# frozen_string_literal: true
class QuestionPolicy < ApplicationPolicy
  # Question Access Policy
  #
  # Only Admins and Managers can create or update a quiz (and its questions)
  # Reviewers can view any quiz they are linked to
  # Recruiters can NOT list or view questions

  def view?
    return false if user.recruiter?
    return true if user.acts_as_manager?
    user.quizzes.include? record.quiz
  end

  def options?
    view?
  end

  def create?
    user.acts_as_manager?
  end

  def update?
    user.acts_as_manager?
  end

  class Scope < Scope
    def resolve
      raise(Pundit::NotAuthorizedError, 'No Access to resource.') if user.recruiter?

      if user.acts_as_manager?
        scope
      else
        scope.where(quiz_id: user.quizzes.map(&:id))
      end
    end
  end
end