fix: bypass tenant scope in AttemptController::show - candidates (no tenant_id) were getting 404 on quiz start

2026-04-14 19:24:29 +02:00
parent de6938d2e6
commit 479a7e35d1
1 changed files with 5 additions and 1 deletions
--- a/app/Http/Controllers/AttemptController.php
+++ b/app/Http/Controllers/AttemptController.php
@@ -48,8 +48,12 @@ class AttemptController extends Controller
            abort(403);
        }
    }
-    public function show(Quiz $quiz)
+    public function show(int $quizId)
    {
+        // Bypass tenant global scope: candidates have no tenant_id
+        // but should still access their assigned quizzes
+        $quiz = Quiz::withoutGlobalScopes()->findOrFail($quizId);
+
        $candidate = auth()->user()->candidate;

        if (!$candidate) {