move recruiter to admin/candidate

app/controllers/admin/candidate_controller.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+module Admin
+  class CandidateController < AdminController
+    before_action :collect_quizzes, except: [:login, :auth]
+
+    def index
+      @candidates = policy_scope current_recruiter.candidates
+    end
+
+    def new
+      authorize Candidate
+      @candidate = Candidate.new
+      render :new
+    end
+
+    def create
+      authorize Candidate
+      @candidate = Candidate.create(candidate_params.merge(recruiter_id: current_recruiter.id))
+
+      if @candidate.persisted?
+        send_notifications @candidate
+        redirect_to admin_candidate_path,
+                    flash: { success: "Sucessfully created candidate #{@candidate.name}" }
+      else
+        flash[:error] = "Failed to save candidate."
+        render :new
+      end
+    end
+
+    def edit
+      authorize Candidate
+      @candidate = Candidate.find_by(id: params[:id])
+    end
+
+    def update
+      authorize Candidate
+      @candidate = Candidate.find_by(id: params[:id])
+      @candidate.update(candidate_params)
+
+      if @candidate.save
+        redirect_to admin_candidate_path, flash: { success: "#{@candidate.name} updated!" }
+      else
+        flash[:error] = "Failed to save candidate."
+        render :edit
+      end
+    end
+
+    def resend_welcome
+      authorize Candidate
+      candidate = Candidate.find_by(id: params[:id])
+      CandidateMailer.welcome(candidate).deliver_later
+      render json: { message: "Email queued!" }.to_json
+    end
+
+    private
+
+      def candidate_params
+        params.require(:candidate).permit(:name, :email, :experience, :quiz_id)
+      end
+
+      def collect_quizzes
+        @quizzes ||= Quiz.order(:name)
+      end
+
+      def send_notifications candidate
+        CandidateMailer.welcome(candidate).deliver_later
+        RecruiterMailer.candidate_created(candidate).deliver_later
+      end
+  end
+end

app/controllers/recruiter_controller.rb

@@ -1,80 +0,0 @@
-# frozen_string_literal: true
-class RecruiterController < ApplicationController
-  before_action :authorize_recruiter, except: [:login, :auth]
-  before_action :collect_quizzes, except: [:login, :auth]
-
-  def index
-    @candidates = current_recruiter.candidates
-  end
-
-  def new
-    @candidate = Candidate.new
-    render :new
-  end
-
-  def create
-    @candidate = Candidate.create(candidate_params.merge(recruiter_id: current_recruiter.id))
-
-    if @candidate.persisted?
-      CandidateMailer.welcome(@candidate).deliver_later
-      RecruiterMailer.candidate_created(@candidate).deliver_later
-      redirect_to recruiter_path, flash: { success: "Sucessfully created candidate #{@candidate.name}" }
-    else
-      flash[:error] = "Failed to save candidate."
-      render :new
-    end
-  end
-
-  def edit
-    @candidate = Candidate.find_by(id: params[:id])
-  end
-
-  def update
-    @candidate = Candidate.find_by(id: params[:id])
-    @candidate.update(candidate_params)
-
-    if @candidate.save
-      redirect_to recruiter_path, flash: { success: "#{@candidate.name} updated!" }
-    else
-      flash[:error] = "Failed to save candidate."
-      render :edit
-    end
-  end
-
-  def login
-    redirect_to recruiter_path unless current_recruiter.nil?
-  end
-
-  def auth
-    recruiter = User.find_by(email: auth_params[:email], role: %w(admin recruiter))
-
-    if recruiter && recruiter.authenticate(auth_params[:password])
-      session[:user] = recruiter.to_i
-      redirect_to recruiter_path
-    else
-      redirect_to recruiter_login_path,
-                  flash: { error: "Sorry, incorrect email or password. Please try again." }
-    end
-  end
-
-  def logout
-    reset_session
-    redirect_to recruiter_login_path
-  end
-
-  def resend_welcome
-    candidate = Candidate.find_by(id: params[:id])
-    CandidateMailer.welcome(candidate).deliver_later
-    render json: { message: "Email queued!" }.to_json
-  end
-
-  private
-
-    def candidate_params
-      params.require(:candidate).permit(:name, :email, :experience, :quiz_id)
-    end
-
-    def collect_quizzes
-      @quizzes ||= Quiz.order(:name)
-    end
-end

app/models/user.rb

@@ -20,7 +20,15 @@ class User < ApplicationRecord
     'admin' == role
   end
 
+  def acts_as_admin?
+    'admin' == role
+  end
+
   def manager?
+    'manager' == role
+  end
+
+  def acts_as_manager?
     %w(admin manager).include? role
   end
 
@@ -28,10 +36,18 @@ class User < ApplicationRecord
     'recruiter' == role
   end
 
+  def acts_as_recruiter?
+    %w(admin recruiter).include? role
+  end
+
   def reviewer?
     'reviewer' == role
   end
 
+  def acts_as_reviewer?
+    %w(admin reviewer).include? role
+  end
+
   private
 
     def gen_reset_token

app/policies/candidate_policy.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+class CandidatePolicy < ApplicationPolicy
+  # Candidate Access Policy
+  #
+  # Only Recruiters and Admins can view, create, or update, candidates
+
+  def index?
+    user.acts_as_recruiter?
+  end
+
+  def view?
+    user.acts_as_recruiter?
+  end
+
+  def create?
+    user.acts_as_recruiter?
+  end
+
+  def update?
+    user.acts_as_recruiter?
+  end
+
+  def resend_welcome?
+    user.acts_as_recruiter?
+  end
+
+  class Scope < Scope
+    def resolve
+      return scope if user.acts_as_recruiter?
+      raise Pundit::NotAuthorizedError, "No Access to Resource"
+    end
+  end
+end

app/policies/question_policy.rb

@@ -8,27 +8,27 @@ class QuestionPolicy < ApplicationPolicy
 
   def view?
     return false if user.recruiter?
-    return true if user.admin? || user.manager?
+    return true if user.acts_as_manager?
     user.quizzes.include? record.quiz
   end
 
+  def options?
+    view?
+  end
+
   def create?
-    user.manager? || user.admin?
+    user.acts_as_manager?
   end
 
   def update?
-    user.manager? || user.admin?
-  end
-
-  def options?
-    !user.recruiter?
+    user.acts_as_manager?
   end
 
   class Scope < Scope
     def resolve
       raise(Pundit::NotAuthorizedError, 'No Access to resource.') if user.recruiter?
 
-      if user.admin? || user.manager?
+      if user.acts_as_manager?
         scope
       else
         scope.where(quiz_id: user.quizzes.map(&:id))

app/policies/quiz_policy.rb

@@ -11,16 +11,16 @@ class QuizPolicy < ApplicationPolicy
   end
 
   def view?
-    return true if user.admin? || user.manager?
+    return true if user.acts_as_manager?
     user.quizzes.include? record
   end
 
   def create?
-    user.manager? || user.admin?
+    user.acts_as_manager?
   end
 
   def update?
-    user.manager? || user.admin?
+    user.acts_as_manager?
   end
 
   class Scope < Scope

app/policies/user_policy.rb

@@ -6,29 +6,29 @@ class UserPolicy < ApplicationPolicy
   # All other users can only access themselves (profile interface)
 
   def index?
-    user.admin?
+    user.acts_as_admin?
   end
 
   def view?
-    user.admin? || user == record
+    user.acts_as_admin? || user == record
   end
 
   def create?
-    user.admin?
+    user.acts_as_admin?
   end
 
   def update?
-    user.admin? || user == record
+    user.acts_as_admin? || user == record
   end
 
   def permitted_attributes
-    return [:name, :email, :role, :password, quiz_ids: []] if user.admin?
+    return [:name, :email, :role, :password, quiz_ids: []] if user.acts_as_admin?
     [:name, :email, :password, :password_confirmation]
   end
 
   class Scope < Scope
     def resolve
-      return scope if user.admin?
+      return scope if user.acts_as_admin?
       scope.where(id: user.id)
     end
   end

app/views/admin/candidate/edit.html.erb

@@ -0,0 +1,6 @@
+<main class="intro_tpl">
+  <h1>Edit: <%= @candidate.name %></h1>
+  <p><strong>Test ID: </strong><%= @candidate.test_hash %></p>
+
+  <%= render partial: 'form', locals: { action: admin_update_candidate_path(@candidate.id), candidate: @candidate, quizzes: @quizzes } %>
+</main>

app/views/admin/candidate/index.html.erb

@@ -1,7 +1,7 @@
 <main class="summary_tpl">
   <h1>Candidates</h1>
 
-  <%= link_to(new_candidate_path, { class: 'secondary-btn' }) do %>
+  <%= link_to(admin_new_candidate_path, { class: 'secondary-btn' }) do %>
     <button>Create New Candidate</button>
   <% end %>
 
@@ -18,12 +18,12 @@
 
     <% @candidates.each do |candidate| %>
       <tr>
-        <td><%= link_to candidate.name, edit_candidate_path(candidate.id) %></td>
+        <td><%= link_to candidate.name, admin_edit_candidate_path(candidate.id) %></td>
         <td><%= candidate.test_hash %></td>
         <td>
           <%= mail_to(candidate.email) %>
           <br />
-          <%= link_to "resend welcome email", resend_welcome_path(candidate.id), remote: true, class: '', data: { id: 'ajax-action' } %>
+          <%= link_to "resend welcome email", admin_resend_welcome_path(candidate.id), remote: true, class: '', data: { id: 'ajax-action' } %>
         </td>
         <td><%= candidate.experience %> years</td>
         <td><%= candidate.status %></td>

app/views/admin/candidate/new.html.erb

@@ -0,0 +1,6 @@
+<main class="intro_tpl">
+  <h1>New Candidate</h1>
+
+  <%= render partial: 'form', locals:
+               { action: admin_create_candidate_path, candidate: @candidate, quizzes: @quizzes } %>
+</main>

app/views/recruiter/edit.html.erb

@@ -1,6 +0,0 @@
-<main class="intro_tpl">
-  <h1>Edit: <%= @candidate.name %></h1>
-  <p><strong>Test ID: </strong><%= @candidate.test_hash %></p>
-
-  <%= render partial: 'form', locals: { action: update_candidate_path(@candidate.id), candidate: @candidate, quizzes: @quizzes } %>
-</main>

app/views/recruiter/login.html.erb

@@ -1,21 +0,0 @@
-<main class="intro_tpl">
-  <h1>Recruiter Login</h1>
-
-  <% if flash[:error].present? %>
-    <div class="error"><%= flash[:error] %></div>
-  <% end %>
-
-  <%= form_for :auth, url: recruiter_login_path do |form| %>
-    <div class="form-group">
-      <%= form.label :email %>
-      <%= form.email_field :email %>
-    </div>
-
-    <div class="form-group">
-      <%= form.label :password %>
-      <%= form.password_field :password %>
-    </div>
-
-    <%= submit_tag "Log in" %>
-  <% end %>
-</main>

app/views/recruiter/new.html.erb

@@ -1,6 +0,0 @@
-<main class="intro_tpl">
-  <h1>New Candidate</h1>
-
-  <%= render partial: 'form', locals:
-               { action: create_candidate_path, candidate: @candidate, quizzes: @quizzes } %>
-</main>