Add admin area

Admin users can be created via a new task

    bin/rails fasp_base:create_admin[<email>]

and then sign in at `/admin/session/new`.

They will see a list of users and can activate / deactivate them.

Deactivated users can no longer sign in.

Author: oneiros

debug_fasp/app/views/layouts/admin.html.erb

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><%= content_for(:title) || "Debug Provider" %></title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <meta name="apple-mobile-web-app-capable" content="yes">
+    <%= csrf_meta_tags %>
+    <%= csp_meta_tag %>
+
+    <%= yield :head %>
+
+    <link rel="manifest" href="/manifest.json">
+    <link rel="icon" href="/icon.png" type="image/png">
+    <link rel="icon" href="/icon.svg" type="image/svg+xml">
+    <link rel="apple-touch-icon" href="/icon.png">
+    <%= stylesheet_link_tag "tailwind", "data-turbo-track": "reload" %>
+    <%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
+    <%= javascript_importmap_tags %>
+  </head>
+
+  <body>
+    <header class="bg-blue-100">
+      <nav class="container mx-auto p-4 flex justify-between">
+        <div class="flex gap-8">
+          <p class="font-bold text-gray-600 px-2 py-1">
+            Debug Provider
+          </p>
+          <% if admin_signed_in? %>
+            <%= nav_link_to t(".users"), fasp_base.admin_users_path %>
+          <% end %>
+        </div>
+        <div class="flex gap-8">
+          <% if admin_signed_in? %>
+            <%= nav_link_to t(".sign_out"), fasp_base.admin_session_path, data: {turbo_method: :delete} %>
+          <% end %>
+        </div>
+      </nav>
+    </header>
+    <main class="container mx-auto mt-8 px-5">
+      <%= notification(notice) if notice %>
+      <%= notification(alert, type: :alert) if alert %>
+
+      <%= yield %>
+    </main>
+  </body>
+</html>

debug_fasp/db/migrate/20250508094859_create_fasp_base_admin_users.fasp_base.rb

@@ -0,0 +1,11 @@
+# This migration comes from fasp_base (originally 20250507095511)
+class CreateFaspBaseAdminUsers < ActiveRecord::Migration[8.0]
+  def change
+    create_table :fasp_base_admin_users do |t|
+      t.string :email, null: false, index: { unique: true }
+      t.string :password_digest
+
+      t.timestamps
+    end
+  end
+end

debug_fasp/db/migrate/20250508094860_add_active_to_users.fasp_base.rb

@@ -0,0 +1,6 @@
+# This migration comes from fasp_base (originally 20250507143155)
+class AddActiveToUsers < ActiveRecord::Migration[8.0]
+  def change
+    add_column :fasp_base_users, :active, :boolean, null: false, default: true
+  end
+end

debug_fasp/db/schema.rb

@@ -0,0 +1,42 @@
+module FaspBase
+  module AdminAuthentication
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :current_admin_user
+      helper_method :admin_signed_in?
+
+      before_action :require_admin_authentication
+    end
+
+    class_methods do
+      def skip_admin_authentication(**options)
+        skip_before_action :require_admin_authentication, **options
+      end
+    end
+
+    private
+
+    def current_admin_user
+      @current_admin_user ||= AdminUser.find_by(id: session[:admin_user_id])
+    end
+
+    def current_admin_user=(admin_user)
+      session[:admin_user_id] = admin_user.id
+      @current_admin_user = admin_user
+    end
+
+    def admin_signed_in?
+      current_admin_user.present?
+    end
+
+    def require_admin_authentication
+      return if admin_signed_in?
+
+      respond_to do |format|
+        format.html { redirect_to fasp_base.new_admin_session_path }
+        format.json { head status: 401 }
+      end
+    end
+  end
+end

fasp_base/app/controllers/concerns/fasp_base/admin_authentication.rb

@@ -0,0 +1,29 @@
+module FaspBase
+  class Admin::ActivationsController < Admin::BaseController
+    before_action :load_user
+
+    def create
+      @user.activate!
+
+      respond_to do |format|
+        format.html { redirect_to fasp_base.admin_users_path, notice: t(".success") }
+        format.json { head :created }
+      end
+    end
+
+    def destroy
+      @user.deactivate!
+
+      respond_to do |format|
+        format.html { redirect_to fasp_base.admin_users_path, notice: t(".success") }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+
+    def load_user
+      @user = User.find(params[:user_id])
+    end
+  end
+end

fasp_base/app/controllers/fasp_base/admin/activations_controller.rb

@@ -0,0 +1,12 @@
+module FaspBase
+  class Admin::BaseController < ActionController::Base
+    include AdminAuthentication
+
+    helper Rails.application.helpers
+    helper FaspBase::ApplicationHelper
+
+    layout "layouts/admin"
+
+    default_form_builder FaspBase::FormBuilder
+  end
+end

fasp_base/app/controllers/fasp_base/admin/base_controller.rb

@@ -0,0 +1,4 @@
+module FaspBase
+  class Admin::InvitationCodesController < Admin::BaseController
+  end
+end

fasp_base/app/controllers/fasp_base/admin/invitation_codes_controller.rb

@@ -0,0 +1,26 @@
+module FaspBase
+  class Admin::SessionsController < Admin::BaseController
+    skip_admin_authentication
+
+    def new
+    end
+
+    def create
+      if admin_user = AdminUser.authenticate_by(params.permit(:email, :password))
+        self.current_admin_user = admin_user
+
+        redirect_to fasp_base.admin_users_path
+      else
+        redirect_to fasp_base.new_admin_session_path,
+          alert: t(".failure")
+      end
+    end
+
+    def destroy
+      reset_session
+
+      redirect_to fasp_base.admin_new_session_path,
+        notice: t(".success")
+    end
+  end
+end

fasp_base/app/controllers/fasp_base/admin/sessions_controller.rb

@@ -0,0 +1,4 @@
+module FaspBase
+  class Admin::SettingsController < Admin::BaseController
+  end
+end