jeremy/RecruIT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: bypass tenant scope in AttemptController::destroy - null quiz title caused 500 when admin deletes attempt

Browse Source
This commit is contained in:
jeremy bayse
2026-04-14 19:51:06 +02:00
parent c74d8e14ec
commit 6e4eb62553
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/AttemptController.php
View File

@@ -19,7 +19,9 @@ class AttemptController extends Controller
$this->authorizeAdmin(); $this->authorizeAdmin();
$candidateName = $attempt->candidate->user->name; $candidateName = $attempt->candidate->user->name;
$quizTitle = $attempt->quiz->title; // Bypass tenant scope: admin may delete attempts for cross-tenant quizzes
$quiz = Quiz::withoutGlobalScopes()->find($attempt->quiz_id);
$quizTitle = $quiz?->title ?? "Quiz #{$attempt->quiz_id}";
DB::transaction(function () use ($attempt, $candidateName, $quizTitle) { DB::transaction(function () use ($attempt, $candidateName, $quizTitle) {
// Log the action // Log the action