[FS-10] Create general customer app panel

beetlegius-jt · Jan 23, 2025 · 1ec902c · 1ec902c
1 parent 8694cd6
commit 1ec902c
Show file tree

Hide file tree

Showing 6 changed files with 94 additions and 0 deletions.
diff --git a/app/controllers/app/base_controller.rb b/app/controllers/app/base_controller.rb
@@ -0,0 +1,24 @@
+module App
+  class BaseController < ApplicationController
+    include HasCurrentAttributes
+    include ErrorHandler
+
+    before_action :authenticate_user!
+    before_action :protect
+    after_action :verify_authorized
+
+    def policy_scope(scope)
+      super([ :app, scope ])
+    end
+
+    def authorize(record, query = nil)
+      super([ :app, record ], query)
+    end
+
+    private
+
+    def protect
+      redirect_to admin_root_path unless Current.user.customer?
+    end
+  end
+end
diff --git a/app/controllers/app/customers_controller.rb b/app/controllers/app/customers_controller.rb
@@ -0,0 +1,7 @@
+module App
+  class CustomersController < BaseController
+    def show
+      @customer = authorize Current.customer
+    end
+  end
+end
diff --git a/app/policies/app/customer_policy.rb b/app/policies/app/customer_policy.rb
@@ -0,0 +1,20 @@
+module App
+  class CustomerPolicy < ApplicationPolicy
+    # NOTE: Up to Pundit v2.3.1, the inheritance was declared as
+    # `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
+    # In most cases the behavior will be identical, but if updating existing
+    # code, beware of possible changes to the ancestors:
+    # https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5
+
+    def show?
+      user&.customer == Current.customer
+    end
+
+    class Scope < ApplicationPolicy::Scope
+      # NOTE: Be explicit about which records you allow access to!
+      # def resolve
+      #   scope.all
+      # end
+    end
+  end
+end
diff --git a/app/views/app/customers/show.html.erb b/app/views/app/customers/show.html.erb
@@ -0,0 +1,4 @@
+<h2 class="pb-2 border-bottom">
+  <i class="bi bi-person-fill"></i>
+  <%= @customer.name %>
+</h2>
diff --git a/config/routes.rb b/config/routes.rb
@@ -4,6 +4,10 @@
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
 
   constraints CompanyConstraint.new do
+    namespace :app do
+      root to: "customers#show"
+    end
+
     namespace :admin do
       resources :activities
       resources :attendances, only: [ :index, :show, :new, :create, :destroy ]

diff --git a/spec/policies/app/customer_policy_spec.rb b/spec/policies/app/customer_policy_spec.rb
@@ -0,0 +1,35 @@
+require 'rails_helper'
+
+RSpec.describe App::CustomerPolicy, type: :policy do
+  let(:customer) { build(:customer) }
+
+  subject { described_class }
+
+  before { Current.customer = customer }
+
+  permissions :show? do
+    context "when the user is not logged in" do
+      let(:user) { nil }
+
+      it { is_expected.not_to permit(user, customer) }
+    end
+
+    context "when the user is an admin" do
+      let(:user) { build(:user, :admin) }
+
+      it { is_expected.not_to permit(user, customer) }
+    end
+
+    context "when the user is a company" do
+      let(:user) { build(:user, :company) }
+
+      it { is_expected.not_to permit(user, customer) }
+    end
+
+    context "when the user is a customer" do
+      let(:user) { build(:user, :customer, owner: customer) }
+
+      it { is_expected.to permit(user, customer) }
+    end
+  end
+end