add sessions for admin access

2026-01-23 03:20:25 +01:00
parent da96d357a5
commit 1516b51b98
6 changed files with 126 additions and 14 deletions
@@ -34,7 +34,12 @@ class ApplicationController < ActionController::Base
  end

  def require_admin
-    unless admin?
+    unless logged_in?
+      redirect_to login_path, alert: "You must be logged in to access this page."
+      return
+    end
+
+    unless current_user.admin?
      redirect_to root_path, alert: "You must be an administrator to access this page."
    end
  end
@@ -0,0 +1,32 @@
+class SessionsController < ApplicationController
+  def new
+    # Redirect to admin if already logged in
+    if logged_in?
+      redirect_to admin? ? admin_root_path : root_path
+    end
+  end
+
+  def create
+    user = User.find_by(email: params[:email]&.downcase&.strip)
+
+    if user&.authenticate(params[:password])
+      # Check if user has accepted invitation
+      unless user.invitation_accepted_at.present?
+        flash.now[:alert] = "Your account is pending. Please use your invitation link to complete registration."
+        render :new, status: :unprocessable_entity
+        return
+      end
+
+      session[:user_id] = user.id
+      redirect_to admin? ? admin_root_path : root_path, notice: "Welcome back, #{user.name}!"
+    else
+      flash.now[:alert] = "Invalid email or password."
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    session[:user_id] = nil
+    redirect_to root_path, notice: "You have been logged out."
+  end
+end
@@ -23,7 +23,7 @@

  <div class="flex-1 flex flex-col">
    <section class="bg-white border-b border-slate-200">
-      <div class="max-w-7xl mx-auto px-4 pb-6 space-y-4">
+      <div class="max-w-7xl mx-auto px-4 pb-1 space-y-4">
        <%= form_with url: entries_path,
          method: :get,
          data: { turbo_stream: true } do |form| %>
@@ -25,7 +25,7 @@
              <%= link_to "Users", admin_users_path, class: "text-sm font-medium text-slate-600 hover:text-indigo-600 transition" %>
              <%= link_to "Invitations", admin_invitations_path, class: "text-sm font-medium text-slate-600 hover:text-indigo-600 transition" %>
              <%= link_to "Back to Site", root_path, class: "text-sm font-medium text-slate-600 hover:text-indigo-600 transition" %>
-              <%= button_to "Log Out", logout_path, method: :delete, class: "bg-indigo-600 text-white px-4 py-2 rounded-lg text-sm font-semibold hover:bg-indigo-700 transition" %>
+              <%= button_to "Log Out", logout_path, method: :delete, form: { data: { turbo: false }, style: "display: inline-block;" }, class: "bg-indigo-600 text-white px-4 py-2 rounded-lg text-sm font-semibold hover:bg-indigo-700 transition cursor-pointer" %>
            </nav>
          </div>
        </div>
@@ -0,0 +1,66 @@
+<% content_for :title, "Sign In" %>
+
+<div class="min-h-screen flex flex-col">
+  <header class="bg-white border-b border-slate-200">
+    <div class="max-w-7xl mx-auto px-4">
+      <div class="h-16 flex items-center">
+        <%= link_to root_path, class: "flex items-center gap-2" do %>
+          <span class="text-xl font-bold tracking-tight text-indigo-600">Sanasto</span>
+          <span class="text-xl font-light text-slate-400">Wiki</span>
+        <% end %>
+      </div>
+    </div>
+  </header>
+
+  <div class="flex-1 flex items-center justify-center px-4 py-12 bg-slate-50">
+    <div class="w-full max-w-md">
+      <div class="bg-white rounded-2xl shadow-sm border border-slate-200 p-8">
+        <div class="mb-8">
+          <h1 class="text-2xl font-bold text-slate-900 mb-2">Sign in</h1>
+          <p class="text-sm text-slate-600">Enter your credentials to continue</p>
+        </div>
+
+        <% if flash[:alert] %>
+          <div class="bg-red-50 border border-red-200 text-red-700 px-4 py-3 rounded-lg mb-6" role="alert">
+            <%= flash[:alert] %>
+          </div>
+        <% end %>
+
+        <%= form_with url: login_path, method: :post, local: true, class: "space-y-5" do |form| %>
+          <div>
+            <%= form.label :email, "Email", class: "block text-sm font-medium text-slate-700 mb-2" %>
+            <%= form.email_field :email,
+                                 autofocus: true,
+                                 autocomplete: "email",
+                                 required: true,
+                                 placeholder: "you@example.com",
+                                 class: "block w-full px-4 py-3 bg-white border border-slate-200 rounded-lg shadow-sm focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 transition" %>
+          </div>
+
+          <div>
+            <%= form.label :password, "Password", class: "block text-sm font-medium text-slate-700 mb-2" %>
+            <%= form.password_field :password,
+                                    autocomplete: "current-password",
+                                    required: true,
+                                    placeholder: "••••••••••••",
+                                    class: "block w-full px-4 py-3 bg-white border border-slate-200 rounded-lg shadow-sm focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 transition" %>
+          </div>
+
+          <div class="pt-2">
+            <%= form.submit "Sign In",
+                           class: "w-full bg-indigo-600 text-white px-4 py-3 rounded-lg text-sm font-semibold hover:bg-indigo-700 transition cursor-pointer" %>
+          </div>
+        <% end %>
+
+        <div class="mt-6 text-center">
+          <%= link_to root_path, class: "text-sm text-slate-600 hover:text-indigo-600 transition inline-flex items-center gap-1" do %>
+            <svg class="h-4 w-4" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 19l-7-7m0 0l7-7m-7 7h18" />
+            </svg>
+            Back to Wiki
+          <% end %>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>