routes.rb: use 'authenticate' block from devise instead of defining the constraint ourselves

This commit is contained in:
Georg Gadinger 2022-07-03 23:50:17 +02:00
parent 9cc97ab039
commit 917e32b4fc
2 changed files with 6 additions and 7 deletions

View File

@ -2,9 +2,8 @@ require 'sidekiq/web'
Rails.application.routes.draw do
start = Time.now
# Sidekiq
constraints ->(req) { req.env["warden"].authenticate?(scope: :user) &&
req.env["warden"].user.has_role?(:administrator) } do
# Routes only accessible by admins (admin panels, sidekiq, pghero)
authenticate :user, ->(user) { user.has_role?(:administrator) } do
# Admin panel
mount RailsAdmin::Engine => "/justask_admin", as: "rails_admin"
@ -19,9 +18,8 @@ Rails.application.routes.draw do
match "/admin/announcements/:id", to: "announcement#destroy", via: :delete, as: :announcement_destroy
end
# Moderation panel
constraints ->(req) { req.env["warden"].authenticate?(scope: :user) &&
req.env["warden"].user.mod? } do
# Routes only accessible by moderators (moderation panel)
authenticate :user, ->(user) { user.mod? } do
match '/moderation/unmask', to: 'moderation#toggle_unmask', via: :post, as: :moderation_toggle_unmask
match '/moderation/priority(/:user_id)', to: 'moderation#priority', via: :get, as: :moderation_priority
match '/moderation/ip/:user_id', to: 'moderation#ip', via: :get, as: :moderation_ip

View File

@ -6,8 +6,9 @@ require "support/pghero_stubby"
describe "role-constrained routes", type: :request do
shared_examples_for "fails to access route" do
it "fails to access route" do
# 302 = redirect to login
# 404 = no user found -- we have a fallback route if something could not be matched
expect(subject).to eq 404
expect(subject).to be_in [302, 404]
end
end