hide everything expect topics from non-admins

app/controllers/application_controller.rb

@@ -2,8 +2,4 @@ class ApplicationController < ActionController::Base
   include Authentication
   # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
   allow_browser versions: :modern
-
-  def check_admin!
-    redirect_to root_path unless Current.user.is_admin?
-  end
 end

app/controllers/concerns/authentication.rb

@@ -12,6 +12,10 @@ def allow_unauthenticated_access(**options)
     end
   end
 
+  def redirect_contributors
+    redirect_to dashboard_path unless Current.user.is_admin?
+  end
+
   private
     def authenticated?
       resume_session
@@ -35,7 +39,7 @@ def request_authentication
     end
 
     def after_authentication_url
-      session.delete(:return_to_after_authenticating) || regions_url
+      session.delete(:return_to_after_authenticating) || dashboard_url
     end
 
     def start_new_session_for(user)

app/controllers/dashboard_controller.rb

@@ -0,0 +1,2 @@
+class DashboardController < ApplicationController
+end

app/controllers/languages_controller.rb

@@ -1,4 +1,5 @@
 class LanguagesController < ApplicationController
+  before_action :redirect_contributors
   before_action :set_language, only: [ :edit, :update ]
 
   def index

app/controllers/providers_controller.rb

@@ -1,5 +1,6 @@
 class ProvidersController < ApplicationController
   before_action :set_provider, only: %i[ show edit update destroy ]
+  before_action :redirect_contributors
 
   def index
     @providers = Provider.all

app/controllers/regions_controller.rb

@@ -1,4 +1,5 @@
 class RegionsController < ApplicationController
+  before_action :redirect_contributors
   before_action :set_region, only: %i[ show edit update destroy ]
 
   # GET /regions

app/controllers/topics_controller.rb

@@ -1,6 +1,5 @@
 class TopicsController < ApplicationController
   before_action :set_topic, only: [ :show, :edit, :update, :destroy, :archive ]
-  before_action :check_admin!, only: :destroy
 
   def index
     @topics = scope.includes(:language, :provider)
@@ -32,6 +31,7 @@ def update
   end
 
   def destroy
+    redirect_to topics_path and return unless Current.user.is_admin?
     @topic.destroy
     redirect_to topics_path
   end

app/controllers/users_controller.rb

@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  before_action :redirect_contributors
   before_action :set_user, only: %i[ edit update destroy ]
 
   def index

app/views/dashboard/index.html.erb

@@ -0,0 +1,27 @@
+<% content_for :title, "Dashboard" %>
+
+<section class="section">
+  <div class="row" id="table-striped">
+    <div class="col-12 cold-md-12">
+      <div class="card">
+        <div class="card-header d-flex justify-content-between align-items-center">
+          <h2>Dashboard</h2>
+        </div>
+        <div class="card-content">
+          <div class="card-body">
+            <p class="card-text">
+              Welcome to your dashboard! Lorem ipsum dolor sit amet, <code>consectetur adipiscing</code> elit. Sed do eiusmod tempor incididunt ut
+              labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut
+              aliquip
+              ex ea commodo consequat. Duis aute irure dolor in <code>reprehenderit</code> in voluptate velit esse
+              cillum dolore eu fugiat nulla
+              pariatur. Excepteur sint <code>occaecat cupidatat</code> non proident, sunt in culpa qui officia deserunt
+              mollit anim id est
+              laborum.
+            </p>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</section>

app/views/layouts/_sidebar.html.erb

@@ -4,7 +4,7 @@
     <div class="sidebar-header position-relative">
       <div class="d-flex justify-content-between align-items-center">
         <div class="logo">
-          <%= link_to("SkillRx", root_path) %>
+          <%= link_to("SkillRx", dashboard_path) %>
         </div>
         <div class="theme-toggle d-flex gap-2  align-items-center mt-2">
           <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"
@@ -45,42 +45,44 @@
 
     <div class="sidebar-menu">
       <ul class="menu">
-        <li class="sidebar-title">Administration</li>
-
-        <li class="sidebar-item">
-          <%= link_to regions_path, class: "sidebar-link" do %>
-            <i class="bi bi-globe"></i>
-            <span>Regions</span>
-          <% end %>
-        </li>
-
-        <li class="sidebar-item">
-          <%= link_to providers_path, class: "sidebar-link" do %>
-            <i class="bi bi-hospital-fill"></i>
-            <span>Providers</span>
-          <% end %>
-        </li>
-
         <li class="sidebar-item">
           <%= link_to topics_path, class: "sidebar-link" do %>
             <i class="bi bi-tags-fill"></i>
             <span>Topics</span>
           <% end %>
         </li>
 
-        <li class="sidebar-item">
-          <%= link_to languages_path, class: "sidebar-link" do %>
-            <i class="bi bi-translate"></i>
-            <span>Languages</span>
-          <% end %>
-        </li>
+        <% if Current.user.is_admin? %>
+          <li class="sidebar-title">Administration</li>
+            <li class="sidebar-item">
+              <%= link_to regions_path, class: "sidebar-link" do %>
+                <i class="bi bi-globe"></i>
+                <span>Regions</span>
+              <% end %>
+            </li>
 
-        <li class="sidebar-item">
-          <%= link_to users_path, class: 'sidebar-link' do %>
-            <i class="bi bi-people"></i>
-            <span>Users</span>
-          <% end %>
-        </li>
+            <li class="sidebar-item">
+              <%= link_to providers_path, class: "sidebar-link" do %>
+                <i class="bi bi-hospital-fill"></i>
+                <span>Providers</span>
+              <% end %>
+            </li>
+
+            <li class="sidebar-item">
+              <%= link_to languages_path, class: "sidebar-link" do %>
+                <i class="bi bi-translate"></i>
+                <span>Languages</span>
+              <% end %>
+            </li>
+
+            <li class="sidebar-item">
+              <%= link_to users_path, class: 'sidebar-link' do %>
+                <i class="bi bi-people"></i>
+                <span>Users</span>
+              <% end %>
+            </li>
+          </li>
+        <% end %>
       </ul>
     </div>
   </div>

config/routes.rb

@@ -1,6 +1,7 @@
 Rails.application.routes.draw do
   root "home#index"
   get "home/index", as: :home
+  get "dashboard/index", as: :dashboard
   resources :languages, only: %i[index show new create edit update]
   resources :passwords, param: :token
   resources :providers

spec/requests/authorizations_spec.rb

@@ -0,0 +1,63 @@
+require "rails_helper"
+
+RSpec.describe "Authorizations", type: :request do
+  let(:user) { create(:user) }
+
+  before { sign_in(user) }
+
+  context "contributor" do
+    it "can access the Topics tab" do
+      get "/topics"
+      expect(response).to be_successful
+    end
+
+    it "cannot access the Regions tab" do
+      get "/regions"
+      expect(response).to redirect_to(dashboard_path)
+    end
+
+    it "cannot access the Providers tab" do
+      get "/providers"
+      expect(response).to redirect_to(dashboard_path)
+    end
+
+    it "cannot access the Languages tab" do
+      get "/languages"
+      expect(response).to redirect_to(dashboard_path)
+    end
+
+    it "cannot access the Users tab" do
+      get "/users"
+      expect(response).to redirect_to(dashboard_path)
+    end
+  end
+
+  context "administrator" do
+    before { user.update(is_admin: true) }
+
+    it "can access the Topics tab" do
+      get "/topics"
+      expect(response).to be_successful
+    end
+
+    it "cannot access the Regions tab" do
+      get "/regions"
+      expect(response).to be_successful
+    end
+
+    it "cannot access the Providers tab" do
+      get "/providers"
+      expect(response).to be_successful
+    end
+
+    it "cannot access the Languages tab" do
+      get "/languages"
+      expect(response).to be_successful
+    end
+
+    it "cannot access the Users tab" do
+      get "/users"
+      expect(response).to be_successful
+    end
+  end
+end

spec/requests/dashboard_spec.rb

@@ -0,0 +1,14 @@
+require "rails_helper"
+
+RSpec.describe "Dashboards", type: :request do
+  describe "GET /dashboard/index" do
+    let(:user) { create(:user) }
+
+    before { sign_in(user) }
+
+    it "displays the dashboard" do
+      get "/dashboard/index"
+      expect(page).to have_text("Welcome to your dashboard")
+    end
+  end
+end

spec/requests/languages/create_spec.rb

@@ -2,7 +2,7 @@
 
 describe "Languages", type: :request do
   describe "POST /languages" do
-    let(:user) { create(:user) }
+    let(:user) { create(:user, :admin) }
     let(:language_params) { { name: "french", file_share_folder: "languages/french" } }
 
     before { sign_in(user) }

spec/requests/languages/index_spec.rb

@@ -2,7 +2,7 @@
 
 describe "Languages", type: :request do
   describe "GET /languages" do
-    let(:user) { create(:user) }
+    let(:user) { create(:user, :admin) }
 
     before { sign_in(user) }
 

spec/requests/languages/update_spec.rb

@@ -2,7 +2,7 @@
 
 describe "Languages", type: :request do
   describe "PUT /languages" do
-    let(:user) { create(:user) }
+    let(:user) { create(:user, :admin) }
 
     before { sign_in(user) }
 

spec/requests/providers_spec.rb

@@ -1,7 +1,7 @@
 require "rails_helper"
 
 RSpec.describe "/providers", type: :request do
-  let(:user) { create(:user) }
+  let(:user) { create(:user, :admin) }
 
   before do
     sign_in(user)

spec/requests/regions_spec.rb

@@ -13,7 +13,7 @@
 # sticking to rails and rspec-rails APIs to keep things simple and stable.
 
 RSpec.describe "/regions", type: :request do
-  let(:user) { create(:user) }
+  let(:user) { create(:user, :admin) }
 
   before do
     sign_in(user)

spec/requests/topics/destroy_spec.rb

@@ -14,13 +14,13 @@
       expect(Topic.count).to be_zero
     end
 
-    context "when user is not ad admin" do
+    context "when user is not an admin" do
       let(:user) { create(:user) }
 
       it "does not delete a Topic" do
         delete topic_url(topic)
 
-        expect(response).to redirect_to(root_url)
+        expect(response).to redirect_to(topics_url)
         expect(Topic.count).to eq(1)
       end
     end

spec/requests/users_spec.rb

@@ -1,12 +1,12 @@
 require "rails_helper"
 
 RSpec.describe "/users", type: :request do
-  let(:user) { create(:user) }
+  let(:admin) { create(:user, :admin) }
   let(:valid_attributes) { { email: "[email protected]", password: "123" } }
   let(:invalid_attributes) { { email: "" } }
 
   before do
-    sign_in(user)
+    sign_in(admin)
   end
 
   describe "GET /index" do