2016-09-08 10:25:33 -05:00
|
|
|
# frozen_string_literal: true
|
2016-08-17 17:49:09 -05:00
|
|
|
class AdminController < ApplicationController
|
2016-09-19 16:40:56 -05:00
|
|
|
include Pundit
|
2016-08-18 18:22:57 -05:00
|
|
|
layout 'admin'
|
2016-09-19 14:25:17 -05:00
|
|
|
before_action :authorize_user
|
2016-08-18 15:35:17 -05:00
|
|
|
|
2016-09-20 14:22:20 -05:00
|
|
|
# TODO: after_action :verify_authorized, except: :index
|
|
|
|
# TODO: after_action :verify_policy_scoped, only: :index
|
|
|
|
|
2016-09-19 16:40:56 -05:00
|
|
|
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
|
|
|
|
2016-09-20 14:22:20 -05:00
|
|
|
# TODO: move to DashboardController#index
|
2016-08-18 15:35:17 -05:00
|
|
|
def dashboard
|
2016-09-19 16:40:56 -05:00
|
|
|
authorize :admin, :dashboard?
|
2016-08-18 18:22:57 -05:00
|
|
|
@quizzes = Quiz.includes(:questions).all
|
|
|
|
@users = User.order(:role, :name)
|
2016-08-18 15:35:17 -05:00
|
|
|
end
|
|
|
|
|
2016-09-19 14:25:17 -05:00
|
|
|
def current_user
|
|
|
|
@current_user ||= User.find_by(id: session[:user]) if session[:user]
|
2016-08-18 15:35:17 -05:00
|
|
|
end
|
2016-09-19 14:25:17 -05:00
|
|
|
helper_method :current_user
|
2016-08-18 15:35:17 -05:00
|
|
|
|
|
|
|
private
|
|
|
|
|
2016-09-19 14:25:17 -05:00
|
|
|
def authorize_user
|
|
|
|
redirect_to admin_login_path unless current_user
|
2016-08-18 15:35:17 -05:00
|
|
|
end
|
2016-09-19 16:40:56 -05:00
|
|
|
|
|
|
|
def user_not_authorized
|
|
|
|
flash[:error] = "You are not authorized to perform this action."
|
2016-09-20 14:22:20 -05:00
|
|
|
redirect_to(request.referer || admin_login_path)
|
2016-09-19 16:40:56 -05:00
|
|
|
end
|
2016-08-17 17:49:09 -05:00
|
|
|
end
|