, account: account, account_user: admin.account_users.first } }
+  let(:agent_context) { { user: agent, account: account, account_user: agent.account_users.first } }
+  let(:record) { Captain::Lifecycle::Rule.new(account: account) }
+
+  permissions :index?, :show? do
+    context 'when user is administrator' do
+      it { expect(subject).to permit(admin_context, record) }
+    end
+
+    context 'when user is agent' do
+      it { expect(subject).to permit(agent_context, record) }
+    end
+  end
+
+  permissions :create?, :update?, :destroy? do
+    context 'when user is administrator' do
+      it { expect(subject).to permit(admin_context, record) }
+    end
+
+    context 'when user is agent' do
+      it { expect(subject).not_to permit(agent_context, record) }
+    end
+  end
+end