limit quiz and results scopes to current_user access

now managers and reviewers can only see quizzes and completed results for those quizzes they have been assigned to.

app/policies/quiz_policy.rb

@@ -25,10 +25,10 @@ class QuizPolicy < ApplicationPolicy
 
   class Scope < Scope
     def resolve
-      if user.reviewer?
-        scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
-      else
+      if user.acts_as_recruiter?
         scope
+      else
+        scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
       end
     end
   end