starting a result policy
This commit is contained in:
parent
e009fc3330
commit
3ebb79857e
@ -1,18 +1,14 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
module Admin
|
module Admin
|
||||||
class ResultController < AdminController
|
class ResultController < AdminController
|
||||||
# TODO: change context from Candidate to Quiz
|
# TODO: bypass pundit authorization until a result wrapper class if sorted
|
||||||
# bypass pundit lockdowns until completed
|
|
||||||
after_action :skip_policy_scope
|
|
||||||
after_action :skip_authorization
|
after_action :skip_authorization
|
||||||
#
|
# needed for :view
|
||||||
|
|
||||||
# TODO: Limit results to the quizzes current_user has access to
|
|
||||||
def index
|
def index
|
||||||
sort_case = "(case when review_status = 0 then '' else name end)"
|
sort_case = "(case when review_status = 0 then '' else name end)"
|
||||||
sort_with_case = sort_column == 'name' ? sort_case : sort_column
|
sort_with_case = sort_column == 'name' ? sort_case : sort_column
|
||||||
@candidates = current_user.reviewees.where(completed: true)
|
@candidates = policy_scope(:result).includes(:recruiter)
|
||||||
.includes(:recruiter)
|
|
||||||
.order("#{sort_with_case} #{sort_direction}")
|
.order("#{sort_with_case} #{sort_direction}")
|
||||||
.page(params[:page])
|
.page(params[:page])
|
||||||
end
|
end
|
||||||
|
41
app/policies/result_policy.rb
Normal file
41
app/policies/result_policy.rb
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
class ResultPolicy < Struct.new(:user, :result)
|
||||||
|
# Result Access Policy
|
||||||
|
#
|
||||||
|
# Only Admins and Recruiters can view all results
|
||||||
|
# Managers and Reviewers can view any completed quiz they are linked to
|
||||||
|
|
||||||
|
attr_reader :user, :record
|
||||||
|
|
||||||
|
def initialize(user, record)
|
||||||
|
raise Pundit::NotAuthorizedError, "Must be logged in." unless user
|
||||||
|
@user = user
|
||||||
|
@record = record
|
||||||
|
end
|
||||||
|
|
||||||
|
def index?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
# def view?
|
||||||
|
# return true if user.acts_as_recruiter?
|
||||||
|
# user.reviewees.include? record
|
||||||
|
# end
|
||||||
|
|
||||||
|
class Scope
|
||||||
|
attr_reader :user, :scope
|
||||||
|
|
||||||
|
def initialize(user, scope)
|
||||||
|
@user = user
|
||||||
|
@scope = scope
|
||||||
|
end
|
||||||
|
|
||||||
|
def resolve
|
||||||
|
if user.acts_as_recruiter?
|
||||||
|
Candidate.where(completed: true)
|
||||||
|
else
|
||||||
|
user.reviewees.where(completed: true)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
27
test/policies/result_policy_test.rb
Normal file
27
test/policies/result_policy_test.rb
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
require 'test_helper'
|
||||||
|
|
||||||
|
class ResultPolicyTest < PolicyAssertions::Test
|
||||||
|
def test_index
|
||||||
|
assert_permit users(:admin), :result
|
||||||
|
assert_permit users(:recruiter), :result
|
||||||
|
assert_permit users(:manager), :result
|
||||||
|
assert_permit users(:reviewer), :result
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'should allow admin to scope' do
|
||||||
|
scope = ResultPolicy::Scope.new(users(:admin), Candidate).resolve
|
||||||
|
assert_equal Candidate.where(completed: true).count, scope.count
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'should allow recruiter to scope' do
|
||||||
|
scope = ResultPolicy::Scope.new(users(:recruiter), Candidate).resolve
|
||||||
|
assert_equal Candidate.where(completed: true).count, scope.count
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'should not allow fed.reviewer to scope studio results' do
|
||||||
|
reviewer = users(:reviewer)
|
||||||
|
scope = ResultPolicy::Scope.new(reviewer, Candidate).resolve
|
||||||
|
assert_equal reviewer.reviewees.where(completed: true).count, scope.count
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user