# Styled for brevity...
class NotePolicy < ApplicationPolicy
  def show?   ; true; end
  def create? ; true; end
  def update? ; record.user == user; end
  def destroy?; record.user == user; end
end

# And a top-level policy for setting defaults.
class ApplicationPolicy
  attr_reader :user,  # User performing the action
              :record # Instance upon which action is performed

  def initialize(user, record)
    raise Pundit::NotAuthorizedError, "Must be signed in." unless user
    @user   = user
    @record = record
  end

  def index?  ; false;                              end
  def show?   ; scope.where(id: record.id).exists?; end
  def new?    ; create?;                            end
  def create? ; false;                              end
  def edit?   ; update?;                            end
  def update? ; false;                              end
  def destroy?; false;                              end

  def scope
    Pundit.policy_scope!(user, record.class)
  end
end