jeremy/RecruIT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implementation des dossiers candidats PDF, gestion des entretiens et optimisation de l'analyse IA

Browse Source
This commit is contained in:
jeremy bayse
2026-04-19 15:35:16 +02:00
parent 4017e3d9c5
commit f3d630d741
27 changed files with 2550 additions and 741 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/AttemptController.php
View File

@@ -90,12 +90,23 @@ class AttemptController extends Controller
public function saveAnswer(Request $request, Attempt $attempt)
{
// Security: Verify the authenticated user owns this attempt
$candidate = auth()->user()->candidate;
if (!$candidate || $attempt->candidate_id !== $candidate->id) {
abort(403, 'You are not authorized to submit answers for this attempt.');
}
$request->validate([
'question_id' => 'required|exists:questions,id',
'option_id' => 'nullable|exists:options,id',
'text_content' => 'nullable|string',
]);
// Extra guard: prevent answering a finished attempt
if ($attempt->finished_at) {
return response()->json(['error' => 'This attempt is already finished.'], 403);
}
Answer::updateOrCreate(
[
'attempt_id' => $attempt->id,
@@ -112,6 +123,12 @@ class AttemptController extends Controller
public function finish(Attempt $attempt)
{
// Security: Verify the authenticated user owns this attempt
$candidate = auth()->user()->candidate;
if (!$candidate || $attempt->candidate_id !== $candidate->id) {
abort(403, 'You are not authorized to finish this attempt.');
}
if ($attempt->finished_at) {
return redirect()->route('dashboard');
}