diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index cb5e9bf..5a9a581 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,13 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception def current_recruiter - @current_recruiter ||= User.find_by(id: session[:user]) if session[:user] + user_parms = { id: session[:user], role: %w(admin recruiter) } + @current_recruiter ||= User.find_by(user_parms) if session[:user] + end + + def current_reviewer + user_parms = { id: session[:user], role: %w(admin reviewer) } + @current_reviewer ||= User.find_by(user_parms) if session[:user] end def current_candidate @@ -18,4 +24,8 @@ class ApplicationController < ActionController::Base def authorize_recruiter redirect_to recruiter_login_path unless current_recruiter end + + def authorize_reviewer + redirect_to review_login_path unless current_reviewer + end end diff --git a/app/controllers/recruiter_controller.rb b/app/controllers/recruiter_controller.rb index a6d05c8..c93d19e 100644 --- a/app/controllers/recruiter_controller.rb +++ b/app/controllers/recruiter_controller.rb @@ -26,7 +26,7 @@ class RecruiterController < ApplicationController end def auth - recruiter = User.find_by(email: auth_params[:email]) + recruiter = User.find_by(email: auth_params[:email], role: %w(admin recruiter)) if recruiter && recruiter.authenticate(auth_params[:password]) session[:user] = recruiter.to_i diff --git a/app/controllers/review_controller.rb b/app/controllers/review_controller.rb new file mode 100644 index 0000000..91ae07d --- /dev/null +++ b/app/controllers/review_controller.rb @@ -0,0 +1,33 @@ +class ReviewController < ApplicationController + before_action :authorize_reviewer, except: [:login, :auth] + + def index + @candidates = Candidate.where(completed: true).includes(:recruiter) + end + + def view + @candidate = Candidate.find_by(test_hash: params[:test_hash]) + @quiz = @candidate.my_quiz + @status = QuizStatus.new(@candidate) + end + + def login + redirect_to review_path unless current_reviewer.nil? + end + + def auth + reviewer = User.find_by(email: auth_params[:email], role: %w(admin reviewer)) + + if reviewer && reviewer.authenticate(auth_params[:password]) + session[:user] = reviewer.to_i + redirect_to review_path + else + redirect_to review_login_path, flash: { error: "Sorry, incorrect email or password." } + end + end + + def logout + reset_session + redirect_to review_login_path + end +end diff --git a/app/views/recruiter/index.html.erb b/app/views/recruiter/index.html.erb index 65c7b7d..fb2412a 100644 --- a/app/views/recruiter/index.html.erb +++ b/app/views/recruiter/index.html.erb @@ -1,7 +1,9 @@

Candidates

- <%= link_to "Create New Candidate", new_candidate_path, {class: 'button'} %> + <%= link_to(new_candidate_path, { class: 'secondary-btn' }) do %> + + <% end %> diff --git a/app/views/review/index.html.erb b/app/views/review/index.html.erb new file mode 100644 index 0000000..3601598 --- /dev/null +++ b/app/views/review/index.html.erb @@ -0,0 +1,19 @@ +
+

Completed Tests

+ +
+ + + + + + + <% @candidates.each do |candidate| %> + + + + + + <% end %> +
Test IDExperienceRecruiter
<%= link_to candidate.test_hash, review_test_path(candidate.test_hash) %><%= candidate.experience %> years<%= mail_to(candidate.recruiter.email) %>
+
diff --git a/app/views/review/login.html.erb b/app/views/review/login.html.erb new file mode 100644 index 0000000..6d84f0f --- /dev/null +++ b/app/views/review/login.html.erb @@ -0,0 +1,21 @@ +
+

Reviewer Login

+ + <% if flash[:error].present? %> +
<%= flash[:error] %>
+ <% end %> + + <%= form_for :auth, url: review_login_path do |form| %> +
+ <%= form.label :email %> + <%= form.email_field :email %> +
+ +
+ <%= form.label :password %> + <%= form.password_field :password %> +
+ + <%= submit_tag "Login" %> + <% end %> +
diff --git a/app/views/review/view.html.erb b/app/views/review/view.html.erb new file mode 100644 index 0000000..463fcda --- /dev/null +++ b/app/views/review/view.html.erb @@ -0,0 +1,31 @@ +
+

Quiz Review

+

+ Test ID: <%= @candidate.test_hash %>
+ Years of Experience: <%= @candidate.experience %>
+ Recruiter Email: <%= mail_to @candidate.recruiter.name, @candidate.recruiter.email %>
+

+ + <% @quiz.each do |question| %> + <%= form_for(:answer, url: post_summary_path, html:{id: 'summary-form'}) do |form| %> +
+
+
+

<%= question.question %>

+
+
+ +
+
+ <%= hidden_field_tag 'answer[question_id]', question.question_id %> + <%= render partial: "candidate/#{question.input_type}", locals: {question: question, form: form} %> +
+
+
+ <% end #form_tag %> + <% end #questions loop %> + + <%= link_to(review_path, { class: 'secondary-btn' }) do %> + + <% end %> +
diff --git a/config/routes.rb b/config/routes.rb index 410be75..22e7fbd 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -11,7 +11,11 @@ Rails.application.routes.draw do post "/summary", to: "candidate#update_summary", as: :post_summary get "/summary", to: "candidate#summary", as: :summary + get "/review/logout", to: "review#logout", as: :review_logout + post "/review/login", to: "review#auth", as: :review_auth + get "/review/login", to: "review#login", as: :review_login get "/review", to: "review#index", as: :review + get "/review/:test_hash", to: "review#view", as: :review_test get "/recruiter", to: "recruiter#index", as: :recruiter get "/recruiter/new-candidate", to: "recruiter#new", as: :new_candidate diff --git a/test/controllers/review_controller_test.rb b/test/controllers/review_controller_test.rb new file mode 100644 index 0000000..aa6c188 --- /dev/null +++ b/test/controllers/review_controller_test.rb @@ -0,0 +1,55 @@ +require 'test_helper' + +class ReviewControllerTest < ActionDispatch::IntegrationTest + def setup_auth + post review_auth_url, params: { auth: + { email: 'fed.reviewer@mailinator.com', password: 'password' } } + end + + test "should get login" do + get review_login_url + assert_response :success + end + + test "should require auth or redirect" do + get review_url + assert_redirected_to review_login_path + + get review_test_url(candidates(:richard).test_hash) + assert_redirected_to review_login_path + end + + test "should auth to index" do + setup_auth + assert_redirected_to review_path + assert session[:user].present? + end + + test "should fail auth with flash" do + post review_auth_url, params: { auth: + { email: 'fed.review@mailinator.com', password: 'bad-password' } } + + assert_redirected_to review_login_path + assert flash[:error] + end + + test "should get review list" do + setup_auth + get review_url + assert_response :success + end + + test "should get index" do + setup_auth + + get review_url + assert_response :success + end + + test "should get view" do + setup_auth + + get review_test_url(candidates(:richard).test_hash) + assert_response :success + end +end