question policies

app/controllers/admin/question_controller.rb

@@ -2,16 +2,20 @@
 module Admin
   class QuestionController < AdminController
     def index
-      @questions = Question.includes(:quiz).order("quizzes.name", { active: :desc }, :sort)
+      @questions = policy_scope Question.includes(:quiz).order("quizzes.name", { active: :desc }, :sort)
     end
 
     def new
+      authorize Question
+
       @question = Question.new(active: true)
-      @quizzes = Quiz.all
+      @quizzes = policy_scope Quiz.all
     end
 
     def create
-      @quizzes = Quiz.all
+      authorize Quiz
+
+      @quizzes = policy_scope Quiz.all
       @question = Question.create(process_question_params)
 
       if @question.persisted?
@@ -24,16 +28,20 @@ module Admin
 
     def view
       @question = Question.includes(:quiz).find(params[:question_id])
+      authorize @question
     end
 
     def edit
-      @quizzes = Quiz.all
+      @quizzes = policy_scope Quiz.all
       @question = Question.includes(:quiz).find(params[:question_id])
+
+      authorize @question
     end
 
     def update
-      @quizzes = Quiz.all
+      @quizzes = policy_scope Quiz.all
       @question = Question.find(params[:question_id])
+      authorize @question
 
       if @question.update_attributes(process_question_params)
         redirect_to admin_question_path(@question.to_i),
@@ -46,6 +54,7 @@ module Admin
 
     def options
       @question = params[:question_id].present? ? Question.find(params[:question_id]) : Question.new
+      authorize @question
       render layout: false
     end
 

app/controllers/admin/quiz_controller.rb

@@ -6,8 +6,8 @@ module Admin
     end
 
     def new
+      authorize Quiz
       @quiz = Quiz.new
-      authorize @quiz
     end
 
     def create