skill-assessment-app/app/policies/question_policy.rb

39 lines
837 B
Ruby
Raw Normal View History

2016-09-20 18:17:27 -05:00
# frozen_string_literal: true
class QuestionPolicy < ApplicationPolicy
# Question Access Policy
#
# Only Admins and Managers can create or update a quiz (and its questions)
# Reviewers can view any quiz they are linked to
# Recruiters can NOT list or view questions
def view?
return false if user.recruiter?
return true if user.admin? || user.manager?
user.quizzes.include? record.quiz
end
def create?
user.manager? || user.admin?
end
def update?
user.manager? || user.admin?
end
def options?
!user.recruiter?
end
class Scope < Scope
def resolve
raise(Pundit::NotAuthorizedError, 'No Access to resource.') if user.recruiter?
if user.admin? || user.manager?
scope
else
scope.where(quiz_id: user.quizzes.map(&:id))
end
end
end
end