# frozen_string_literal: true class AdminController < ApplicationController include Pundit layout 'admin' before_action :authorize_user after_action :verify_authorized, except: :index after_action :verify_policy_scoped, only: :index rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized # TODO: move to DashboardController#index def dashboard authorize :admin, :dashboard? @quizzes = Quiz.includes(:questions).all @users = User.order(:role, :name) end def current_user @current_user ||= User.find_by(id: session[:user]) if session[:user] end helper_method :current_user private def authorize_user redirect_to admin_login_path unless current_user end def user_not_authorized flash[:error] = "You are not authorized to perform this action." redirect_to(request.referer || admin_login_path) end end