diff --git a/config/application.rb b/config/application.rb index d7f26a40..57c835df 100755 --- a/config/application.rb +++ b/config/application.rb @@ -6,6 +6,7 @@ require_relative 'boot' require "rails" # Pick the frameworks you want: +require "good_job/engine" require "active_model/railtie" require "active_job/railtie" require "active_record/railtie" diff --git a/config/routes.rb b/config/routes.rb index 202af458..faf3a280 100755 --- a/config/routes.rb +++ b/config/routes.rb @@ -211,6 +211,11 @@ Rails.application.routes.draw do match '/admin/export_supporters_with_rds' => 'super_admins#export_supporters_with_rds', via: %i[get post] match '/admin/resend_user_confirmation' => 'super_admins#resend_user_confirmation', via: %i[get post] + # GoodJob dashboard + authenticate :user, ->(user) { user.super_admin? } do + mount GoodJob::Engine => 'good_job' + end + # Events match '/events' => 'events#index', via: [:get] match '/events/:event_slug' => 'events#show', via: %i[get post] diff --git a/spec/requests/good_job_protection_spec.rb b/spec/requests/good_job_protection_spec.rb new file mode 100644 index 00000000..8ab35d53 --- /dev/null +++ b/spec/requests/good_job_protection_spec.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later +# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE +require 'rails_helper' +# rubocop:disable RSpec/DescribeClass +describe 'GoodJob protection' do + let(:user) { create(:user) } + + describe 'when it is a super_admin' do + it 'shows the good job dashboard' do + user.roles.create(name: 'super_admin') + sign_in user + get('/good_job') + expect(response).to have_http_status(:success) + end + end + + describe 'when not logged in' do + it 'is redirected to log in page' do + get('/good_job') + expect(response).to have_http_status(:redirect) + end + end + + describe 'when logged in but is not super_admin' do + it 'raises RoutingError' do + sign_in user + expect { get('/good_job') }.to raise_error(ActionController::RoutingError) + end + end +end + +# rubocop:enable RSpec/DescribeClass