dashboard controller

This commit is contained in:
Mark Moser 2016-09-21 17:04:08 -05:00
parent 4a70b795e5
commit 7774a1e3f2
13 changed files with 94 additions and 76 deletions

View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
module Admin
class DashboardController < AdminController
def show
authorize :dashboard
@quizzes = policy_scope Quiz.includes(:questions).all
@users = policy_scope User.order(:role, :name)
end
end
end

View File

@ -4,17 +4,10 @@ class AdminController < ApplicationController
layout 'admin' layout 'admin'
before_action :authorize_user before_action :authorize_user
after_action :verify_authorized, except: :index
after_action :verify_policy_scoped, only: :index
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
# TODO: move to DashboardController#index after_action :verify_authorized, except: :index
def dashboard after_action :verify_policy_scoped, only: :index
authorize :admin, :dashboard?
@quizzes = Quiz.includes(:questions).all
@users = User.order(:role, :name)
end
def current_user def current_user
@current_user ||= User.find_by(id: session[:user]) if session[:user] @current_user ||= User.find_by(id: session[:user]) if session[:user]

View File

@ -15,22 +15,19 @@ class User < ApplicationRecord
save save
end end
# TODO: move to mixin: UserRoles # Roles
def admin? def admin?
'admin' == role 'admin' == role
end end
# TODO: move to mixin: UserRoles
def manager? def manager?
%w(admin manager).include? role %w(admin manager).include? role
end end
# TODO: move to mixin: UserRoles
def recruiter? def recruiter?
'recruiter' == role 'recruiter' == role
end end
# TODO: move to mixin: UserRoles
def reviewer? def reviewer?
'reviewer' == role 'reviewer' == role
end end

View File

@ -1,31 +0,0 @@
# frozen_string_literal: true
class AdminPolicy < Struct.new(:user, :dashboard)
attr_reader :user, :record
def initialize(user, record)
raise Pundit::NotAuthorizedError, "Must be logged in." unless user
@user = user
@record = record
end
def dashboard?
true
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
end
end

View File

@ -0,0 +1,14 @@
# frozen_string_literal: true
class DashboardPolicy < Struct.new(:user, :dashboard)
attr_reader :user, :record
def initialize(user, record)
raise Pundit::NotAuthorizedError, "Must be logged in." unless user
@user = user
@record = record
end
def show?
true
end
end

View File

@ -6,6 +6,10 @@ class QuizPolicy < ApplicationPolicy
# Reviewers can view any quiz they are linked to # Reviewers can view any quiz they are linked to
# Recruiters can only list quiz names (for candidate assignments) # Recruiters can only list quiz names (for candidate assignments)
def index?
true
end
def view? def view?
return true if user.admin? || user.manager? return true if user.admin? || user.manager?
user.quizzes.include? record user.quizzes.include? record

View File

@ -5,6 +5,10 @@ class UserPolicy < ApplicationPolicy
# Only Admins can view, create, or update, users # Only Admins can view, create, or update, users
# All other users can only access themselves (profile interface) # All other users can only access themselves (profile interface)
def index?
user.admin?
end
def view? def view?
user.admin? || user == record user.admin? || user == record
end end
@ -25,7 +29,7 @@ class UserPolicy < ApplicationPolicy
class Scope < Scope class Scope < Scope
def resolve def resolve
return scope if user.admin? return scope if user.admin?
raise Pundit::NotAuthorizedError, "No access to resource." scope.where(id: user.id)
end end
end end
end end

View File

@ -1,15 +0,0 @@
<%
content_for :section_title, "Admin Dashboard"
%>
<section>
<h1>Quizzes</h1>
<%= render partial: 'admin/quiz/table_list', locals: { quizzes: @quizzes } %>
<%= link_to('New Quiz', admin_new_quiz_path, { class: 'btn' }) %>
</section>
<section>
<h1>Users</h1>
<%= render partial: 'admin/user/table_list', locals: { users: @users } %>
<%= link_to('New User', admin_new_user_path, { class: 'btn' }) %>
</section>

View File

@ -0,0 +1,35 @@
<%
content_for :section_title, "Admin Dashboard"
%>
<pre>
## Admin
Users | Dept/Unit | Quizzes | Candidates | Results | Profile | Logout
## Manager
Quizzes | Results | Profile | Logout
## Recruiter
Results | Profile | Logout
## Reviewer
Candidates | Profile | Logout
</pre>
<% if policy(Quiz).index? %>
<section>
<h1>Quizzes</h1>
<%= render partial: 'admin/quiz/table_list', locals: { quizzes: @quizzes } %>
<%= link_to('New Quiz', admin_new_quiz_path, { class: 'btn' }) %>
</section>
<% end %>
<% if policy(User).index? %>
<section>
<h1>Users</h1>
<%= render partial: 'admin/user/table_list', locals: { users: @users } %>
<%= link_to('New User', admin_new_user_path, { class: 'btn' }) %>
</section>
<% end %>

View File

@ -37,7 +37,7 @@ Rails.application.routes.draw do
post "/admin/profile", to: "admin/profile#update", as: :admin_update_profile post "/admin/profile", to: "admin/profile#update", as: :admin_update_profile
get "/admin/profile/edit", to: "admin/profile#edit", as: :admin_edit_profile get "/admin/profile/edit", to: "admin/profile#edit", as: :admin_edit_profile
get "/admin", to: "admin#dashboard", as: :admin get "/admin", to: "admin/dashboard#show", as: :admin
######################################################################################### #########################################################################################

View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
require 'test_helper'
module Admin
class DashboardControllerTest < ActionDispatch::IntegrationTest
test "dashboard should require auth" do
get admin_url
assert_redirected_to admin_login_url
end
test "should get dashboard" do
post admin_auth_url, params: { auth:
{ email: 'alan.admin@mailinator.com', password: 'password' } }
get admin_url
assert_response :success
end
end
end

View File

@ -2,15 +2,4 @@
require 'test_helper' require 'test_helper'
class AdminControllerTest < ActionDispatch::IntegrationTest class AdminControllerTest < ActionDispatch::IntegrationTest
test "dashboard should require auth" do
get admin_url
assert_redirected_to admin_login_url
end
test "should get dashboard" do
post admin_auth_url, params: { auth:
{ email: 'alan.admin@mailinator.com', password: 'password' } }
get admin_url
assert_response :success
end
end end

View File

@ -13,11 +13,11 @@ class UserPolicyTest < PolicyAssertions::Test
assert_equal User.count, scope.count assert_equal User.count, scope.count
end end
test 'should not allow non_admin to scope' do test 'non admins can only scope themselves' do
%i(manager reviewer recruiter).each do |role| %i(manager reviewer recruiter).each do |role|
assert_raise Pundit::NotAuthorizedError, "Failed to raise auth error for #{role}" do scope = UserPolicy::Scope.new(users(role), User).resolve
UserPolicy::Scope.new(users(role), User).resolve assert_equal 1, scope.count, "Scope did not have 1 result for #{role}"
end assert_equal users(role), scope.first, "Scope did not contain self for #{role}"
end end
end end