question policies
This commit is contained in:
Mark Moser
38
app/policies/question_policy.rb
Normal file
38
app/policies/question_policy.rb
Normal file
@ -0,0 +1,38 @@
|
||||
# frozen_string_literal: true
|
||||
class QuestionPolicy < ApplicationPolicy
|
||||
# Question Access Policy
|
||||
#
|
||||
# Only Admins and Managers can create or update a quiz (and its questions)
|
||||
# Reviewers can view any quiz they are linked to
|
||||
# Recruiters can NOT list or view questions
|
||||
|
||||
def view?
|
||||
return false if user.recruiter?
|
||||
return true if user.admin? || user.manager?
|
||||
user.quizzes.include? record.quiz
|
||||
end
|
||||
|
||||
def create?
|
||||
user.manager? || user.admin?
|
||||
end
|
||||
|
||||
def update?
|
||||
user.manager? || user.admin?
|
||||
end
|
||||
|
||||
def options?
|
||||
!user.recruiter?
|
||||
end
|
||||
|
||||
class Scope < Scope
|
||||
def resolve
|
||||
raise(Pundit::NotAuthorizedError, 'No Access to resource.') if user.recruiter?
|
||||
|
||||
if user.admin? || user.manager?
|
||||
scope
|
||||
else
|
||||
scope.where(quiz_id: user.quizzes.map(&:id))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user