classProjectMemberPolicy<BasePolicydefrules# anonymous users have no abilities herereturnunless@usertarget_user=@subject.userproject=@subject.projectreturniftarget_user==project.ownercan_manage=Ability.allowed?(@user,:admin_project_member,project)ifcan_managecan!:update_project_membercan!:destroy_project_memberendif@user==target_usercan!:destroy_project_memberendendend