mmoser/skill-assessment-app
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

move recruiter to admin/candidate

Browse Source
This commit is contained in:
Mark Moser
2016-09-22 13:30:30 -05:00
parent 47d7188a2f
commit 9078c463f4
25 changed files with 383 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
app/policies/candidate_policy.rb Normal file
View File

@ -0,0 +1,33 @@
# frozen_string_literal: true
class CandidatePolicy < ApplicationPolicy
# Candidate Access Policy
#
# Only Recruiters and Admins can view, create, or update, candidates
def index?
user.acts_as_recruiter?
end
def view?
user.acts_as_recruiter?
end
def create?
user.acts_as_recruiter?
end
def update?
user.acts_as_recruiter?
end
def resend_welcome?
user.acts_as_recruiter?
end
class Scope < Scope
def resolve
return scope if user.acts_as_recruiter?
raise Pundit::NotAuthorizedError, "No Access to Resource"
end
end
end

16
app/policies/question_policy.rb
View File

@ -8,27 +8,27 @@ class QuestionPolicy < ApplicationPolicy
def view?
return false if user.recruiter?
return true if user.admin? || user.manager?
return true if user.acts_as_manager?
user.quizzes.include? record.quiz
end
def options?
view?
end
def create?
user.manager? || user.admin?
user.acts_as_manager?
end
def update?
user.manager? || user.admin?
end
def options?
!user.recruiter?
user.acts_as_manager?
end
class Scope < Scope
def resolve
raise(Pundit::NotAuthorizedError, 'No Access to resource.') if user.recruiter?
if user.admin? || user.manager?
if user.acts_as_manager?
scope
else
scope.where(quiz_id: user.quizzes.map(&:id))

6
app/policies/quiz_policy.rb
View File

@ -11,16 +11,16 @@ class QuizPolicy < ApplicationPolicy
end
def view?
return true if user.admin? || user.manager?
return true if user.acts_as_manager?
user.quizzes.include? record
end
def create?
user.manager? || user.admin?
user.acts_as_manager?
end
def update?
user.manager? || user.admin?
user.acts_as_manager?
end
class Scope < Scope

12
app/policies/user_policy.rb
View File

@ -6,29 +6,29 @@ class UserPolicy < ApplicationPolicy
# All other users can only access themselves (profile interface)
def index?
user.admin?
user.acts_as_admin?
end
def view?
user.admin? || user == record
user.acts_as_admin? || user == record
end
def create?
user.admin?
user.acts_as_admin?
end
def update?
user.admin? || user == record
user.acts_as_admin? || user == record
end
def permitted_attributes
return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
return [:name, :email, :role, :password, quiz_ids: []] if user.acts_as_admin?
[:name, :email, :password, :password_confirmation]
end
class Scope < Scope
def resolve
return scope if user.admin?
return scope if user.acts_as_admin?
scope.where(id: user.id)
end
end