Add user admin

2025-10-23 21:13:50 +11:00
parent 8cbf0731e0
commit ec2eb27da1
24 changed files with 1086 additions and 7 deletions
--- a/app/controllers/admin/applications_controller.rb
+++ b/app/controllers/admin/applications_controller.rb
@@ -0,0 +1,83 @@
+module Admin
+  class ApplicationsController < BaseController
+    before_action :set_application, only: [:show, :edit, :update, :destroy, :regenerate_credentials]
+
+    def index
+      @applications = Application.order(created_at: :desc)
+    end
+
+    def show
+      @allowed_groups = @application.allowed_groups
+    end
+
+    def new
+      @application = Application.new
+      @available_groups = Group.order(:name)
+    end
+
+    def create
+      @application = Application.new(application_params)
+
+      if @application.save
+        # Handle group assignments
+        if params[:application][:group_ids].present?
+          group_ids = params[:application][:group_ids].reject(&:blank?)
+          @application.allowed_groups = Group.where(id: group_ids)
+        end
+
+        redirect_to admin_application_path(@application), notice: "Application created successfully."
+      else
+        @available_groups = Group.order(:name)
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    def edit
+      @available_groups = Group.order(:name)
+    end
+
+    def update
+      if @application.update(application_params)
+        # Handle group assignments
+        if params[:application][:group_ids].present?
+          group_ids = params[:application][:group_ids].reject(&:blank?)
+          @application.allowed_groups = Group.where(id: group_ids)
+        else
+          @application.allowed_groups = []
+        end
+
+        redirect_to admin_application_path(@application), notice: "Application updated successfully."
+      else
+        @available_groups = Group.order(:name)
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      @application.destroy
+      redirect_to admin_applications_path, notice: "Application deleted successfully."
+    end
+
+    def regenerate_credentials
+      if @application.oidc?
+        @application.update!(
+          client_id: SecureRandom.urlsafe_base64(32),
+          client_secret: SecureRandom.urlsafe_base64(48)
+        )
+        redirect_to admin_application_path(@application), notice: "Credentials regenerated successfully. Make sure to update your application configuration."
+      else
+        redirect_to admin_application_path(@application), alert: "Only OIDC applications have credentials."
+      end
+    end
+
+    private
+
+    def set_application
+      @application = Application.find(params[:id])
+    end
+
+    def application_params
+      params.require(:application).permit(:name, :slug, :app_type, :active, :redirect_uris, :description, :metadata)
+    end
+  end
+end
--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@@ -0,0 +1,14 @@
+module Admin
+  class BaseController < ApplicationController
+    before_action :require_admin
+
+    private
+
+    def require_admin
+      user = Current.session&.user
+      unless user&.admin?
+        redirect_to root_path, alert: "You must be an administrator to access this page."
+      end
+    end
+  end
+end
--- a/app/controllers/admin/dashboard_controller.rb
+++ b/app/controllers/admin/dashboard_controller.rb
@@ -0,0 +1,12 @@
+module Admin
+  class DashboardController < BaseController
+    def index
+      @user_count = User.count
+      @active_user_count = User.active.count
+      @application_count = Application.count
+      @active_application_count = Application.active.count
+      @group_count = Group.count
+      @recent_users = User.order(created_at: :desc).limit(5)
+    end
+  end
+end
--- a/app/controllers/admin/groups_controller.rb
+++ b/app/controllers/admin/groups_controller.rb
@@ -0,0 +1,73 @@
+module Admin
+  class GroupsController < BaseController
+    before_action :set_group, only: [:show, :edit, :update, :destroy]
+
+    def index
+      @groups = Group.order(:name)
+    end
+
+    def show
+      @members = @group.users.order(:email_address)
+      @applications = @group.applications.order(:name)
+      @available_users = User.where.not(id: @members.pluck(:id)).order(:email_address)
+    end
+
+    def new
+      @group = Group.new
+      @available_users = User.order(:email_address)
+    end
+
+    def create
+      @group = Group.new(group_params)
+
+      if @group.save
+        # Handle user assignments
+        if params[:group][:user_ids].present?
+          user_ids = params[:group][:user_ids].reject(&:blank?)
+          @group.users = User.where(id: user_ids)
+        end
+
+        redirect_to admin_group_path(@group), notice: "Group created successfully."
+      else
+        @available_users = User.order(:email_address)
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    def edit
+      @available_users = User.order(:email_address)
+    end
+
+    def update
+      if @group.update(group_params)
+        # Handle user assignments
+        if params[:group][:user_ids].present?
+          user_ids = params[:group][:user_ids].reject(&:blank?)
+          @group.users = User.where(id: user_ids)
+        else
+          @group.users = []
+        end
+
+        redirect_to admin_group_path(@group), notice: "Group updated successfully."
+      else
+        @available_users = User.order(:email_address)
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      @group.destroy
+      redirect_to admin_groups_path, notice: "Group deleted successfully."
+    end
+
+    private
+
+    def set_group
+      @group = Group.find(params[:id])
+    end
+
+    def group_params
+      params.require(:group).permit(:name, :description)
+    end
+  end
+end
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -0,0 +1,70 @@
+module Admin
+  class UsersController < BaseController
+    before_action :set_user, only: [:show, :edit, :update, :destroy]
+
+    def index
+      @users = User.order(created_at: :desc)
+    end
+
+    def show
+    end
+
+    def new
+      @user = User.new
+    end
+
+    def create
+      @user = User.new(user_params)
+      @user.password = SecureRandom.alphanumeric(16) if user_params[:password].blank?
+
+      if @user.save
+        redirect_to admin_users_path, notice: "User created successfully."
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    def edit
+    end
+
+    def update
+      # Prevent changing params for the current user's email and admin status
+      # to avoid locking themselves out
+      update_params = user_params.dup
+
+      if @user == Current.session.user
+        update_params.delete(:admin)
+      end
+
+      # Only update password if provided
+      update_params.delete(:password) if update_params[:password].blank?
+
+      if @user.update(update_params)
+        redirect_to admin_users_path, notice: "User updated successfully."
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      # Prevent admin from deleting themselves
+      if @user == Current.session.user
+        redirect_to admin_users_path, alert: "You cannot delete your own account."
+        return
+      end
+
+      @user.destroy
+      redirect_to admin_users_path, notice: "User deleted successfully."
+    end
+
+    private
+
+    def set_user
+      @user = User.find(params[:id])
+    end
+
+    def user_params
+      params.require(:user).permit(:email_address, :password, :admin, :status)
+    end
+  end
+end