Continuing to fix and update code to reflect proper placing within the app. Moved admin controller to its proper home.
This commit is contained in:
parent
2103713552
commit
f0d741cae3
|
@ -1,4 +1,5 @@
|
|||
class AdminController < ApplicationController
|
||||
module Admin
|
||||
class UsersController < ApplicationController
|
||||
before_action :authenticate_user!
|
||||
before_action :check_admin
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
module AccessControlValidations
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def end_date_after_start_date
|
||||
if access_start_date.present? && access_end_date.present? && access_end_date < access_start_date
|
||||
errors.add(:access_end_date, 'must be after the start date')
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,4 +1,5 @@
|
|||
class User < ApplicationRecord
|
||||
include AccessControlValidations
|
||||
rolify
|
||||
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
|
||||
has_many :access_periods, dependent: :destroy
|
||||
|
@ -10,13 +11,14 @@ class User < ApplicationRecord
|
|||
|
||||
# Callback to update the admin attribute based on Rolify role
|
||||
before_save :update_admin_attribute
|
||||
|
||||
# Validation for date fields
|
||||
validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
|
||||
|
||||
# Override Devise method to consider access_revoked
|
||||
def active_for_authentication?
|
||||
super && !access_revoked
|
||||
super && !access_revoked && allowed_to_login?
|
||||
end
|
||||
|
||||
def admin?
|
||||
has_role?(:admin)
|
||||
end
|
||||
|
||||
private
|
||||
|
@ -34,6 +36,11 @@ class User < ApplicationRecord
|
|||
self.admin = has_role?(:admin)
|
||||
end
|
||||
|
||||
def allowed_to_login?
|
||||
# Assuming 'suspended' is a role that should not log in
|
||||
!has_role?(:suspended)
|
||||
end
|
||||
|
||||
def handle_access_revocation
|
||||
if access_revoked_changed? && access_revoked
|
||||
access_periods.find_or_initialize_by(end_date: nil).update(end_date: Date.today)
|
||||
|
@ -42,12 +49,4 @@ class User < ApplicationRecord
|
|||
end
|
||||
end
|
||||
|
||||
def end_date_after_start_date
|
||||
if access_start_date.present?
|
||||
errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
|
||||
if access_end_date && access_end_date < access_start_date
|
||||
errors.add(:access_end_date, 'must be after the start date')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
<div class="col-12 d-flex justify-content-between mb-4">
|
||||
<!-- Button for Admins to add a new user -->
|
||||
<% if can?(:create, User) %> <!-- Checks if the current user has the permission to create new users -->
|
||||
<%= link_to 'Add New User', new_admin_user_path, class: "btn btn-dark" %>
|
||||
<%= link_to 'Add New User', admin_new_user_path, class: "btn btn-dark" %>
|
||||
<% end %>
|
||||
|
||||
<%= link_to 'Back to Home', root_path, class: "btn btn-secondary" %> <!-- Adjust as needed -->
|
||||
|
|
|
@ -1,19 +1,23 @@
|
|||
Rails.application.routes.draw do
|
||||
devise_for :users
|
||||
|
||||
# Unauthenticated root path (Typically the login page)
|
||||
devise_scope :user do
|
||||
root to: 'devise/sessions#new'
|
||||
end
|
||||
|
||||
# Authenticated root, accessible to any logged-in user
|
||||
authenticated :user do
|
||||
root 'home#index', as: :authenticated_root
|
||||
end
|
||||
|
||||
authenticate :user, lambda { |u| u.admin? } do
|
||||
# Admin-specific resources
|
||||
authenticate :user, ->(u) { u.admin? } do
|
||||
# Restrict these paths to admins only
|
||||
resources :users, only: [:index, :edit, :update, :destroy]
|
||||
end
|
||||
|
||||
|
||||
devise_scope :user do
|
||||
root to: 'devise/sessions#new'
|
||||
end
|
||||
|
||||
# General resources accessible based on role, not restricted in routes but rather in controller actions
|
||||
resources :participants do
|
||||
resources :onboardings, only: [:index, :create, :update] do
|
||||
collection do
|
||||
|
@ -21,87 +25,61 @@ Rails.application.routes.draw do
|
|||
end
|
||||
end
|
||||
resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
|
||||
collection do
|
||||
get 'search' # Define search on the collection, not on a member
|
||||
end
|
||||
collection { get 'search' }
|
||||
member do
|
||||
post 'link_worker' # Other member routes
|
||||
post 'link_worker'
|
||||
post 'link_vendor'
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
resources :workers do
|
||||
resources :workers do
|
||||
resources :onboardings, only: [:index, :create, :update] do
|
||||
collection do
|
||||
post 'submit_onboarding'
|
||||
end
|
||||
end
|
||||
resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
|
||||
member do
|
||||
resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
|
||||
collection do
|
||||
get 'search'
|
||||
post 'link_participant'
|
||||
post 'link_employer'
|
||||
end
|
||||
get 'search', on: :collection
|
||||
end
|
||||
|
||||
|
||||
|
||||
resources :vendors do
|
||||
resources :onboardings, only: [:index, :create, :update] do
|
||||
collection do
|
||||
post 'submit_onboarding'
|
||||
end
|
||||
end
|
||||
resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
|
||||
collection do
|
||||
get 'search'
|
||||
end
|
||||
resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
|
||||
collection { get 'search' }
|
||||
end
|
||||
|
||||
|
||||
resources :employments, only: [:edit, :update, :destroy]
|
||||
|
||||
resources :employer_records, only: [:edit, :update, :destroy] do
|
||||
post 'link_participant', on: :collection
|
||||
end
|
||||
|
||||
resources :service_contracts
|
||||
|
||||
resources :employers do
|
||||
resources :onboardings, only: [:index, :create, :update] do
|
||||
collection do
|
||||
post 'submit_onboarding'
|
||||
end
|
||||
end
|
||||
member do
|
||||
post 'link_worker'
|
||||
end
|
||||
collection do
|
||||
get 'search'
|
||||
end
|
||||
collection { get 'search' }
|
||||
member { post 'link_worker' }
|
||||
end
|
||||
|
||||
|
||||
resources :employments, only: [:edit, :update, :destroy]
|
||||
resources :employer_records, only: [:edit, :update, :destroy] do
|
||||
collection { post 'link_participant' }
|
||||
end
|
||||
resources :service_contracts
|
||||
resources :forms
|
||||
resources :users
|
||||
|
||||
|
||||
# Setup the routes under a scope to mimic namespace-like behavior without actual namespacing
|
||||
scope '/admin', controller: :admin do
|
||||
get 'users/new', as: 'new_admin_user', action: :new_user # for displaying the new user form
|
||||
post 'users', as: 'admin_users', action: :create_user # for submitting the new user form
|
||||
# You can add more admin routes here as needed
|
||||
namespace :admin do
|
||||
get 'users/new', to: 'admin#new_user', as: 'new_user'
|
||||
post 'users', to: 'admin#create_user', as: 'create_user'
|
||||
# Add other admin routes as needed
|
||||
|
||||
resources :users, only: [:index, :edit, :update, :destroy]
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
get 'home/index'
|
||||
# Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
|
||||
|
||||
# Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
|
||||
# Can be used by load balancers and uptime monitors to verify that the app is live.
|
||||
get "up" => "rails/health#show", as: :rails_health_check
|
||||
|
||||
# Defines the root path route ("/")
|
||||
# root "posts#index"
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
class RemoveAdminFromUsers < ActiveRecord::Migration[7.1]
|
||||
def change
|
||||
remove_column :users, :admin, :boolean
|
||||
end
|
||||
end
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema[7.1].define(version: 2024_04_11_215819) do
|
||||
ActiveRecord::Schema[7.1].define(version: 2024_04_29_184834) do
|
||||
create_table "access_periods", force: :cascade do |t|
|
||||
t.date "start_date"
|
||||
t.date "end_date"
|
||||
|
@ -188,7 +188,6 @@ ActiveRecord::Schema[7.1].define(version: 2024_04_11_215819) do
|
|||
t.datetime "remember_created_at"
|
||||
t.datetime "created_at", null: false
|
||||
t.datetime "updated_at", null: false
|
||||
t.boolean "admin", default: false, null: false
|
||||
t.string "first_name"
|
||||
t.string "last_name"
|
||||
t.string "phone"
|
||||
|
|
Loading…
Reference in New Issue