skill-assessment-app/app/policies/question_policy.rb

39 lines
798 B
Ruby
Raw Permalink Normal View History

2016-09-20 18:17:27 -05:00
# frozen_string_literal: true
class QuestionPolicy < ApplicationPolicy
# Question Access Policy
#
# Only Admins and Managers can create or update a quiz (and its questions)
# Reviewers can view any quiz they are linked to
# Recruiters can NOT list or view questions
def view?
return false if user.recruiter?
2016-09-22 13:30:30 -05:00
return true if user.acts_as_manager?
2016-09-20 18:17:27 -05:00
user.quizzes.include? record.quiz
end
2016-09-22 13:30:30 -05:00
def options?
view?
2016-09-20 18:17:27 -05:00
end
2016-09-22 13:30:30 -05:00
def create?
user.acts_as_manager?
2016-09-20 18:17:27 -05:00
end
2016-09-22 13:30:30 -05:00
def update?
user.acts_as_manager?
2016-09-20 18:17:27 -05:00
end
class Scope < Scope
def resolve
raise(Pundit::NotAuthorizedError, 'No Access to resource.') if user.recruiter?
2016-09-22 13:30:30 -05:00
if user.acts_as_manager?
2016-09-20 18:17:27 -05:00
scope
else
scope.where(quiz_id: user.quizzes.map(&:id))
end
end
end
end