routes.rb: use 'authenticate' block from devise instead of defining the constraint ourselves

config/routes.rb

@@ -2,9 +2,8 @@ require 'sidekiq/web'
 Rails.application.routes.draw do
   start = Time.now
 
-  # Sidekiq
-  constraints ->(req) { req.env["warden"].authenticate?(scope: :user) &&
-                        req.env["warden"].user.has_role?(:administrator) } do
+  # Routes only accessible by admins (admin panels, sidekiq, pghero)
+  authenticate :user, ->(user) { user.has_role?(:administrator) } do
     # Admin panel
     mount RailsAdmin::Engine => "/justask_admin", as: "rails_admin"
 
@@ -19,9 +18,8 @@ Rails.application.routes.draw do
     match "/admin/announcements/:id", to: "announcement#destroy", via: :delete, as: :announcement_destroy
   end
 
-  # Moderation panel
-  constraints ->(req) { req.env["warden"].authenticate?(scope: :user) &&
-                        req.env["warden"].user.mod? } do
+  # Routes only accessible by moderators (moderation panel)
+  authenticate :user, ->(user) { user.mod? } do
     match '/moderation/unmask', to: 'moderation#toggle_unmask', via: :post, as: :moderation_toggle_unmask
     match '/moderation/priority(/:user_id)', to: 'moderation#priority', via: :get, as: :moderation_priority
     match '/moderation/ip/:user_id', to: 'moderation#ip', via: :get, as: :moderation_ip

spec/integration/role_constrained_routes_spec.rb

@@ -6,8 +6,9 @@ require "support/pghero_stubby"
 describe "role-constrained routes", type: :request do
   shared_examples_for "fails to access route" do
     it "fails to access route" do
+      # 302 = redirect to login
       # 404 = no user found -- we have a fallback route if something could not be matched
-      expect(subject).to eq 404
+      expect(subject).to be_in [302, 404]
     end
   end