32 lines
696 B
Ruby
32 lines
696 B
Ruby
|
# frozen_string_literal: true
|
||
|
class QuizPolicy < ApplicationPolicy
|
||
|
# Quiz Access Policy
|
||
|
#
|
||
|
# Only Admins and Managers can create or update a quiz (and its questions)
|
||
|
# Reviewers can view any quiz they are linked to
|
||
|
# Recruiters can only list quiz names (for candidate assignments)
|
||
|
|
||
|
def view?
|
||
|
return true if user.admin? || user.manager?
|
||
|
user.quizzes.include? record
|
||
|
end
|
||
|
|
||
|
def create?
|
||
|
user.manager? || user.admin?
|
||
|
end
|
||
|
|
||
|
def update?
|
||
|
user.manager? || user.admin?
|
||
|
end
|
||
|
|
||
|
class Scope < Scope
|
||
|
def resolve
|
||
|
if user.reviewer?
|
||
|
scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
|
||
|
else
|
||
|
scope
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|