skill-assessment-app/app/policies/quiz_policy.rb

# frozen_string_literal: true
class QuizPolicy < ApplicationPolicy
  # Quiz Access Policy
  #
  # Only Admins and Managers can create or update a quiz (and its questions)
  # Reviewers can view any quiz they are linked to
  # Recruiters can only list quiz names (for candidate assignments)

  def index?
    true
  end

  def view?
    return true if user.acts_as_manager?
    user.quizzes.include? record
  end

  def create?
    user.acts_as_manager?
  end

  def update?
    user.acts_as_manager?
  end

  class Scope < Scope
    def resolve
      if user.reviewer?
        scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
      else
        scope
      end
    end
  end
end
quiz policies 2016-09-20 17:19:11 -05:00			`# frozen_string_literal: true`
			`class QuizPolicy < ApplicationPolicy`
			`# Quiz Access Policy`
			`#`
			`# Only Admins and Managers can create or update a quiz (and its questions)`
			`# Reviewers can view any quiz they are linked to`
			`# Recruiters can only list quiz names (for candidate assignments)`

dashboard controller 2016-09-21 17:04:08 -05:00			`def index?`
			`true`
			`end`

quiz policies 2016-09-20 17:19:11 -05:00			`def view?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`return true if user.acts_as_manager?`
quiz policies 2016-09-20 17:19:11 -05:00			`user.quizzes.include? record`
			`end`

			`def create?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`user.acts_as_manager?`
quiz policies 2016-09-20 17:19:11 -05:00			`end`

			`def update?`
move recruiter to admin/candidate 2016-09-22 13:30:30 -05:00			`user.acts_as_manager?`
quiz policies 2016-09-20 17:19:11 -05:00			`end`

			`class Scope < Scope`
			`def resolve`
			`if user.reviewer?`
			`scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)`
			`else`
			`scope`
			`end`
			`end`
			`end`
			`end`