Add admin controller

2024-05-26 10:34:09 +01:00 · 2024-05-26 10:34:09 +01:00 · 716176a1b8
parent 72bee55d7e
commit 716176a1b8
10 changed files with 63 additions and 1 deletions
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@ -0,0 +1,14 @@
+class AdminController < ApplicationController
+  layout "admin"
+
+  before_action :authenticate_user_as_admin
+
+  def index
+  end
+
+  private
+
+    def authenticate_user_as_admin
+      head :forbidden unless Current.user&.admin?
+    end
+end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -4,7 +4,6 @@ class ApplicationController < ActionController::Base
  private

    def authenticate
-      Rails.logger.error "Session: #{session.inspect}"
      if authenticated_user = User.find_by(id: session[:user_id])
        Current.user = authenticated_user
      else
--- a/app/views/admin/index.html.erb
+++ b/app/views/admin/index.html.erb
@ -0,0 +1 @@
+<%= t(".intro") %>
--- a/app/views/layouts/admin.html.erb
+++ b/app/views/layouts/admin.html.erb
@ -0,0 +1,9 @@
+<% content_for :submenu do %>
+  <h2><%= t("administration") %>: <%= content_for :title %></h2>
+  <nav>
+    <ul>
+    </ul>
+  </nav>
+<% end %>
+
+<%= render template: "layouts/application" %>
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -19,6 +19,9 @@
        <ul>
          <% if logged_in? %>
            <li><%= link_to t("log_out"), logout_path, data: {turbo_method: :delete} %></li>
+            <% if Current.user.admin? %>
+              <li><%= link_to t("administration"), admin_index_path %></li>
+            <% end %>
          <% else %>
            <li><%= link_to t("log_in"), login_path %></li>
            <li><%= link_to t("sign_up"), new_user_path %></li>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -1,5 +1,6 @@
 en:
  site_name: Tabletop Companion
+  administration: Administration
  log_in: Log in
  log_out: Log out
  sign_up: Sign up
@ -15,6 +16,9 @@ en:
    show:
      success: "Thanks for verifying your email address! You can now log in."
      error: "Invalid token, could not verify your account."
+  admin:
+    index:
+      intro: With great power comes great responsibility
  sessions:
    create:
      success: "Hello, %{name}!"
--- a/config/routes.rb
+++ b/config/routes.rb
@ -12,5 +12,7 @@ Rails.application.routes.draw do

  resources :tables, only: [ :index ]

+  resources :admin, only: [ :index ]
+
  get "up" => "rails/health#show", as: :rails_health_check
 end
--- a/test/controllers/admin_controller_test.rb
+++ b/test/controllers/admin_controller_test.rb
@ -0,0 +1,20 @@
+require "test_helper"
+
+class AdminControllerTest < ActionDispatch::IntegrationTest
+  test "should get index if signed in as admin" do
+    sign_in users(:admin)
+    get admin_index_url
+    assert_response :success
+  end
+
+  test "should not get index if signed in as non-admin user" do
+    sign_in users(:trevor)
+    get admin_index_url
+    assert_response :forbidden
+  end
+
+  test "should not get index if not signed in" do
+    get admin_index_url
+    assert_redirected_to login_path
+  end
+end
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@ -16,6 +16,12 @@ unverified:
  last_name: User
  verified: false

+admin:
+  <<: *DEFAULTS
+  first_name: Admin
+  last_name: User
+  site_roles: admin
+
 <% 1.upto(10) do |i| %>
 user_<%= i %>:
  <<: *DEFAULTS
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@ -21,5 +21,9 @@ module ActiveSupport
    def attr_name(klass, attr)
      klass.human_attribute_name(attr)
    end
+
+    def sign_in(user, password: "password")
+      post sessions_path, params: { username: user.username, password: password }
+    end
  end
 end