# frozen_string_literal: true class QuizPolicy < ApplicationPolicy # Quiz Access Policy # # Only Admins and Managers can create or update a quiz (and its questions) # Reviewers can view any quiz they are linked to # Recruiters can only list quiz names (for candidate assignments) def view? return true if user.admin? || user.manager? user.quizzes.include? record end def create? user.manager? || user.admin? end def update? user.manager? || user.admin? end class Scope < Scope def resolve if user.reviewer? scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id) else scope end end end end