Initial commit

app/controllers/admin/accounts_controller.rb

@@ -0,0 +1,73 @@
+class Admin::AccountsController < Admin::ApplicationController
+  before_action :set_account, only: [:show, :edit, :update]
+
+  def index
+    @accounts = filtered_accounts.order_by_name.paginate(page: params[:page])
+  end
+
+  def new
+    @account = build_account
+  end
+
+  def create
+    @account = build_account(account_params)
+    if @account.save
+      redirect_to account_auths_path({ account_id: @account.id }), notice: t(".notice")
+    else
+      render :new
+    end
+  end
+
+  def show
+    @videos = filtered_account_videos.order(created_at: :desc, project_id: :desc).paginate(page: params[:page])
+  end
+
+  def edit
+  end
+
+  def update
+    if @account.update(account_params)
+      redirect_to admin_accounts_path, notice: t(".notice")
+    else
+      render :edit
+    end
+  end
+
+  private
+
+  def set_account
+    @account = find_account
+  end
+
+  def find_account
+    authorize accounts.find_by(slug: params[:id])
+  end
+
+  def accounts
+    policy_scope(Account)
+  end
+
+  def build_account(params = {})
+    authorize accounts.new(params)
+  end
+
+  def account_params
+    params.require(:account).permit(:name, :plan_uid)
+  end
+
+  def filtered_accounts
+    if params[:query].present?
+      accounts.search(params[:query])
+    else
+      accounts
+    end
+  end
+
+  def filtered_account_videos
+    if params[:query].present?
+      @account.videos.search(params[:query])
+    else
+      @account.videos
+    end
+  end
+end

app/controllers/admin/application_controller.rb

@@ -0,0 +1,18 @@
+class Admin::ApplicationController < ActionController::Base
+  include Oath::ControllerHelpers # Methods for authentication
+  include Pundit # Methods for authorization
+
+  before_action :require_login
+  include SetCurrentRequestDetails
+  before_action :require_admin_login
+  after_action :verify_authorized, except: :index
+  after_action :verify_policy_scoped, only: :index
+
+  private
+
+  def require_admin_login
+    if !Current.user.admin?
+      redirect_to signed_in_root_url, alert: "You are not authorized to access this"
+    end
+  end
+end

app/controllers/admin/masquerades_controller.rb

@@ -0,0 +1,33 @@
+class Admin::MasqueradesController < Admin::ApplicationController
+  before_action :set_user, only: [:create]
+  skip_before_action :require_admin_login, only: [:destroy]
+
+  def create
+    authorize :masquerade, :create?
+    session[:admin_id] = current_user.id
+    sign_in @user
+    redirect_to signed_in_root_path
+  end
+
+  def destroy
+    authorize :masquerade, :destroy?
+    sign_in User.find session[:admin_id]
+    session.delete(:admin_id)
+    session.delete(:active_account)
+    redirect_to admin_users_path
+  end
+
+  private
+
+  def set_user
+    @user = find_user
+  end
+
+  def users
+    policy_scope User
+  end
+
+  def find_user
+    authorize users.find(params[:user_id])
+  end
+end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,90 @@
+class Admin::UsersController < Admin::ApplicationController
+  before_action :set_user, only: [:edit, :update]
+
+  def index
+    @users = filtered_users.order("email")
+  end
+
+  def new
+    @user = build_user
+    @accounts = accounts
+  end
+
+  def create
+    auth_params = user_create_params.slice(:account_id, :role)
+
+    @user = authorize sign_up(user_create_params.except(:account_id, :role))
+
+    if @user.valid?
+      account = accounts.find(auth_params[:account_id])
+      @user.account_auths << AccountAuth.create(user: @user, account: account, role: auth_params[:role])
+      UserMailer.welcome(@user, account).deliver_later
+      redirect_to admin_users_path, notice: t(".notice")
+    else
+      @accounts = accounts
+      render :new
+    end
+  end
+
+  def edit
+    @accounts = accounts
+  end
+
+  def update
+    set_user_password
+
+    if @user.update(user_update_params.except(:password))
+      redirect_to admin_users_path, notice: t(".notice")
+    else
+      @accounts = accounts
+      render :edit
+    end
+  end
+
+  def destroy
+    @user = authorize User.find(params[:id])
+    @user.destroy
+
+    redirect_to admin_users_path, alert: t(".alert")
+  end
+
+  private
+
+  def set_user
+    @user = find_user
+  end
+
+  def accounts
+    policy_scope Account
+  end
+
+  def users
+    policy_scope User
+  end
+
+  def find_user
+    authorize users.find(params[:id])
+  end
+
+  def build_user(params = {})
+    authorize users.new(params)
+  end
+
+  def user_create_params
+    params.require(:user).permit(:email, :password, :admin, :account_id, :role)
+  end
+
+  def user_update_params
+    params.require(:user).permit(:email, :admin, :password)
+  end
+
+  def set_user_password
+    if user_update_params[:password].present?
+      Oath::Services::PasswordReset.new(@user, user_update_params[:password]).perform
+    end
+  end
+
+  def filtered_users
+    params[:query].present? ? users.search(params[:query]) : users
+  end
+end