Chore: Add Account Users to Admin Panel (chatwoot#859)

- Show errors on login page
- Dashboard for admin panel

app/controllers/super_admin/account_users_controller.rb

@@ -0,0 +1,44 @@
+class SuperAdmin::AccountUsersController < SuperAdmin::ApplicationController
+  # Overwrite any of the RESTful controller actions to implement custom behavior
+  # For example, you may want to send an email after a foo is updated.
+  #
+  # def update
+  #   super
+  #   send_foo_updated_email(requested_resource)
+  # end
+
+  # Override this method to specify custom lookup behavior.
+  # This will be used to set the resource for the `show`, `edit`, and `update`
+  # actions.
+  #
+  # def find_resource(param)
+  #   Foo.find_by!(slug: param)
+  # end
+
+  # The result of this lookup will be available as `requested_resource`
+
+  # Override this if you have certain roles that require a subset
+  # this will be used to set the records shown on the `index` action.
+  #
+  # def scoped_resource
+  #   if current_user.super_admin?
+  #     resource_class
+  #   else
+  #     resource_class.with_less_stuff
+  #   end
+  # end
+
+  # Override `resource_params` if you want to transform the submitted
+  # data before it's persisted. For example, the following would turn all
+  # empty values into nil values. It uses other APIs such as `resource_class`
+  # and `dashboard`:
+  #
+  # def resource_params
+  #   params.require(resource_class.model_name.param_key).
+  #     permit(dashboard.permitted_attributes).
+  #     transform_values { |value| value == "" ? nil : value }
+  # end
+
+  # See https://administrate-prototype.herokuapp.com/customizing_controller_actions
+  # for more information
+end

app/controllers/super_admin/devise/sessions_controller.rb

@@ -6,7 +6,7 @@ def new
   end
 
   def create
-    return unless valid_credentials?
+    redirect_to(super_admin_session_path, flash: { error: @error_message }) && return unless valid_credentials?
 
     sign_in(@super_admin, scope: :super_admin)
     flash.discard
@@ -23,6 +23,11 @@ def destroy
 
   def valid_credentials?
     @super_admin = SuperAdmin.find_by!(email: params[:super_admin][:email])
-    @super_admin.valid_password?(params[:super_admin][:password])
+    raise StandardError, 'Invalid Password' unless @super_admin.valid_password?(params[:super_admin][:password])
+
+    true
+  rescue StandardError => e
+    @error_message = e.message
+    false
   end
 end

app/dashboards/account_user_dashboard.rb

@@ -0,0 +1,75 @@
+require 'administrate/base_dashboard'
+
+class AccountUserDashboard < Administrate::BaseDashboard
+  # ATTRIBUTE_TYPES
+  # a hash that describes the type of each of the model's fields.
+  #
+  # Each different type represents an Administrate::Field object,
+  # which determines how the attribute is displayed
+  # on pages throughout the dashboard.
+  ATTRIBUTE_TYPES = {
+    account: Field::BelongsTo,
+    user: Field::BelongsTo,
+    inviter: Field::BelongsTo.with_options(class_name: 'User'),
+    id: Field::Number,
+    role: Field::String.with_options(searchable: false),
+    inviter_id: Field::Number,
+    created_at: Field::DateTime,
+    updated_at: Field::DateTime
+  }.freeze
+
+  # COLLECTION_ATTRIBUTES
+  # an array of attributes that will be displayed on the model's index page.
+  #
+  # By default, it's limited to four items to reduce clutter on index pages.
+  # Feel free to add, remove, or rearrange items.
+  COLLECTION_ATTRIBUTES = %i[
+    account
+    user
+    inviter
+    id
+  ].freeze
+
+  # SHOW_PAGE_ATTRIBUTES
+  # an array of attributes that will be displayed on the model's show page.
+  SHOW_PAGE_ATTRIBUTES = %i[
+    account
+    user
+    inviter
+    id
+    role
+    inviter_id
+    created_at
+    updated_at
+  ].freeze
+
+  # FORM_ATTRIBUTES
+  # an array of attributes that will be displayed
+  # on the model's form (`new` and `edit`) pages.
+  FORM_ATTRIBUTES = %i[
+    account
+    user
+    inviter
+    role
+    inviter_id
+  ].freeze
+
+  # COLLECTION_FILTERS
+  # a hash that defines filters that can be used while searching via the search
+  # field of the dashboard.
+  #
+  # For example to add an option to search for open resources by typing "open:"
+  # in the search field:
+  #
+  #   COLLECTION_FILTERS = {
+  #     open: ->(resources) { resources.where(open: true) }
+  #   }.freeze
+  COLLECTION_FILTERS = {}.freeze
+
+  # Overwrite this method to customize how account users are displayed
+  # across all pages of the admin dashboard.
+  #
+  # def display_resource(account_user)
+  #   "AccountUser ##{account_user.id}"
+  # end
+end

app/javascript/dashboard/assets/scss/super_admin/index.scss

@@ -3,3 +3,13 @@
 .superadmin-body {
   background: $color-background;
 }
+
+.alert-box {
+  background-color: $alert-color;
+  border-radius: 5px;
+  color: $color-white;
+  font-size: 14px;
+  margin-bottom: 14px;
+  padding: 10px;
+  text-align: center;
+}

app/views/super_admin/application/_navigation.html.erb

@@ -12,9 +12,8 @@ as defined by the routes in the `admin/` namespace
 
 
 <nav class="navigation" role="navigation">
-  <%= link_to "Back to app", root_url, class: "button button--alt" %>
-  <%= link_to "Logout", super_admin_logout_url , class: "button button--alt" %>
-
+  <%= link_to "Dashboard", super_admin_root_url, class: "button button--alt" %>
+
   <% Administrate::Namespace.new(namespace).resources.each do |resource| %>
     <%= link_to(
       display_resource_name(resource),
@@ -24,4 +23,8 @@ as defined by the routes in the `admin/` namespace
   <% end %>
 
   <%= link_to "Sidekiq", sidekiq_web_url , class: "button" %>
+
+  <div style="margin-top: 300px;">
+    <%= link_to "Logout", super_admin_logout_url , class: "button button--alt" %>
+  </div>
 </nav>

app/views/super_admin/devise/sessions/new.html.erb

@@ -17,6 +17,9 @@
           <div class="small-12 medium-4 column">
             <%= form_for(resource, as: resource_name, url: '/super_admin/sign_in', html: { class: 'login-box column align-self-top'}) do |f| %>
               <div class="column log-in-form">
+                <% if flash[:error].present? %>
+                <div data-alert class="alert-box warning"><%= flash[:error] %></div>
+                <% end %>
                 <label>
                   Email
                   <%= f.email_field :email, autofocus: true, autocomplete: "email", placeholder: "Email eg: [email protected]" %>

config/routes.rb

@@ -174,6 +174,7 @@
     namespace :super_admin do
       resources :users
       resources :accounts
+      resources :account_users
       resources :super_admins
       resources :access_tokens
 

spec/controllers/super_admin/account_users_controller_spec.rb

@@ -0,0 +1,26 @@
+require 'rails_helper'
+
+RSpec.describe 'Super Admin Account Users API', type: :request do
+  let(:super_admin) { create(:super_admin) }
+
+  describe 'GET /super_admin/account_users' do
+    context 'when it is an unauthenticated super admin' do
+      it 'returns unauthorized' do
+        get '/super_admin/account_users'
+        expect(response).to have_http_status(:redirect)
+      end
+    end
+
+    context 'when it is an authenticated super admin' do
+      let!(:account_user) { create(:account_user) }
+
+      it 'shows the list of account users' do
+        sign_in super_admin
+        get '/super_admin/account_users'
+        expect(response).to have_http_status(:success)
+        expect(response.body).to include(account_user.account.id.to_s)
+        expect(response.body).to include(account_user.user.id.to_s)
+      end
+    end
+  end
+end

spec/controllers/super_admin/users_controller_spec.rb

@@ -6,7 +6,7 @@
   describe 'GET /super_admin/users' do
     context 'when it is an unauthenticated super admin' do
       it 'returns unauthorized' do
-        get '/super_admin/'
+        get '/super_admin/users'
         expect(response).to have_http_status(:redirect)
       end
     end
@@ -16,7 +16,7 @@
 
       it 'shows the list of users' do
         sign_in super_admin
-        get '/super_admin'
+        get '/super_admin/users'
         expect(response).to have_http_status(:success)
         expect(response.body).to include('New user')
         expect(response.body).to include(user.name)