User management within the the Admin namespace

.env.example

@@ -1,6 +1,7 @@
 RACK_ENV=development
 RAILS_ENV=development
 DOMAIN=.gobierto.dev
+TLD_LENGTH=2
 HOST=gobierto.dev
 PORT=3000
 RAILS_MAX_THREADS=5

README.md

@@ -12,6 +12,7 @@ ___this is a development version, not ready for production___
 
 - [Setting up the development environment](docs/development-environment.md)
 - [Accessing the Admin namespace](docs/admin-namespace.md)
+- [Accessing the User namespace](docs/user-namespace.md)
 
 ## License
 

app/assets/javascripts/module-admin.js

@@ -24,16 +24,7 @@ $(document).on('turbolinks:load', function() {
 
 	});
 
-	$('.tabs li a').click(function(e) {
-    e.preventDefault();
-    $(this).parent().parent().find('li a').removeClass('active');
-    $(this).addClass('active');
-    var tab = $(this).data("tab-target");
-    $('.tab_content').hide();
-    $('.tab_content[data-tab="'+tab+'"]').show();
-  });
-
   $(".stick_in_parent, #stick_in_parent, stick_in_parent").stick_in_parent();
 
 
-});
+});

app/assets/stylesheets/comp-site_header.scss

@@ -6,7 +6,7 @@ header.meta {
 	color: $color_main_negative;
 	padding: 0;
 	margin: 0 0 2em 0;
-	.client_links {
+	.client_links, .user-session-navbar {
 		padding: .75em 0 .6em;
 		margin: 0 0 1em 0;
 		background: $color_secondary;
@@ -26,6 +26,16 @@ header.meta {
 		}
 
 	}
+  .user-session-navbar {
+    background: white;
+    text-align: right;
+    color: $color_text;
+    margin-bottom: 0;
+
+    a {
+      text-decoration: underline;
+    }
+  }
 	.site_header {
 		padding: 5em 0 .5em 0;
 		a {

app/controllers/admin/admin/confirmations_controller.rb

@@ -20,17 +20,20 @@ def create
   end
 
   def show
+    # TODO. Consider extracting this whole action into a service object.
+    #
     admin = Admin.find_by(confirmation_token: params[:confirmation_token])
 
     if admin
       admin.confirm!
       admin.update_session_data(remote_ip)
       sign_in_admin(admin.id)
+
+      redirect_to(after_sign_in_path, notice: "Signed in successfully.")
     else
       flash.now[:alert] = "This URL doesn't seem to be valid."
+      redirect_to admin_root_path
     end
-
-    redirect_to admin_root_path
   end
 
   private

app/controllers/admin/admin/invitation_acceptances_controller.rb

@@ -4,6 +4,8 @@ class Admin::Admin::InvitationAcceptancesController < Admin::BaseController
   layout "admin/sessions"
 
   def show
+    # TODO. Consider extracting this logic into a service object.
+    #
     admin = Admin.find_by(invitation_token: params[:invitation_token])
 
     if admin

app/controllers/admin/admin/passwords_controller.rb

@@ -44,7 +44,8 @@ def update
 
       redirect_to(after_sign_in_path, notice: "Signed in successfully.")
     else
-      flash[:notice] = "There was a problem sending the invitations."
+      flash[:notice] = "There was a problem changing your password."
+      render :edit
     end
   end
 

app/controllers/admin/admins_controller.rb

@@ -4,7 +4,7 @@ def index
   end
 
   def show
-    set_admin
+    @admin = find_admin
   end
 
   def new
@@ -17,7 +17,9 @@ def new
 
   def edit
     @admin = find_admin
-    @admin_form = Admin::AdminForm.new(@admin.attributes.except(*ignored_admin_attributes))
+    @admin_form = Admin::AdminForm.new(
+      @admin.attributes.except(*ignored_admin_attributes)
+    )
 
     set_admin_policy
     set_site_modules
@@ -34,7 +36,7 @@ def create
     set_authorization_levels
 
     if @admin_form.save
-      redirect_to admin_admins_path, notice: 'Admin was successfully created.'
+      redirect_to admin_admins_path, notice: "Admin was successfully created."
     else
       render :new
     end
@@ -51,7 +53,7 @@ def update
     set_activities
 
     if @admin_form.save
-      redirect_to admin_admins_path, notice: 'Admin was successfully updated.'
+      redirect_to admin_admins_path, notice: "Admin was successfully updated."
     else
       render :edit
     end

app/controllers/admin/base_controller.rb

@@ -1,6 +1,6 @@
 class Admin::BaseController < ApplicationController
-  include SessionHelper
-  include SiteSessionHelper
+  include Admin::SessionHelper
+  include Admin::SiteSessionHelper
 
   before_action :authenticate_admin!
 

app/controllers/admin/users/passwords_controller.rb

@@ -0,0 +1,32 @@
+class Admin::Users::PasswordsController < Admin::BaseController
+  def new
+    @user = find_user
+    @user_password_form = Admin::UserPasswordForm.new
+  end
+
+  def create
+    @user = find_user
+    @user_password_form = Admin::UserPasswordForm.new(
+      user_password_params.merge(id: params[:user_id])
+    )
+
+    if @user_password_form.save
+      redirect_to edit_admin_user_path(@user), notice: "User password was successfully updated."
+    else
+      render :new
+    end
+  end
+
+  private
+
+  def find_user
+    User.find(params[:user_id])
+  end
+
+  def user_password_params
+    params.require(:user_password).permit(
+      :password,
+      :password_confirmation
+    )
+  end
+end

app/controllers/admin/users/welcome_messages_controller.rb

@@ -0,0 +1,15 @@
+class Admin::Users::WelcomeMessagesController < Admin::BaseController
+  def create
+    @user_welcome_message_form = Admin::UserWelcomeMessageForm.new(
+      id: params[:user_id]
+    )
+
+    if @user_welcome_message_form.save
+      flash[:notice] = "The message has been sent."
+    else
+      flash[:alert] = "The message could not be sent. Please try again."
+    end
+
+    redirect_to request.referrer
+  end
+end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,51 @@
+class Admin::UsersController < Admin::BaseController
+  def index
+    @users = User.sorted.all
+  end
+
+  def show
+    @user = find_user
+  end
+
+  def edit
+    @user = find_user
+    @user_form = Admin::UserForm.new(
+      @user.attributes.except(*ignored_user_attributes)
+    )
+  end
+
+  def update
+    @user_form = Admin::UserForm.new(user_params.merge(id: params[:id]))
+
+    if @user_form.save
+      redirect_to admin_users_path, notice: "User was successfully updated."
+    else
+      render :edit
+    end
+  end
+
+  private
+
+  def find_user
+    User.find(params[:id])
+  end
+
+  def user_params
+    params.require(:user).permit(
+      :name,
+      :bio,
+      :email
+    )
+  end
+
+  def ignored_user_attributes
+    %w(
+      created_at updated_at
+      password_digest
+      confirmation_token reset_password_token
+      creation_ip last_sign_in_ip
+      last_sign_in_at
+      source_site_id
+    )
+  end
+end

app/controllers/concerns/user/session_helper.rb

@@ -0,0 +1,51 @@
+module User::SessionHelper
+  extend ActiveSupport::Concern
+
+  private
+
+  def current_user
+    @current_user ||= find_current_user
+  end
+
+  def user_signed_in?
+    current_user.present?
+  end
+
+  def sign_in_user(user_id)
+    session[:user_id] = user_id
+  end
+
+  def sign_out_user
+    @current_user = session[:user_id] = nil
+  end
+
+  def authenticate_user!
+    raise_user_not_signed_in unless user_signed_in?
+  end
+
+  def find_current_user
+    User.confirmed.find_by(id: session[:user_id])
+  end
+
+  def after_sign_in_path
+    root_path
+  end
+
+  def after_sign_out_path
+    root_path
+  end
+
+  def raise_user_not_signed_in
+    redirect_to(
+      new_user_sessions_path,
+      alert: "We need you to sign in to continue."
+    )
+  end
+
+  def raise_user_not_authorized
+    redirect_to(
+      request.referrer || user_root_path,
+      alert: "You are not authorized to perform this action."
+    )
+  end
+end

app/controllers/gobierto_budgets/application_controller.rb

@@ -1,3 +1,7 @@
 class GobiertoBudgets::ApplicationController < ApplicationController
+  include User::SessionHelper
+
+  helper_method :current_user, :user_signed_in?
+
   layout "gobierto_budgets/application"
 end

app/controllers/user/base_controller.rb

@@ -0,0 +1,7 @@
+class User::BaseController < ApplicationController
+  include User::SessionHelper
+
+  helper_method :current_user, :user_signed_in?
+
+  layout "application"
+end

app/controllers/user/confirmations_controller.rb

@@ -0,0 +1,47 @@
+class User::ConfirmationsController < User::BaseController
+  def new
+    @user_confirmation_form = User::ConfirmationForm.new
+  end
+
+  def create
+    @user_confirmation_form = User::ConfirmationForm.new(
+      user_confirmation_params.merge(site: current_site)
+    )
+
+    if @user_confirmation_form.save
+      flash.now[:notice] = "Please check your inbox to get instructions."
+    else
+      flash.now[:alert] = "The email address specified doesn't seem to be valid."
+    end
+
+    render :new
+  end
+
+  def show
+    # TODO. Consider extracting this logic into a service object.
+    #
+    user = User.find_by(confirmation_token: params[:confirmation_token])
+
+    if user
+      user.confirm!
+      user.update_session_data(remote_ip)
+      deliver_welcome_email
+      sign_in_user(user.id)
+
+      redirect_to(after_sign_in_path, notice: "Signed in successfully.")
+    else
+      flash.now[:alert] = "This URL doesn't seem to be valid."
+      redirect_to root_path
+    end
+  end
+
+  private
+
+  def user_confirmation_params
+    params.require(:user_confirmation).permit(:email)
+  end
+
+  def deliver_welcome_email
+    User::UserMailer.welcome(user, current_site).deliver_later
+  end
+end