refactor: fix BelongsToTenant trait to exempt candidates globally - removes all withoutGlobalScopes() workarounds

2026-04-14 19:38:42 +02:00
parent 49ee91c601
commit e93a17f324
3 changed files with 11 additions and 29 deletions
--- a/app/Http/Controllers/AttemptController.php
+++ b/app/Http/Controllers/AttemptController.php
@@ -48,12 +48,8 @@ class AttemptController extends Controller
            abort(403);
        }
    }
-    public function show(int $quizId)
+    public function show(Quiz $quiz)
    {
-        // Bypass tenant global scope: candidates have no tenant_id
-        // but should still access their assigned quizzes
-        $quiz = Quiz::withoutGlobalScopes()->findOrFail($quizId);
-
        $candidate = auth()->user()->candidate;

        if (!$candidate) {
@@ -142,21 +138,12 @@ class AttemptController extends Controller

    private function recalculateScore(Attempt $attempt)
    {
-        // Bypass tenant scope: candidates have no tenant_id
-        $quiz = Quiz::withoutGlobalScopes()
-            ->with(['questions.options'])
-            ->find($attempt->quiz_id);
-
-        $attempt->load(['answers.option']);
+        $attempt->load(['quiz.questions.options', 'answers.option']);
        
        $score = 0;
        $maxScore = 0;

-        if (!$quiz) {
-            return;
-        }
-
-        foreach ($quiz->questions as $question) {
+        foreach ($attempt->quiz->questions as $question) {
            $maxScore += $question->points;
            $userAnswer = $attempt->answers->where('question_id', $question->id)->first();
            
--- a/app/Traits/BelongsToTenant.php
+++ b/app/Traits/BelongsToTenant.php
@@ -13,8 +13,14 @@ trait BelongsToTenant
            if (Auth::check()) {
                $user = Auth::user();

-                if ($user->role === 'super_admin') {
                // Super admins see everything
+                if ($user->role === 'super_admin') {
+                    return;
+                }
+
+                // Candidates don't have a tenant_id but must access
+                // quizzes/job positions linked to their position
+                if ($user->role === 'candidate') {
                    return;
                }

--- a/routes/web.php
+++ b/routes/web.php
@@ -51,18 +51,7 @@ Route::get('/dashboard', function () {
        $candidate = auth()->user()->candidate;
        
        if ($candidate) {
-            // Load without global tenant scope so candidates (who may have no tenant_id)
-            // can still see the quizzes linked to their job position
-            $candidate->load(['jobPosition' => function($query) {
-                $query->withoutGlobalScopes();
-            }]);
-            
-            if ($candidate->jobPosition) {
-                $candidate->jobPosition->setRelation(
-                    'quizzes',
-                    $candidate->jobPosition->quizzes()->withoutGlobalScopes()->get()
-                );
-            }
+            $candidate->load('jobPosition.quizzes');
        }

        $quizzes = ($candidate && $candidate->jobPosition)