diff --git a/app/Http/Controllers/AttemptController.php b/app/Http/Controllers/AttemptController.php
index b6f6e79..27bcef6 100644
--- a/app/Http/Controllers/AttemptController.php
+++ b/app/Http/Controllers/AttemptController.php
@@ -48,12 +48,8 @@ class AttemptController extends Controller
             abort(403);
         }
     }
-    public function show(int $quizId)
+    public function show(Quiz $quiz)
     {
-        // Bypass tenant global scope: candidates have no tenant_id
-        // but should still access their assigned quizzes
-        $quiz = Quiz::withoutGlobalScopes()->findOrFail($quizId);
-
         $candidate = auth()->user()->candidate;
 
         if (!$candidate) {
@@ -142,21 +138,12 @@ class AttemptController extends Controller
 
     private function recalculateScore(Attempt $attempt)
     {
-        // Bypass tenant scope: candidates have no tenant_id
-        $quiz = Quiz::withoutGlobalScopes()
-            ->with(['questions.options'])
-            ->find($attempt->quiz_id);
-
-        $attempt->load(['answers.option']);
+        $attempt->load(['quiz.questions.options', 'answers.option']);
         
         $score = 0;
         $maxScore = 0;
 
-        if (!$quiz) {
-            return;
-        }
-
-        foreach ($quiz->questions as $question) {
+        foreach ($attempt->quiz->questions as $question) {
             $maxScore += $question->points;
             $userAnswer = $attempt->answers->where('question_id', $question->id)->first();
             
diff --git a/app/Traits/BelongsToTenant.php b/app/Traits/BelongsToTenant.php
index 2b14472..0a6a78d 100644
--- a/app/Traits/BelongsToTenant.php
+++ b/app/Traits/BelongsToTenant.php
@@ -13,8 +13,14 @@ trait BelongsToTenant
             if (Auth::check()) {
                 $user = Auth::user();
 
+                // Super admins see everything
                 if ($user->role === 'super_admin') {
-                    // Super admins see everything
+                    return;
+                }
+
+                // Candidates don't have a tenant_id but must access
+                // quizzes/job positions linked to their position
+                if ($user->role === 'candidate') {
                     return;
                 }
 
diff --git a/routes/web.php b/routes/web.php
index 185b4b6..40bc2fb 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -51,18 +51,7 @@ Route::get('/dashboard', function () {
         $candidate = auth()->user()->candidate;
         
         if ($candidate) {
-            // Load without global tenant scope so candidates (who may have no tenant_id)
-            // can still see the quizzes linked to their job position
-            $candidate->load(['jobPosition' => function($query) {
-                $query->withoutGlobalScopes();
-            }]);
-            
-            if ($candidate->jobPosition) {
-                $candidate->jobPosition->setRelation(
-                    'quizzes',
-                    $candidate->jobPosition->quizzes()->withoutGlobalScopes()->get()
-                );
-            }
+            $candidate->load('jobPosition.quizzes');
         }
 
         $quizzes = ($candidate && $candidate->jobPosition)