basic admin policy start

app/controllers/admin_controller.rb

@@ -1,9 +1,13 @@
 # frozen_string_literal: true
 class AdminController < ApplicationController
+  include Pundit
   layout 'admin'
   before_action :authorize_user
 
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
   def dashboard
+    authorize :admin, :dashboard?
     @quizzes = Quiz.includes(:questions).all
     @users = User.order(:role, :name)
   end
@@ -18,4 +22,9 @@ class AdminController < ApplicationController
     def authorize_user
       redirect_to admin_login_path unless current_user
     end
+
+    def user_not_authorized
+      flash[:error] = "You are not authorized to perform this action."
+      redirect_to(request.referer || root_path)
+    end
 end

app/policies/admin_policy.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+class AdminPolicy < Struct.new(:user, :dashboard)
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    raise Pundit::NotAuthorizedError, "Must be logged in." unless user
+    @user = user
+    @record = record
+  end
+
+  def dashboard?
+    true
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope
+    end
+  end
+end