From f0d741cae31160a596a86c2efeadad191799ef01 Mon Sep 17 00:00:00 2001
From: Ben <benjamen@obdev.io>
Date: Mon, 29 Apr 2024 14:35:03 -0500
Subject: [PATCH] Continuing to fix and update code to reflect proper placing
 within the app. Moved admin controller to its proper home.

---
 .../users_controller.rb}                      |  3 +-
 .../concerns/access_control_validations.rb    | 15 ++++
 app/models/user.rb                            | 23 +++--
 app/views/users/index.html.erb                |  2 +-
 config/routes.rb                              | 90 +++++++------------
 .../20240429184834_remove_admin_from_users.rb |  5 ++
 db/schema.rb                                  |  3 +-
 7 files changed, 69 insertions(+), 72 deletions(-)
 rename app/controllers/{admin_controller.rb => admin/users_controller.rb} (90%)
 create mode 100644 app/models/concerns/access_control_validations.rb
 create mode 100644 db/migrate/20240429184834_remove_admin_from_users.rb

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin/users_controller.rb
similarity index 90%
rename from app/controllers/admin_controller.rb
rename to app/controllers/admin/users_controller.rb
index 1cd26bf..8bbe733 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -1,4 +1,5 @@
-class AdminController < ApplicationController
+module Admin
+  class UsersController < ApplicationController
   before_action :authenticate_user!
   before_action :check_admin
 
diff --git a/app/models/concerns/access_control_validations.rb b/app/models/concerns/access_control_validations.rb
new file mode 100644
index 0000000..2bc08ed
--- /dev/null
+++ b/app/models/concerns/access_control_validations.rb
@@ -0,0 +1,15 @@
+module AccessControlValidations
+    extend ActiveSupport::Concern
+  
+    included do
+      validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
+    end
+  
+    private
+  
+    def end_date_after_start_date
+      if access_start_date.present? && access_end_date.present? && access_end_date < access_start_date
+        errors.add(:access_end_date, 'must be after the start date')
+      end
+    end
+  end
\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index a47962c..03638ce 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,4 +1,5 @@
 class User < ApplicationRecord
+  include AccessControlValidations
   rolify
   devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
   has_many :access_periods, dependent: :destroy
@@ -10,13 +11,14 @@ class User < ApplicationRecord
 
   # Callback to update the admin attribute based on Rolify role
   before_save :update_admin_attribute
-  
-  # Validation for date fields
-  validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
 
   # Override Devise method to consider access_revoked
   def active_for_authentication?
-    super && !access_revoked
+    super && !access_revoked && allowed_to_login?
+  end
+
+  def admin?
+    has_role?(:admin)
   end
 
   private
@@ -34,6 +36,11 @@ class User < ApplicationRecord
     self.admin = has_role?(:admin)
   end
 
+  def allowed_to_login?
+    # Assuming 'suspended' is a role that should not log in
+    !has_role?(:suspended)
+  end
+
   def handle_access_revocation
     if access_revoked_changed? && access_revoked
       access_periods.find_or_initialize_by(end_date: nil).update(end_date: Date.today)
@@ -42,12 +49,4 @@ class User < ApplicationRecord
     end
   end
 
-  def end_date_after_start_date
-    if access_start_date.present?
-      errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
-      if access_end_date && access_end_date < access_start_date
-        errors.add(:access_end_date, 'must be after the start date')
-      end
-    end
-  end
 end
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index 1ca70bd..5315551 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -41,7 +41,7 @@
     <div class="col-12 d-flex justify-content-between mb-4">
       <!-- Button for Admins to add a new user -->
     <% if can?(:create, User) %> <!-- Checks if the current user has the permission to create new users -->
-      <%= link_to 'Add New User', new_admin_user_path, class: "btn btn-dark" %>
+      <%= link_to 'Add New User', admin_new_user_path, class: "btn btn-dark" %>
     <% end %>
 
       <%= link_to 'Back to Home', root_path, class: "btn btn-secondary" %> <!-- Adjust as needed -->
diff --git a/config/routes.rb b/config/routes.rb
index c93b008..d9293c5 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,19 +1,23 @@
 Rails.application.routes.draw do
   devise_for :users
 
+  # Unauthenticated root path (Typically the login page)
+  devise_scope :user do
+    root to: 'devise/sessions#new'
+  end
+
+  # Authenticated root, accessible to any logged-in user
   authenticated :user do
     root 'home#index', as: :authenticated_root
   end
   
-  authenticate :user, lambda { |u| u.admin? } do
+  # Admin-specific resources
+  authenticate :user, ->(u) { u.admin? } do
+    # Restrict these paths to admins only
     resources :users, only: [:index, :edit, :update, :destroy]
   end
 
-
-  devise_scope :user do
-    root to: 'devise/sessions#new'
-  end
-  
+  # General resources accessible based on role, not restricted in routes but rather in controller actions
   resources :participants do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
@@ -21,87 +25,61 @@ Rails.application.routes.draw do
       end
     end
     resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
-    collection do
-      get 'search' # Define search on the collection, not on a member
-    end
+    collection { get 'search' }
     member do
-      post 'link_worker' # Other member routes
+      post 'link_worker'
       post 'link_vendor'
     end
   end
   
-  
-   resources :workers do
+  resources :workers do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
         post 'submit_onboarding'
       end
     end
-    resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy] 
-    member do
+    resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
+    collection do
+      get 'search'
       post 'link_participant'
       post 'link_employer'
     end
-    get 'search', on: :collection
   end
-  
-  
+
   resources :vendors do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
         post 'submit_onboarding'
       end
     end
-    resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy] 
-    collection do
-      get 'search'
-    end
+    resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
+    collection { get 'search' }
   end
 
-  
-  resources :employments, only: [:edit, :update, :destroy]
-
-  resources :employer_records, only: [:edit, :update, :destroy] do
-      post 'link_participant', on: :collection
-  end
-  
-  resources :service_contracts
-
   resources :employers do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
         post 'submit_onboarding'
       end
     end
-    member do
-      post 'link_worker'
-    end
-    collection do
-      get 'search'
-    end
+    collection { get 'search' }
+    member { post 'link_worker' }
   end
-  
 
+  resources :employments, only: [:edit, :update, :destroy]
+  resources :employer_records, only: [:edit, :update, :destroy] do
+    collection { post 'link_participant' }
+  end
+  resources :service_contracts
   resources :forms
-  resources :users
+  
 
- # Setup the routes under a scope to mimic namespace-like behavior without actual namespacing
-  scope '/admin', controller: :admin do
-    get 'users/new', as: 'new_admin_user', action: :new_user  # for displaying the new user form
-    post 'users', as: 'admin_users', action: :create_user  # for submitting the new user form
-  # You can add more admin routes here as needed
+  namespace :admin do
+    get 'users/new', to: 'admin#new_user', as: 'new_user'
+    post 'users', to: 'admin#create_user', as: 'create_user'
+    # Add other admin routes as needed
+
+    resources :users, only: [:index, :edit, :update, :destroy]
   end
-  
-
-  
-
-  get 'home/index'
-  # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
-
-  # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
-  # Can be used by load balancers and uptime monitors to verify that the app is live.
-  get "up" => "rails/health#show", as: :rails_health_check
-
-  # Defines the root path route ("/")
-  # root "posts#index"
 end
+
diff --git a/db/migrate/20240429184834_remove_admin_from_users.rb b/db/migrate/20240429184834_remove_admin_from_users.rb
new file mode 100644
index 0000000..72df523
--- /dev/null
+++ b/db/migrate/20240429184834_remove_admin_from_users.rb
@@ -0,0 +1,5 @@
+class RemoveAdminFromUsers < ActiveRecord::Migration[7.1]
+  def change
+    remove_column :users, :admin, :boolean
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index cc315ae..cc3683b 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_04_11_215819) do
+ActiveRecord::Schema[7.1].define(version: 2024_04_29_184834) do
   create_table "access_periods", force: :cascade do |t|
     t.date "start_date"
     t.date "end_date"
@@ -188,7 +188,6 @@ ActiveRecord::Schema[7.1].define(version: 2024_04_11_215819) do
     t.datetime "remember_created_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.boolean "admin", default: false, null: false
     t.string "first_name"
     t.string "last_name"
     t.string "phone"