dashboard controller

app/policies/admin_policy.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-class AdminPolicy < Struct.new(:user, :dashboard)
-  attr_reader :user, :record
-
-  def initialize(user, record)
-    raise Pundit::NotAuthorizedError, "Must be logged in." unless user
-    @user = user
-    @record = record
-  end
-
-  def dashboard?
-    true
-  end
-
-  def scope
-    Pundit.policy_scope!(user, record.class)
-  end
-
-  class Scope
-    attr_reader :user, :scope
-
-    def initialize(user, scope)
-      @user = user
-      @scope = scope
-    end
-
-    def resolve
-      scope
-    end
-  end
-end

app/policies/dashboard_policy.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+class DashboardPolicy < Struct.new(:user, :dashboard)
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    raise Pundit::NotAuthorizedError, "Must be logged in." unless user
+    @user = user
+    @record = record
+  end
+
+  def show?
+    true
+  end
+end

app/policies/quiz_policy.rb

@@ -6,6 +6,10 @@ class QuizPolicy < ApplicationPolicy
   # Reviewers can view any quiz they are linked to
   # Recruiters can only list quiz names (for candidate assignments)
 
+  def index?
+    true
+  end
+
   def view?
     return true if user.admin? || user.manager?
     user.quizzes.include? record

app/policies/user_policy.rb

@@ -5,6 +5,10 @@ class UserPolicy < ApplicationPolicy
   # Only Admins can view, create, or update, users
   # All other users can only access themselves (profile interface)
 
+  def index?
+    user.admin?
+  end
+
   def view?
     user.admin? || user == record
   end
@@ -25,7 +29,7 @@ class UserPolicy < ApplicationPolicy
   class Scope < Scope
     def resolve
       return scope if user.admin?
-      raise Pundit::NotAuthorizedError, "No access to resource."
+      scope.where(id: user.id)
     end
   end
 end