Don't show reference field to non-recruiters

author: Joachim Filip Ignacy Bartosik <jbartosik@gmail.com> 2010-07-12 18:05:08 +0200
committer: Joachim Filip Ignacy Bartosik <jbartosik@gmail.com> 2010-07-12 19:17:20 +0200
commit: 6d76d4906ed8dc457e5c2a992224609a9ecd7147 (patch)
tree: 03271b9e1714b4aa6dda1317d14543204feac578 /app
parent: First user created doesn't become administrator (diff)
download: recruiting-webapp-6d76d4906ed8dc457e5c2a992224609a9ecd7147.tar.gz
recruiting-webapp-6d76d4906ed8dc457e5c2a992224609a9ecd7147.tar.bz2
recruiting-webapp-6d76d4906ed8dc457e5c2a992224609a9ecd7147.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/app/models/answer.rb b/app/models/answer.rb
index 74d9d91..2f091cd 100644
--- a/app/models/answer.rb
+++ b/app/models/answer.rb
@@ -36,6 +36,8 @@ class Answer < ActiveRecord::Base
     (owned_soft? && !reference)||(reference && acting_user.role.is_recruiter?)
   end
 
+  # Proper edit permissions can't be deduced, because we need to access value
+  # of some fields to set them
   def edit_permitted?(field)
     owned_soft? ||
     owner.mentor_is?(acting_user) ||
@@ -51,6 +53,10 @@ class Answer < ActiveRecord::Base
     owner.mentor_is?(acting_user)
   end
 
+  def reference_edit_permitted?
+    acting_user.try.role.try.is_recruiter?
+  end
+
   def view_permitted?(field)
     owned_soft? ||
       User.user_is_recruiter?(acting_user)||
author	Joachim Filip Ignacy Bartosik <jbartosik@gmail.com>	2010-07-12 18:05:08 +0200
committer	Joachim Filip Ignacy Bartosik <jbartosik@gmail.com>	2010-07-12 19:17:20 +0200
commit	6d76d4906ed8dc457e5c2a992224609a9ecd7147 (patch)
tree	03271b9e1714b4aa6dda1317d14543204feac578 /app
parent	First user created doesn't become administrator (diff)
download	recruiting-webapp-6d76d4906ed8dc457e5c2a992224609a9ecd7147.tar.gz recruiting-webapp-6d76d4906ed8dc457e5c2a992224609a9ecd7147.tar.bz2 recruiting-webapp-6d76d4906ed8dc457e5c2a992224609a9ecd7147.zip