Continuing to fix and update code to reflect proper placing within the app. Moved admin controller to its proper home.

app/controllers/admin/users_controller.rb

@@ -1,4 +1,5 @@
-class AdminController < ApplicationController
+module Admin
+  class UsersController < ApplicationController
   before_action :authenticate_user!
   before_action :check_admin
 

app/models/concerns/access_control_validations.rb

@@ -0,0 +1,15 @@
+module AccessControlValidations
+    extend ActiveSupport::Concern
+  
+    included do
+      validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
+    end
+  
+    private
+  
+    def end_date_after_start_date
+      if access_start_date.present? && access_end_date.present? && access_end_date < access_start_date
+        errors.add(:access_end_date, 'must be after the start date')
+      end
+    end
+  end

app/models/user.rb

@@ -1,4 +1,5 @@
 class User < ApplicationRecord
+  include AccessControlValidations
   rolify
   devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
   has_many :access_periods, dependent: :destroy
@@ -11,12 +12,13 @@ class User < ApplicationRecord
   # Callback to update the admin attribute based on Rolify role
   before_save :update_admin_attribute
 
-  # Validation for date fields
-  validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
-
   # Override Devise method to consider access_revoked
   def active_for_authentication?
-    super && !access_revoked
+    super && !access_revoked && allowed_to_login?
+  end
+
+  def admin?
+    has_role?(:admin)
   end
 
   private
@@ -34,6 +36,11 @@ class User < ApplicationRecord
     self.admin = has_role?(:admin)
   end
 
+  def allowed_to_login?
+    # Assuming 'suspended' is a role that should not log in
+    !has_role?(:suspended)
+  end
+
   def handle_access_revocation
     if access_revoked_changed? && access_revoked
       access_periods.find_or_initialize_by(end_date: nil).update(end_date: Date.today)
@@ -42,12 +49,4 @@ class User < ApplicationRecord
     end
   end
 
-  def end_date_after_start_date
-    if access_start_date.present?
-      errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
-      if access_end_date && access_end_date < access_start_date
-        errors.add(:access_end_date, 'must be after the start date')
-      end
-    end
-  end
 end

app/views/users/index.html.erb

@@ -41,7 +41,7 @@
     <div class="col-12 d-flex justify-content-between mb-4">
       <!-- Button for Admins to add a new user -->
     <% if can?(:create, User) %> <!-- Checks if the current user has the permission to create new users -->
-      <%= link_to 'Add New User', new_admin_user_path, class: "btn btn-dark" %>
+      <%= link_to 'Add New User', admin_new_user_path, class: "btn btn-dark" %>
     <% end %>
 
       <%= link_to 'Back to Home', root_path, class: "btn btn-secondary" %> <!-- Adjust as needed -->

config/routes.rb

@@ -1,19 +1,23 @@
 Rails.application.routes.draw do
   devise_for :users
 
-  authenticated :user do
-    root 'home#index', as: :authenticated_root
-  end
-  
-  authenticate :user, lambda { |u| u.admin? } do
-    resources :users, only: [:index, :edit, :update, :destroy]
-  end
-
-
+  # Unauthenticated root path (Typically the login page)
   devise_scope :user do
     root to: 'devise/sessions#new'
   end
 
+  # Authenticated root, accessible to any logged-in user
+  authenticated :user do
+    root 'home#index', as: :authenticated_root
+  end
+  
+  # Admin-specific resources
+  authenticate :user, ->(u) { u.admin? } do
+    # Restrict these paths to admins only
+    resources :users, only: [:index, :edit, :update, :destroy]
+  end
+
+  # General resources accessible based on role, not restricted in routes but rather in controller actions
   resources :participants do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
@@ -21,16 +25,13 @@ Rails.application.routes.draw do
       end
     end
     resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
-    collection do
-      get 'search' # Define search on the collection, not on a member
-    end
+    collection { get 'search' }
     member do
-      post 'link_worker' # Other member routes
+      post 'link_worker'
       post 'link_vendor'
     end
   end
   
-  
   resources :workers do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
@@ -38,14 +39,13 @@ Rails.application.routes.draw do
       end
     end
     resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
-    member do
+    collection do
+      get 'search'
       post 'link_participant'
       post 'link_employer'
     end
-    get 'search', on: :collection
   end
 
-  
   resources :vendors do
     resources :onboardings, only: [:index, :create, :update] do
       collection do
@@ -53,19 +53,8 @@ Rails.application.routes.draw do
       end
     end
     resources :bank_accounts, only: [:index, :new, :create, :edit, :update, :destroy]
-    collection do
-      get 'search'
+    collection { get 'search' }
   end
-  end
-
-  
-  resources :employments, only: [:edit, :update, :destroy]
-
-  resources :employer_records, only: [:edit, :update, :destroy] do
-      post 'link_participant', on: :collection
-  end
-  
-  resources :service_contracts
 
   resources :employers do
     resources :onboardings, only: [:index, :create, :update] do
@@ -73,35 +62,24 @@ Rails.application.routes.draw do
         post 'submit_onboarding'
       end
     end
-    member do
-      post 'link_worker'
-    end
-    collection do
-      get 'search'
-    end
+    collection { get 'search' }
+    member { post 'link_worker' }
   end
 
-
+  resources :employments, only: [:edit, :update, :destroy]
+  resources :employer_records, only: [:edit, :update, :destroy] do
+    collection { post 'link_participant' }
+  end
+  resources :service_contracts
   resources :forms
-  resources :users
   
- # Setup the routes under a scope to mimic namespace-like behavior without actual namespacing
-  scope '/admin', controller: :admin do
-    get 'users/new', as: 'new_admin_user', action: :new_user  # for displaying the new user form
-    post 'users', as: 'admin_users', action: :create_user  # for submitting the new user form
-  # You can add more admin routes here as needed
+
+  namespace :admin do
+    get 'users/new', to: 'admin#new_user', as: 'new_user'
+    post 'users', to: 'admin#create_user', as: 'create_user'
+    # Add other admin routes as needed
+
+    resources :users, only: [:index, :edit, :update, :destroy]
+  end
 end
 
-
-  
-
-  get 'home/index'
-  # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
-
-  # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
-  # Can be used by load balancers and uptime monitors to verify that the app is live.
-  get "up" => "rails/health#show", as: :rails_health_check
-
-  # Defines the root path route ("/")
-  # root "posts#index"
-end

db/migrate/20240429184834_remove_admin_from_users.rb

@@ -0,0 +1,5 @@
+class RemoveAdminFromUsers < ActiveRecord::Migration[7.1]
+  def change
+    remove_column :users, :admin, :boolean
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_04_11_215819) do
+ActiveRecord::Schema[7.1].define(version: 2024_04_29_184834) do
   create_table "access_periods", force: :cascade do |t|
     t.date "start_date"
     t.date "end_date"
@@ -188,7 +188,6 @@ ActiveRecord::Schema[7.1].define(version: 2024_04_11_215819) do
     t.datetime "remember_created_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.boolean "admin", default: false, null: false
     t.string "first_name"
     t.string "last_name"
     t.string "phone"