dashboard controller
This commit is contained in:
parent
4a70b795e5
commit
7774a1e3f2
10
app/controllers/admin/dashboard_controller.rb
Normal file
10
app/controllers/admin/dashboard_controller.rb
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
module Admin
|
||||||
|
class DashboardController < AdminController
|
||||||
|
def show
|
||||||
|
authorize :dashboard
|
||||||
|
@quizzes = policy_scope Quiz.includes(:questions).all
|
||||||
|
@users = policy_scope User.order(:role, :name)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -4,17 +4,10 @@ class AdminController < ApplicationController
|
|||||||
layout 'admin'
|
layout 'admin'
|
||||||
before_action :authorize_user
|
before_action :authorize_user
|
||||||
|
|
||||||
after_action :verify_authorized, except: :index
|
|
||||||
after_action :verify_policy_scoped, only: :index
|
|
||||||
|
|
||||||
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
||||||
|
|
||||||
# TODO: move to DashboardController#index
|
after_action :verify_authorized, except: :index
|
||||||
def dashboard
|
after_action :verify_policy_scoped, only: :index
|
||||||
authorize :admin, :dashboard?
|
|
||||||
@quizzes = Quiz.includes(:questions).all
|
|
||||||
@users = User.order(:role, :name)
|
|
||||||
end
|
|
||||||
|
|
||||||
def current_user
|
def current_user
|
||||||
@current_user ||= User.find_by(id: session[:user]) if session[:user]
|
@current_user ||= User.find_by(id: session[:user]) if session[:user]
|
||||||
|
@ -15,22 +15,19 @@ class User < ApplicationRecord
|
|||||||
save
|
save
|
||||||
end
|
end
|
||||||
|
|
||||||
# TODO: move to mixin: UserRoles
|
# Roles
|
||||||
def admin?
|
def admin?
|
||||||
'admin' == role
|
'admin' == role
|
||||||
end
|
end
|
||||||
|
|
||||||
# TODO: move to mixin: UserRoles
|
|
||||||
def manager?
|
def manager?
|
||||||
%w(admin manager).include? role
|
%w(admin manager).include? role
|
||||||
end
|
end
|
||||||
|
|
||||||
# TODO: move to mixin: UserRoles
|
|
||||||
def recruiter?
|
def recruiter?
|
||||||
'recruiter' == role
|
'recruiter' == role
|
||||||
end
|
end
|
||||||
|
|
||||||
# TODO: move to mixin: UserRoles
|
|
||||||
def reviewer?
|
def reviewer?
|
||||||
'reviewer' == role
|
'reviewer' == role
|
||||||
end
|
end
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
# frozen_string_literal: true
|
|
||||||
class AdminPolicy < Struct.new(:user, :dashboard)
|
|
||||||
attr_reader :user, :record
|
|
||||||
|
|
||||||
def initialize(user, record)
|
|
||||||
raise Pundit::NotAuthorizedError, "Must be logged in." unless user
|
|
||||||
@user = user
|
|
||||||
@record = record
|
|
||||||
end
|
|
||||||
|
|
||||||
def dashboard?
|
|
||||||
true
|
|
||||||
end
|
|
||||||
|
|
||||||
def scope
|
|
||||||
Pundit.policy_scope!(user, record.class)
|
|
||||||
end
|
|
||||||
|
|
||||||
class Scope
|
|
||||||
attr_reader :user, :scope
|
|
||||||
|
|
||||||
def initialize(user, scope)
|
|
||||||
@user = user
|
|
||||||
@scope = scope
|
|
||||||
end
|
|
||||||
|
|
||||||
def resolve
|
|
||||||
scope
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
14
app/policies/dashboard_policy.rb
Normal file
14
app/policies/dashboard_policy.rb
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
class DashboardPolicy < Struct.new(:user, :dashboard)
|
||||||
|
attr_reader :user, :record
|
||||||
|
|
||||||
|
def initialize(user, record)
|
||||||
|
raise Pundit::NotAuthorizedError, "Must be logged in." unless user
|
||||||
|
@user = user
|
||||||
|
@record = record
|
||||||
|
end
|
||||||
|
|
||||||
|
def show?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
@ -6,6 +6,10 @@ class QuizPolicy < ApplicationPolicy
|
|||||||
# Reviewers can view any quiz they are linked to
|
# Reviewers can view any quiz they are linked to
|
||||||
# Recruiters can only list quiz names (for candidate assignments)
|
# Recruiters can only list quiz names (for candidate assignments)
|
||||||
|
|
||||||
|
def index?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
def view?
|
def view?
|
||||||
return true if user.admin? || user.manager?
|
return true if user.admin? || user.manager?
|
||||||
user.quizzes.include? record
|
user.quizzes.include? record
|
||||||
|
@ -5,6 +5,10 @@ class UserPolicy < ApplicationPolicy
|
|||||||
# Only Admins can view, create, or update, users
|
# Only Admins can view, create, or update, users
|
||||||
# All other users can only access themselves (profile interface)
|
# All other users can only access themselves (profile interface)
|
||||||
|
|
||||||
|
def index?
|
||||||
|
user.admin?
|
||||||
|
end
|
||||||
|
|
||||||
def view?
|
def view?
|
||||||
user.admin? || user == record
|
user.admin? || user == record
|
||||||
end
|
end
|
||||||
@ -25,7 +29,7 @@ class UserPolicy < ApplicationPolicy
|
|||||||
class Scope < Scope
|
class Scope < Scope
|
||||||
def resolve
|
def resolve
|
||||||
return scope if user.admin?
|
return scope if user.admin?
|
||||||
raise Pundit::NotAuthorizedError, "No access to resource."
|
scope.where(id: user.id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -1,15 +0,0 @@
|
|||||||
<%
|
|
||||||
content_for :section_title, "Admin Dashboard"
|
|
||||||
%>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<h1>Quizzes</h1>
|
|
||||||
<%= render partial: 'admin/quiz/table_list', locals: { quizzes: @quizzes } %>
|
|
||||||
<%= link_to('New Quiz', admin_new_quiz_path, { class: 'btn' }) %>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section>
|
|
||||||
<h1>Users</h1>
|
|
||||||
<%= render partial: 'admin/user/table_list', locals: { users: @users } %>
|
|
||||||
<%= link_to('New User', admin_new_user_path, { class: 'btn' }) %>
|
|
||||||
</section>
|
|
35
app/views/admin/dashboard/show.html.erb
Normal file
35
app/views/admin/dashboard/show.html.erb
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
<%
|
||||||
|
content_for :section_title, "Admin Dashboard"
|
||||||
|
%>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
## Admin
|
||||||
|
Users | Dept/Unit | Quizzes | Candidates | Results | Profile | Logout
|
||||||
|
|
||||||
|
## Manager
|
||||||
|
Quizzes | Results | Profile | Logout
|
||||||
|
|
||||||
|
## Recruiter
|
||||||
|
Results | Profile | Logout
|
||||||
|
|
||||||
|
## Reviewer
|
||||||
|
Candidates | Profile | Logout
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
<% if policy(Quiz).index? %>
|
||||||
|
<section>
|
||||||
|
<h1>Quizzes</h1>
|
||||||
|
<%= render partial: 'admin/quiz/table_list', locals: { quizzes: @quizzes } %>
|
||||||
|
<%= link_to('New Quiz', admin_new_quiz_path, { class: 'btn' }) %>
|
||||||
|
</section>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<% if policy(User).index? %>
|
||||||
|
<section>
|
||||||
|
<h1>Users</h1>
|
||||||
|
<%= render partial: 'admin/user/table_list', locals: { users: @users } %>
|
||||||
|
<%= link_to('New User', admin_new_user_path, { class: 'btn' }) %>
|
||||||
|
</section>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
|
@ -37,7 +37,7 @@ Rails.application.routes.draw do
|
|||||||
post "/admin/profile", to: "admin/profile#update", as: :admin_update_profile
|
post "/admin/profile", to: "admin/profile#update", as: :admin_update_profile
|
||||||
get "/admin/profile/edit", to: "admin/profile#edit", as: :admin_edit_profile
|
get "/admin/profile/edit", to: "admin/profile#edit", as: :admin_edit_profile
|
||||||
|
|
||||||
get "/admin", to: "admin#dashboard", as: :admin
|
get "/admin", to: "admin/dashboard#show", as: :admin
|
||||||
|
|
||||||
#########################################################################################
|
#########################################################################################
|
||||||
|
|
||||||
|
18
test/controllers/admin/dashboard_controller_test.rb
Normal file
18
test/controllers/admin/dashboard_controller_test.rb
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
require 'test_helper'
|
||||||
|
|
||||||
|
module Admin
|
||||||
|
class DashboardControllerTest < ActionDispatch::IntegrationTest
|
||||||
|
test "dashboard should require auth" do
|
||||||
|
get admin_url
|
||||||
|
assert_redirected_to admin_login_url
|
||||||
|
end
|
||||||
|
|
||||||
|
test "should get dashboard" do
|
||||||
|
post admin_auth_url, params: { auth:
|
||||||
|
{ email: 'alan.admin@mailinator.com', password: 'password' } }
|
||||||
|
get admin_url
|
||||||
|
assert_response :success
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -2,15 +2,4 @@
|
|||||||
require 'test_helper'
|
require 'test_helper'
|
||||||
|
|
||||||
class AdminControllerTest < ActionDispatch::IntegrationTest
|
class AdminControllerTest < ActionDispatch::IntegrationTest
|
||||||
test "dashboard should require auth" do
|
|
||||||
get admin_url
|
|
||||||
assert_redirected_to admin_login_url
|
|
||||||
end
|
|
||||||
|
|
||||||
test "should get dashboard" do
|
|
||||||
post admin_auth_url, params: { auth:
|
|
||||||
{ email: 'alan.admin@mailinator.com', password: 'password' } }
|
|
||||||
get admin_url
|
|
||||||
assert_response :success
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
@ -13,11 +13,11 @@ class UserPolicyTest < PolicyAssertions::Test
|
|||||||
assert_equal User.count, scope.count
|
assert_equal User.count, scope.count
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should not allow non_admin to scope' do
|
test 'non admins can only scope themselves' do
|
||||||
%i(manager reviewer recruiter).each do |role|
|
%i(manager reviewer recruiter).each do |role|
|
||||||
assert_raise Pundit::NotAuthorizedError, "Failed to raise auth error for #{role}" do
|
scope = UserPolicy::Scope.new(users(role), User).resolve
|
||||||
UserPolicy::Scope.new(users(role), User).resolve
|
assert_equal 1, scope.count, "Scope did not have 1 result for #{role}"
|
||||||
end
|
assert_equal users(role), scope.first, "Scope did not contain self for #{role}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user