limit quiz and results scopes to current_user access
now managers and reviewers can only see quizzes and completed results for those quizzes they have been assigned to.
This commit is contained in:
parent
49035929fb
commit
255e430abd
1
Gemfile
1
Gemfile
@ -54,6 +54,7 @@ group :development, :test do
|
|||||||
gem 'byebug', platform: :mri
|
gem 'byebug', platform: :mri
|
||||||
gem 'pry-byebug'
|
gem 'pry-byebug'
|
||||||
gem 'pry-rails'
|
gem 'pry-rails'
|
||||||
|
gem 'table_print'
|
||||||
gem 'faker'
|
gem 'faker'
|
||||||
|
|
||||||
gem 'brakeman'
|
gem 'brakeman'
|
||||||
|
@ -280,6 +280,7 @@ GEM
|
|||||||
actionpack (>= 4.0)
|
actionpack (>= 4.0)
|
||||||
activesupport (>= 4.0)
|
activesupport (>= 4.0)
|
||||||
sprockets (>= 3.0.0)
|
sprockets (>= 3.0.0)
|
||||||
|
table_print (1.5.6)
|
||||||
thor (0.19.4)
|
thor (0.19.4)
|
||||||
thread_safe (0.3.5)
|
thread_safe (0.3.5)
|
||||||
tilt (2.0.5)
|
tilt (2.0.5)
|
||||||
@ -348,6 +349,7 @@ DEPENDENCIES
|
|||||||
simplecov
|
simplecov
|
||||||
spring
|
spring
|
||||||
spring-watcher-listen (~> 2.0.0)
|
spring-watcher-listen (~> 2.0.0)
|
||||||
|
table_print
|
||||||
turbolinks (~> 5)
|
turbolinks (~> 5)
|
||||||
tzinfo-data
|
tzinfo-data
|
||||||
uglifier (>= 1.3.0)
|
uglifier (>= 1.3.0)
|
||||||
|
@ -11,7 +11,7 @@ module Admin
|
|||||||
def index
|
def index
|
||||||
sort_case = "(case when review_status = 0 then '' else name end)"
|
sort_case = "(case when review_status = 0 then '' else name end)"
|
||||||
sort_with_case = sort_column == 'name' ? sort_case : sort_column
|
sort_with_case = sort_column == 'name' ? sort_case : sort_column
|
||||||
@candidates = Candidate.where(completed: true)
|
@candidates = current_user.reviewees.where(completed: true)
|
||||||
.includes(:recruiter)
|
.includes(:recruiter)
|
||||||
.order("#{sort_with_case} #{sort_direction}")
|
.order("#{sort_with_case} #{sort_direction}")
|
||||||
.page(params[:page])
|
.page(params[:page])
|
||||||
|
@ -25,10 +25,10 @@ class QuizPolicy < ApplicationPolicy
|
|||||||
|
|
||||||
class Scope < Scope
|
class Scope < Scope
|
||||||
def resolve
|
def resolve
|
||||||
if user.reviewer?
|
if user.acts_as_recruiter?
|
||||||
scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
|
|
||||||
else
|
|
||||||
scope
|
scope
|
||||||
|
else
|
||||||
|
scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -15,7 +15,7 @@ class QuizPolicyTest < PolicyAssertions::Test
|
|||||||
|
|
||||||
test 'should allow manager to scope' do
|
test 'should allow manager to scope' do
|
||||||
scope = QuizPolicy::Scope.new(users(:manager), Quiz).resolve
|
scope = QuizPolicy::Scope.new(users(:manager), Quiz).resolve
|
||||||
assert_equal Quiz.count, scope.count
|
assert_equal users(:manager).quizzes.count, scope.count
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should allow reviewer to scope' do
|
test 'should allow reviewer to scope' do
|
||||||
|
Loading…
Reference in New Issue
Block a user