255e430abd
now managers and reviewers can only see quizzes and completed results for those quizzes they have been assigned to.
36 lines
713 B
Ruby
36 lines
713 B
Ruby
# frozen_string_literal: true
|
|
class QuizPolicy < ApplicationPolicy
|
|
# Quiz Access Policy
|
|
#
|
|
# Only Admins and Managers can create or update a quiz (and its questions)
|
|
# Reviewers can view any quiz they are linked to
|
|
# Recruiters can only list quiz names (for candidate assignments)
|
|
|
|
def index?
|
|
true
|
|
end
|
|
|
|
def view?
|
|
return true if user.acts_as_manager?
|
|
user.quizzes.include? record
|
|
end
|
|
|
|
def create?
|
|
user.acts_as_manager?
|
|
end
|
|
|
|
def update?
|
|
user.acts_as_manager?
|
|
end
|
|
|
|
class Scope < Scope
|
|
def resolve
|
|
if user.acts_as_recruiter?
|
|
scope
|
|
else
|
|
scope.joins(:reviewers).where('reviewer_to_quizzes.user_id = ?', user.id)
|
|
end
|
|
end
|
|
end
|
|
end
|