Soverein/sanasto-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

implement /setup and /admin

Browse Source
This commit is contained in:
Runar Ingebrigtsen
2026-01-23 02:52:53 +01:00
parent e4e5a1c294
commit a9c70a7883
21 changed files with 1124 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
Vendored
+1
View File
@@ -5,6 +5,7 @@
.tool-versions
.yarn-integrity
.DS_Store
.installed
/log/*
/tmp/*
/storage/*
README.md
+14
View File
@@ -51,6 +51,20 @@ When translators disagree on a translation or want to suggest alternatives (regi
---
## Setup / First User
When the file `.installed` is missing, the `/setup` route is accessible for creating the initial admin account. The first user created will be the system's default contact email (accessible via `User.first.email`).
For detailed setup instructions, see [SETUP_GUIDE.md](docs/SETUP_GUIDE.md).
**Quick Start:**
1. Deploy the application
2. Navigate to `/setup`
3. Create your admin account
4. Start inviting contributors
---
## Authentication Flow
### Public Access
app/controllers/admin/base_controller.rb
+4
View File
@@ -0,0 +1,4 @@
class Admin::BaseController < ApplicationController
before_action :require_admin
layout "admin"
end
app/controllers/admin/dashboard_controller.rb
+32
View File
@@ -0,0 +1,32 @@
class Admin::DashboardController < Admin::BaseController
def index
@user_count = User.count
@contributor_count = User.contributor.count
@reviewer_count = User.reviewer.count
@admin_count = User.admin.count
@entry_count = Entry.count
@verified_count = Entry.where(verified: true).count
@unverified_count = @entry_count - @verified_count
@pending_suggestions_count = SuggestedMeaning.pending.count
@accepted_suggestions_count = SuggestedMeaning.accepted.count
@rejected_suggestions_count = SuggestedMeaning.rejected.count
@comment_count = Comment.count
@recent_users = User.order(created_at: :desc).limit(5)
@recent_entries = Entry.order(created_at: :desc).limit(5)
@pending_invitations = User.where.not(invitation_token: nil)
.where(invitation_accepted_at: nil)
.where("invitation_sent_at > ?", 14.days.ago)
.count
@supported_languages = SupportedLanguage.where(active: true).order(:sort_order)
@language_completion = @supported_languages.index_with do |language|
next 0 if @entry_count.zero?
(Entry.where.not(language.code => [ nil, "" ]).count * 100.0 / @entry_count).round
end
end
end
app/controllers/admin/invitations_controller.rb
+49
View File
@@ -0,0 +1,49 @@
class Admin::InvitationsController < Admin::BaseController
def index
@pending_invitations = User.where.not(invitation_token: nil)
.where(invitation_accepted_at: nil)
.order(invitation_sent_at: :desc)
@accepted_invitations = User.where.not(invitation_accepted_at: nil)
.order(invitation_accepted_at: :desc)
.limit(20)
end
def new
@invitation = User.new
end
def create
@invitation = User.new(invitation_params)
@invitation.invitation_token = SecureRandom.urlsafe_base64(32)
@invitation.invitation_sent_at = Time.current
@invitation.invited_by = current_user
@invitation.password = SecureRandom.urlsafe_base64(16)
if @invitation.save
# TODO: Send invitation email
# InvitationMailer.invite(@invitation).deliver_later
redirect_to admin_invitations_path, notice: "Invitation sent to #{@invitation.email}"
else
render :new, status: :unprocessable_entity
end
end
def destroy
@invitation = User.find(params[:id])
if @invitation.invitation_accepted_at.present?
redirect_to admin_invitations_path, alert: "Cannot cancel an accepted invitation."
return
end
@invitation.destroy
redirect_to admin_invitations_path, notice: "Invitation cancelled."
end
private
def invitation_params
params.require(:user).permit(:email, :name, :role, :primary_language)
end
end
app/controllers/admin/users_controller.rb
+45
View File
@@ -0,0 +1,45 @@
class Admin::UsersController < Admin::BaseController
before_action :set_user, only: [ :edit, :update, :destroy ]
def index
@users = User.order(created_at: :desc)
@users = @users.where(role: params[:role]) if params[:role].present?
@users = @users.where("email LIKE ?", "%#{params[:q]}%") if params[:q].present?
end
def edit
end
def update
if @user.update(user_params)
redirect_to admin_users_path, notice: "User updated successfully."
else
render :edit, status: :unprocessable_entity
end
end
def destroy
if @user == current_user
redirect_to admin_users_path, alert: "You cannot delete your own account."
return
end
if @user == User.first
redirect_to admin_users_path, alert: "Cannot delete the first admin user (system default contact)."
return
end
@user.destroy
redirect_to admin_users_path, notice: "User deleted successfully."
end
private
def set_user
@user = User.find(params[:id])
end
def user_params
params.require(:user).permit(:name, :email, :role, :primary_language)
end
end
app/controllers/application_controller.rb
+52 -2
View File
@@ -1,7 +1,57 @@
class ApplicationController < ActionController::Base
# Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
allow_browser versions: :modern
# Changes to the importmap will invalidate the etag for HTML responses
stale_when_importmap_changes
helper_method :current_user, :logged_in?, :admin?, :reviewer_or_admin?, :contributor_or_above?, :setup_completed?
private
def current_user
@current_user ||= User.find_by(id: session[:user_id]) if session[:user_id]
end
def logged_in?
current_user.present?
end
def admin?
logged_in? && current_user.admin?
end
def reviewer_or_admin?
logged_in? && (current_user.reviewer? || current_user.admin?)
end
def contributor_or_above?
logged_in?
end
def require_login
unless logged_in?
redirect_to login_path, alert: "You must be logged in to access this page."
end
end
def require_admin
unless admin?
redirect_to root_path, alert: "You must be an administrator to access this page."
end
end
def require_reviewer
unless reviewer_or_admin?
redirect_to root_path, alert: "You must be a reviewer or administrator to access this page."
end
end
def require_contributor
unless contributor_or_above?
redirect_to root_path, alert: "You must be a contributor to access this page."
end
end
def setup_completed?
File.exist?(Rails.root.join(".installed"))
end
end
app/controllers/setup_controller.rb
+45
View File
@@ -0,0 +1,45 @@
class SetupController < ApplicationController
before_action :check_setup_allowed
def show
@user = User.new(role: :admin)
end
def create
@user = User.new(user_params)
@user.role = :admin
@user.invitation_accepted_at = Time.current
if @user.save
create_installed_marker
session[:user_id] = @user.id
redirect_to admin_root_path, notice: "Setup complete! Welcome to Sanasto Wiki."
else
render :show, status: :unprocessable_entity
end
end
private
def check_setup_allowed
if setup_completed?
redirect_to root_path, alert: "Setup has already been completed."
end
end
def setup_completed?
File.exist?(installed_marker_path)
end
def installed_marker_path
Rails.root.join(".installed")
end
def create_installed_marker
FileUtils.touch(installed_marker_path)
end
def user_params
params.require(:user).permit(:email, :name, :password, :password_confirmation, :primary_language)
end
end
app/models/user.rb
+1
View File
@@ -20,4 +20,5 @@ class User < ApplicationRecord
enum :role, %i[contributor reviewer admin]
validates :email, presence: true, uniqueness: true
validates :password, length: { minimum: 12 }, if: -> { password.present? }
end
app/views/admin/dashboard/index.html.erb
+204
View File
@@ -0,0 +1,204 @@
<% content_for :title, "Dashboard" %>
<div class="space-y-6">
<div>
<h2 class="text-3xl font-bold text-gray-900">Dashboard</h2>
<p class="mt-1 text-sm text-gray-600">Overview of Sanasto Wiki statistics</p>
</div>
<!-- Statistics Cards -->
<div class="grid grid-cols-1 gap-5 sm:grid-cols-2 lg:grid-cols-4">
<!-- Users -->
<div class="bg-white overflow-hidden shadow rounded-lg">
<div class="p-5">
<div class="flex items-center">
<div class="flex-shrink-0">
<svg class="h-6 w-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4.354a4 4 0 110 5.292M15 21H3v-1a6 6 0 0112 0v1zm0 0h6v-1a6 6 0 00-9-5.197M13 7a4 4 0 11-8 0 4 4 0 018 0z"></path>
</svg>
</div>
<div class="ml-5 w-0 flex-1">
<dl>
<dt class="text-sm font-medium text-gray-500 truncate">Total Users</dt>
<dd class="text-3xl font-semibold text-gray-900"><%= @user_count %></dd>
</dl>
</div>
</div>
</div>
<div class="bg-gray-50 px-5 py-3">
<div class="text-sm">
<span class="font-medium text-gray-700"><%= @admin_count %></span> admins,
<span class="font-medium text-gray-700"><%= @reviewer_count %></span> reviewers,
<span class="font-medium text-gray-700"><%= @contributor_count %></span> contributors
</div>
</div>
</div>
<!-- Entries -->
<div class="bg-white overflow-hidden shadow rounded-lg">
<div class="p-5">
<div class="flex items-center">
<div class="flex-shrink-0">
<svg class="h-6 w-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 6.253v13m0-13C10.832 5.477 9.246 5 7.5 5S4.168 5.477 3 6.253v13C4.168 18.477 5.754 18 7.5 18s3.332.477 4.5 1.253m0-13C13.168 5.477 14.754 5 16.5 5c1.747 0 3.332.477 4.5 1.253v13C19.832 18.477 18.247 18 16.5 18c-1.746 0-3.332.477-4.5 1.253"></path>
</svg>
</div>
<div class="ml-5 w-0 flex-1">
<dl>
<dt class="text-sm font-medium text-gray-500 truncate">Total Entries</dt>
<dd class="text-3xl font-semibold text-gray-900"><%= @entry_count %></dd>
</dl>
</div>
</div>
</div>
<div class="bg-gray-50 px-5 py-3">
<div class="text-sm">
<span class="font-medium text-green-700"><%= @verified_count %></span> verified,
<span class="font-medium text-amber-700"><%= @unverified_count %></span> unverified
</div>
</div>
</div>
<!-- Suggestions -->
<div class="bg-white overflow-hidden shadow rounded-lg">
<div class="p-5">
<div class="flex items-center">
<div class="flex-shrink-0">
<svg class="h-6 w-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"></path>
</svg>
</div>
<div class="ml-5 w-0 flex-1">
<dl>
<dt class="text-sm font-medium text-gray-500 truncate">Suggestions</dt>
<dd class="text-3xl font-semibold text-gray-900"><%= @pending_suggestions_count %></dd>
</dl>
</div>
</div>
</div>
<div class="bg-gray-50 px-5 py-3">
<div class="text-sm">
<span class="font-medium text-green-700"><%= @accepted_suggestions_count %></span> accepted,
<span class="font-medium text-red-700"><%= @rejected_suggestions_count %></span> rejected
</div>
</div>
</div>
<!-- Invitations -->
<div class="bg-white overflow-hidden shadow rounded-lg">
<div class="p-5">
<div class="flex items-center">
<div class="flex-shrink-0">
<svg class="h-6 w-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 8l7.89 5.26a2 2 0 002.22 0L21 8M5 19h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"></path>
</svg>
</div>
<div class="ml-5 w-0 flex-1">
<dl>
<dt class="text-sm font-medium text-gray-500 truncate">Pending Invites</dt>
<dd class="text-3xl font-semibold text-gray-900"><%= @pending_invitations %></dd>
</dl>
</div>
</div>
</div>
<div class="bg-gray-50 px-5 py-3">
<div class="text-sm">
<%= link_to "Send invitation", new_admin_invitation_path, class: "font-medium text-blue-600 hover:text-blue-500" %>
</div>
</div>
</div>
</div>
<!-- Language Completion -->
<div class="bg-white shadow rounded-lg">
<div class="px-4 py-5 sm:p-6">
<h3 class="text-lg leading-6 font-medium text-gray-900">Language Completion</h3>
<div class="mt-5">
<div class="space-y-4">
<% @supported_languages.each do |language| %>
<div>
<div class="flex items-center justify-between">
<span class="text-sm font-medium text-gray-700"><%= language.native_name %></span>
<span class="text-sm font-medium text-gray-700"><%= @language_completion[language] %>%</span>
</div>
<div class="mt-1 w-full bg-gray-200 rounded-full h-2">
<div class="bg-blue-600 h-2 rounded-full" style="width: <%= @language_completion[language] %>%"></div>
</div>
</div>
<% end %>
</div>
</div>
</div>
</div>
<!-- Recent Activity -->
<div class="grid grid-cols-1 gap-5 lg:grid-cols-2">
<!-- Recent Users -->
<div class="bg-white shadow rounded-lg">
<div class="px-4 py-5 sm:p-6">
<h3 class="text-lg leading-6 font-medium text-gray-900 mb-4">Recent Users</h3>
<div class="flow-root">
<ul class="-my-5 divide-y divide-gray-200">
<% @recent_users.each do |user| %>
<li class="py-4">
<div class="flex items-center space-x-4">
<div class="flex-1 min-w-0">
<p class="text-sm font-medium text-gray-900 truncate">
<%= user.name || user.email %>
</p>
<p class="text-sm text-gray-500 truncate">
<%= user.email %>
</p>
</div>
<div>
<span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800">
<%= user.role %>
</span>
</div>
</div>
</li>
<% end %>
</ul>
</div>
<div class="mt-6">
<%= link_to "View all users →", admin_users_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
</div>
</div>
</div>
<!-- Recent Entries -->
<div class="bg-white shadow rounded-lg">
<div class="px-4 py-5 sm:p-6">
<h3 class="text-lg leading-6 font-medium text-gray-900 mb-4">Recent Entries</h3>
<div class="flow-root">
<ul class="-my-5 divide-y divide-gray-200">
<% @recent_entries.each do |entry| %>
<li class="py-4">
<div class="flex items-center space-x-4">
<div class="flex-1 min-w-0">
<p class="text-sm font-medium text-gray-900 truncate">
<%= entry.fi || entry.en || entry.sv || "(No translation)" %>
</p>
<p class="text-sm text-gray-500 truncate">
<%= entry.category.humanize %>
</p>
</div>
<div>
<% if entry.verified? %>
<span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-green-100 text-green-800">
verified
</span>
<% end %>
</div>
</div>
</li>
<% end %>
</ul>
</div>
<div class="mt-6">
<%= link_to "View all entries →", entries_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
</div>
</div>
</div>
</div>
</div>
app/views/admin/invitations/index.html.erb
+130
View File
@@ -0,0 +1,130 @@
<% content_for :title, "Invitations" %>
<div class="space-y-6">
<div class="flex items-center justify-between">
<div>
<h2 class="text-3xl font-bold text-gray-900">Invitations</h2>
<p class="mt-1 text-sm text-gray-600">Manage user invitations</p>
</div>
<div>
<%= link_to "Send New Invitation", new_admin_invitation_path, class: "inline-flex items-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
</div>
</div>
<!-- Pending Invitations -->
<div class="bg-white shadow rounded-lg overflow-hidden">
<div class="px-4 py-5 sm:px-6 bg-gray-50 border-b border-gray-200">
<h3 class="text-lg leading-6 font-medium text-gray-900">
Pending Invitations
<span class="ml-2 px-2 py-1 text-xs font-semibold rounded-full bg-yellow-100 text-yellow-800">
<%= @pending_invitations.count %>
</span>
</h3>
</div>
<% if @pending_invitations.any? %>
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
<tr>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Email</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Role</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Sent</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Expires</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Invited By</th>
<th scope="col" class="relative px-6 py-3">
<span class="sr-only">Actions</span>
</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<% @pending_invitations.each do |invitation| %>
<tr>
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">
<%= invitation.email %>
</td>
<td class="px-6 py-4 whitespace-nowrap">
<span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full
<%= case invitation.role
when 'admin' then 'bg-purple-100 text-purple-800'
when 'reviewer' then 'bg-blue-100 text-blue-800'
else 'bg-green-100 text-green-800'
end %>">
<%= invitation.role %>
</span>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<%= invitation.invitation_sent_at.strftime("%b %d, %Y") %>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<% expires_at = invitation.invitation_sent_at + 14.days %>
<% if expires_at < Time.current %>
<span class="text-red-600 font-medium">Expired</span>
<% else %>
<%= expires_at.strftime("%b %d, %Y") %>
<% end %>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<%= invitation.invited_by&.name || invitation.invited_by&.email || "-" %>
</td>
<td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
<%= button_to "Cancel", admin_invitation_path(invitation), method: :delete, data: { turbo_confirm: "Are you sure you want to cancel this invitation?" }, class: "text-red-600 hover:text-red-900" %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% else %>
<div class="px-6 py-12 text-center">
<p class="text-gray-500">No pending invitations</p>
</div>
<% end %>
</div>
<!-- Recent Accepted Invitations -->
<div class="bg-white shadow rounded-lg overflow-hidden">
<div class="px-4 py-5 sm:px-6 bg-gray-50 border-b border-gray-200">
<h3 class="text-lg leading-6 font-medium text-gray-900">Recently Accepted</h3>
</div>
<% if @accepted_invitations.any? %>
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
<tr>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">User</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Role</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Accepted</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Invited By</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<% @accepted_invitations.each do |user| %>
<tr>
<td class="px-6 py-4 whitespace-nowrap">
<div class="text-sm font-medium text-gray-900"><%= user.name || "(No name)" %></div>
<div class="text-sm text-gray-500"><%= user.email %></div>
</td>
<td class="px-6 py-4 whitespace-nowrap">
<span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full
<%= case user.role
when 'admin' then 'bg-purple-100 text-purple-800'
when 'reviewer' then 'bg-blue-100 text-blue-800'
else 'bg-green-100 text-green-800'
end %>">
<%= user.role %>
</span>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<%= user.invitation_accepted_at.strftime("%b %d, %Y") %>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<%= user.invited_by&.name || user.invited_by&.email || "-" %>
</td>
</tr>
<% end %>
</tbody>
</table>
<% else %>
<div class="px-6 py-12 text-center">
<p class="text-gray-500">No accepted invitations yet</p>
</div>
<% end %>
</div>
</div>
app/views/admin/invitations/new.html.erb
+78
View File
@@ -0,0 +1,78 @@
<% content_for :title, "Send Invitation" %>
<div class="space-y-6">
<div>
<%= link_to "← Back to Invitations", admin_invitations_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
</div>
<div>
<h2 class="text-3xl font-bold text-gray-900">Send Invitation</h2>
<p class="mt-1 text-sm text-gray-600">Invite a new user to join Sanasto Wiki</p>
</div>
<div class="bg-white shadow rounded-lg">
<div class="px-4 py-5 sm:p-6">
<%= form_with model: @invitation, url: admin_invitations_path, class: "space-y-6" do |f| %>
<% if @invitation.errors.any? %>
<div class="rounded-md bg-red-50 p-4">
<div class="flex">
<div class="ml-3">
<h3 class="text-sm font-medium text-red-800">
<%= pluralize(@invitation.errors.count, "error") %> prohibited this invitation from being sent:
</h3>
<div class="mt-2 text-sm text-red-700">
<ul class="list-disc pl-5 space-y-1">
<% @invitation.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
</div>
</div>
</div>
<% end %>
<div>
<%= f.label :email, class: "block text-sm font-medium text-gray-700" %>
<%= f.email_field :email, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "user@example.com" %>
<p class="mt-2 text-sm text-gray-500">The user will receive an invitation email with a link to register.</p>
</div>
<div>
<%= f.label :name, "Name (optional)", class: "block text-sm font-medium text-gray-700" %>
<%= f.text_field :name, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "John Doe" %>
</div>
<div>
<%= f.label :role, class: "block text-sm font-medium text-gray-700" %>
<%= f.select :role, User.roles.keys.map { |r| [r.humanize, r] }, {}, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
<p class="mt-2 text-sm text-gray-500">
<strong>Contributor:</strong> Can create/edit entries and comments.<br>
<strong>Reviewer:</strong> Can review suggestions and verify entries.<br>
<strong>Admin:</strong> Full access to all features.
</p>
</div>
<div>
<%= f.label :primary_language, "Primary Language (optional)", class: "block text-sm font-medium text-gray-700" %>
<%= f.select :primary_language, SupportedLanguage.pluck(:code, :native_name), { include_blank: "Select language" }, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div class="bg-yellow-50 border-l-4 border-yellow-400 p-4">
<div class="flex">
<div class="ml-3">
<p class="text-sm text-yellow-700">
<strong>Note:</strong> The invitation link will expire in 14 days. The user will need to accept the invitation before the expiration date.
</p>
</div>
</div>
</div>
<div class="flex items-center justify-end space-x-4">
<%= link_to "Cancel", admin_invitations_path, class: "px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
<%= f.submit "Send Invitation", class: "inline-flex justify-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
</div>
<% end %>
</div>
</div>
</div>
app/views/admin/users/edit.html.erb
+62
View File
@@ -0,0 +1,62 @@
<% content_for :title, "Edit User" %>
<div class="space-y-6">
<div>
<%= link_to "← Back to Users", admin_users_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
</div>
<div>
<h2 class="text-3xl font-bold text-gray-900">Edit User</h2>
<p class="mt-1 text-sm text-gray-600">Update user information and permissions</p>
</div>
<div class="bg-white shadow rounded-lg">
<div class="px-4 py-5 sm:p-6">
<%= form_with model: @user, url: admin_user_path(@user), method: :patch, class: "space-y-6" do |f| %>
<% if @user.errors.any? %>
<div class="rounded-md bg-red-50 p-4">
<div class="flex">
<div class="ml-3">
<h3 class="text-sm font-medium text-red-800">
<%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:
</h3>
<div class="mt-2 text-sm text-red-700">
<ul class="list-disc pl-5 space-y-1">
<% @user.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
</div>
</div>
</div>
<% end %>
<div>
<%= f.label :name, class: "block text-sm font-medium text-gray-700" %>
<%= f.text_field :name, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div>
<%= f.label :email, class: "block text-sm font-medium text-gray-700" %>
<%= f.email_field :email, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div>
<%= f.label :role, class: "block text-sm font-medium text-gray-700" %>
<%= f.select :role, User.roles.keys.map { |r| [r.humanize, r] }, {}, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div>
<%= f.label :primary_language, class: "block text-sm font-medium text-gray-700" %>
<%= f.select :primary_language, SupportedLanguage.pluck(:code, :native_name), { include_blank: "Select language" }, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div class="flex items-center justify-end space-x-4">
<%= link_to "Cancel", admin_users_path, class: "px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
<%= f.submit "Update User", class: "inline-flex justify-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
</div>
<% end %>
</div>
</div>
</div>
app/views/admin/users/index.html.erb
+97
View File
@@ -0,0 +1,97 @@
<% content_for :title, "Users" %>
<div class="space-y-6">
<div class="flex items-center justify-between">
<div>
<h2 class="text-3xl font-bold text-gray-900">User Management</h2>
<p class="mt-1 text-sm text-gray-600">Manage user accounts and permissions</p>
</div>
<div>
<%= link_to "Send Invitation", new_admin_invitation_path, class: "inline-flex items-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
</div>
</div>
<!-- Filters -->
<div class="bg-white shadow rounded-lg p-4">
<%= form_with url: admin_users_path, method: :get, class: "flex gap-4" do |f| %>
<div class="flex-1">
<%= f.text_field :q, value: params[:q], placeholder: "Search by email...", class: "block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div>
<%= f.select :role, options_for_select([["All Roles", ""], ["Contributors", "contributor"], ["Reviewers", "reviewer"], ["Admins", "admin"]], params[:role]), {}, class: "block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div>
<%= f.submit "Filter", class: "inline-flex items-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700" %>
</div>
<% end %>
</div>
<!-- Users Table -->
<div class="bg-white shadow rounded-lg overflow-hidden">
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
<tr>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">User</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Role</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Primary Language</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Joined</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
<th scope="col" class="relative px-6 py-3">
<span class="sr-only">Actions</span>
</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<% @users.each do |user| %>
<tr>
<td class="px-6 py-4 whitespace-nowrap">
<div class="flex items-center">
<div>
<div class="text-sm font-medium text-gray-900">
<%= user.name || "(No name)" %>
</div>
<div class="text-sm text-gray-500">
<%= user.email %>
</div>
</div>
</div>
</td>
<td class="px-6 py-4 whitespace-nowrap">
<span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full
<%= case user.role
when 'admin' then 'bg-purple-100 text-purple-800'
when 'reviewer' then 'bg-blue-100 text-blue-800'
else 'bg-green-100 text-green-800'
end %>">
<%= user.role %>
</span>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<%= user.primary_language&.upcase || "-" %>
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
<%= user.invitation_accepted_at&.strftime("%b %d, %Y") || user.created_at.strftime("%b %d, %Y") %>
</td>
<td class="px-6 py-4 whitespace-nowrap">
<% if user.invitation_accepted_at.present? %>
<span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-green-100 text-green-800">
Active
</span>
<% else %>
<span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-yellow-100 text-yellow-800">
Invited
</span>
<% end %>
</td>
<td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
<%= link_to "Edit", edit_admin_user_path(user), class: "text-blue-600 hover:text-blue-900 mr-4" %>
<% if user != current_user && user != User.first %>
<%= button_to "Delete", admin_user_path(user), method: :delete, data: { turbo_confirm: "Are you sure you want to delete this user?" }, class: "text-red-600 hover:text-red-900" %>
<% end %>
</td>
</tr>
<% end %>
</tbody>
</table>
</div>
</div>
app/views/layouts/admin.html.erb
+60
View File
@@ -0,0 +1,60 @@
<!DOCTYPE html>
<html>
<head>
<title><%= content_for(:title) || "Admin Dashboard" %> - Sanasto Wiki</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<%= csrf_meta_tags %>
<%= csp_meta_tag %>
<%= stylesheet_link_tag :app, "data-turbo-track": "reload" %>
<%= javascript_importmap_tags %>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-gray-100 text-gray-900 font-sans antialiased">
<div class="min-h-screen flex flex-col">
<!-- Header -->
<header class="bg-blue-600 text-white shadow-md">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="flex items-center justify-between h-16">
<div class="flex items-center">
<h1 class="text-2xl font-bold">
<%= link_to "Sanasto Admin", admin_root_path, class: "hover:text-blue-100" %>
</h1>
</div>
<nav class="flex space-x-4">
<%= link_to "Dashboard", admin_dashboard_path, class: "px-3 py-2 rounded-md text-sm font-medium hover:bg-blue-700" %>
<%= link_to "Users", admin_users_path, class: "px-3 py-2 rounded-md text-sm font-medium hover:bg-blue-700" %>
<%= link_to "Invitations", admin_invitations_path, class: "px-3 py-2 rounded-md text-sm font-medium hover:bg-blue-700" %>
<%= link_to "Back to Site", root_path, class: "px-3 py-2 rounded-md text-sm font-medium hover:bg-blue-700" %>
</nav>
</div>
</div>
</header>
<!-- Flash messages -->
<% if flash.any? %>
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 mt-4">
<% flash.each do |type, message| %>
<div class="<%= type == 'notice' ? 'bg-green-100 border-green-400 text-green-700' : 'bg-red-100 border-red-400 text-red-700' %> px-4 py-3 rounded relative mb-4" role="alert">
<span class="block sm:inline"><%= message %></span>
</div>
<% end %>
</div>
<% end %>
<!-- Main content -->
<main class="flex-1 max-w-7xl w-full mx-auto px-4 sm:px-6 lg:px-8 py-8">
<%= yield %>
</main>
<!-- Footer -->
<footer class="bg-white border-t border-gray-200 mt-auto">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-4">
<p class="text-center text-sm text-gray-600">
Sanasto Wiki Admin Dashboard &copy; <%= Time.current.year %>
</p>
</div>
</footer>
</div>
</body>
</html>
app/views/setup/show.html.erb
+107
View File
@@ -0,0 +1,107 @@
<!DOCTYPE html>
<html>
<head>
<title>Setup - Sanasto Wiki</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<%= csrf_meta_tags %>
<%= csp_meta_tag %>
<%= stylesheet_link_tag :app, "data-turbo-track": "reload" %>
<%= javascript_importmap_tags %>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-gradient-to-br from-blue-50 to-indigo-100 min-h-screen flex items-center justify-center p-4">
<div class="w-full max-w-md mx-auto">
<!-- Setup Card -->
<div class="bg-white shadow-2xl rounded-lg overflow-hidden">
<!-- Header -->
<div class="bg-gradient-to-r from-blue-600 to-indigo-600 px-6 py-8 text-center">
<h1 class="text-3xl font-bold text-white">Sanasto Wiki</h1>
<p class="mt-2 text-blue-100">Initial Setup</p>
</div>
<!-- Form -->
<div class="px-6 py-8">
<div class="mb-6">
<h2 class="text-xl font-semibold text-gray-900">Create Admin Account</h2>
<p class="mt-2 text-sm text-gray-600">
Welcome! Let's create your administrator account to get started.
</p>
</div>
<%= form_with model: @user, url: setup_path, method: :post, class: "space-y-6" do |f| %>
<% if @user.errors.any? %>
<div class="rounded-md bg-red-50 p-4">
<div class="flex">
<div class="flex-shrink-0">
<svg class="h-5 w-5 text-red-400" fill="currentColor" viewBox="0 0 20 20">
<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd" />
</svg>
</div>
<div class="ml-3">
<h3 class="text-sm font-medium text-red-800">
<%= pluralize(@user.errors.count, "error") %> prevented setup:
</h3>
<div class="mt-2 text-sm text-red-700">
<ul class="list-disc pl-5 space-y-1">
<% @user.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
</div>
</div>
</div>
<% end %>
<div>
<%= f.label :name, class: "block text-sm font-medium text-gray-700" %>
<%= f.text_field :name, required: true, autofocus: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "Your full name" %>
</div>
<div>
<%= f.label :email, class: "block text-sm font-medium text-gray-700" %>
<%= f.email_field :email, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "admin@example.com" %>
<p class="mt-1 text-xs text-gray-500">This will be the default contact email for the system.</p>
</div>
<div>
<%= f.label :primary_language, "Preferred Language", class: "block text-sm font-medium text-gray-700" %>
<%= f.select :primary_language, SupportedLanguage.order(:sort_order).pluck(:code, :native_name), { include_blank: "Select your primary language" }, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
</div>
<div>
<%= f.label :password, class: "block text-sm font-medium text-gray-700" %>
<%= f.password_field :password, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "Minimum 12 characters" %>
<p class="mt-1 text-xs text-gray-500">Choose a strong password with at least 12 characters.</p>
</div>
<div>
<%= f.label :password_confirmation, "Confirm Password", class: "block text-sm font-medium text-gray-700" %>
<%= f.password_field :password_confirmation, required: true, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm", placeholder: "Re-enter your password" %>
</div>
<div class="bg-blue-50 border-l-4 border-blue-400 p-4">
<div class="flex">
<div class="flex-shrink-0">
<svg class="h-5 w-5 text-blue-400" fill="currentColor" viewBox="0 0 20 20">
<path fill-rule="evenodd" d="M18 10a8 8 0 11-16 0 8 8 0 0116 0zm-7-4a1 1 0 11-2 0 1 1 0 012 0zM9 9a1 1 0 000 2v3a1 1 0 001 1h1a1 1 0 100-2v-3a1 1 0 00-1-1H9z" clip-rule="evenodd" />
</svg>
</div>
<div class="ml-3">
<p class="text-sm text-blue-700">
<strong>Note:</strong> This account will have full administrator access and cannot be deleted through the UI.
</p>
</div>
</div>
</div>
<div>
<%= f.submit "Complete Setup", class: "w-full flex justify-center py-3 px-4 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-gradient-to-r from-blue-600 to-indigo-600 hover:from-blue-700 hover:to-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 transition-all duration-200" %>
</div>
<% end %>
</div>
</div>
</div>
</body>
</html>
config/routes.rb
+17
View File
@@ -12,6 +12,23 @@ Rails.application.routes.draw do
# Defines the root path route ("/")
root "entries#index"
# Setup route (only accessible when .installed file doesn't exist)
get "setup", to: "setup#show"
post "setup", to: "setup#create"
# Authentication routes (placeholder for future implementation)
# get "login", to: "sessions#new", as: :login
# post "login", to: "sessions#create"
# delete "logout", to: "sessions#destroy", as: :logout
# Admin namespace
namespace :admin do
root "dashboard#index"
get "dashboard", to: "dashboard#index"
resources :users, only: [ :index, :edit, :update, :destroy ]
resources :invitations, only: [ :index, :new, :create, :destroy ]
end
resources :entries do
collection do
get :download
docs/ADMIN.md
+34
View File
@@ -0,0 +1,34 @@
# Admin Dashboard
The admin dashboard provides tools for managing users, invitations, and viewing system statistics.
## Creating the First Admin User
Visit /setup
## Accessing the Admin Dashboard
1. **Note:** Authentication system is not yet implemented. You'll need to set `session[:user_id]` manually in the console or implement the authentication controllers first.
2. Once authenticated, navigate to `/admin` to access the dashboard.
## Admin Features
### Dashboard (`/admin`)
- View system statistics (users, entries, suggestions)
- Language completion percentages
- Recent activity (new users, new entries)
- Pending invitations count
### User Management (`/admin/users`)
- List all users with filtering
- Edit user details and roles
- Delete users (except yourself)
- View user status (active/invited)
### Invitations (`/admin/invitations`)
- Send new invitations
- View pending invitations (not yet accepted)
- Cancel pending invitations
- View recently accepted invitations
- Invitations expire after 14 days
docs/SETUP_GUIDE.md
+74
View File
@@ -0,0 +1,74 @@
# Setup Guide
## Initial Setup
When you first deploy Sanasto Wiki, you need to create an initial administrator account.
### Automatic Setup (Recommended)
1. Start the Rails server:
```bash
bundle exec rails server
```
2. Navigate to `/setup` in your browser
3. Fill in the setup form:
- **Name**: Your full name
- **Email**: Your email address (becomes the system default contact)
- **Preferred Language**: Your primary working language
- **Password**: At least 12 characters
- **Confirm Password**: Re-enter your password
4. Click "Complete Setup"
5. You'll be automatically logged in and redirected to the admin dashboard
### What Happens During Setup
- Creates your admin account with full permissions
- Sets you as the default system contact (User.first.email)
- Creates a `.installed` marker file to prevent re-running setup
- Automatically logs you in
- Protects your account from deletion (first user cannot be deleted)
### After Setup
Once setup is complete:
- The `/setup` route becomes inaccessible
- You can access the admin dashboard at `/admin`
- You can invite other users through the admin interface
- The first admin user (you) is protected from deletion
### Resetting Setup
If you need to re-run setup (e.g., in development):
```bash
# Remove the installed marker
rm .installed
# Clear the database (development only!)
bundle exec rails db:reset
# Now you can access /setup again
```
### Production Deployment
For production deployment:
1. Deploy the application
2. Run migrations: `bundle exec rails db:migrate`
3. Navigate to your domain's `/setup` route
4. Complete the setup form
5. Start inviting contributors
The `.installed` file should NOT be committed to version control (it's in .gitignore).
### Security Notes
- The setup route is only accessible when `.installed` file doesn't exist
- Password must be at least 12 characters
- The first admin user cannot be deleted through the UI
- Setup automatically creates an admin-level account
- After setup, use the invitation system to add more users
docs/TODO.md
+5 -4
View File
@@ -54,10 +54,11 @@
## User Management
- [ ] **Admin dashboard**
- [ ] Send invitations by email
- [ ] Manage users (list, edit roles, deactivate)
- [ ] System statistics (users, entries, contributions)
- [x] **Setup** adds the first user
- [x] **Admin dashboard**
- [x] Send invitations interface (email delivery pending mailer implementation)
- [x] Manage users (list, edit roles, delete)
- [x] System statistics (users, entries, contributions)
- [ ] **User profile page**
- [ ] Edit name, email, password
- [ ] Set primary language preference
test/models/user_test.rb
+13 -7
View File
@@ -2,33 +2,39 @@ require "test_helper"
class UserTest < ActiveSupport::TestCase
test "should be valid with an email and password" do
user = User.new(email: "test@example.com", password: "password")
user = User.new(email: "test@example.com", password: "password123456")
assert user.valid?
end
test "should be invalid without an email" do
user = User.new(password: "password")
user = User.new(password: "password123456")
assert_not user.valid?
end
test "should be invalid with a duplicate email" do
User.create(email: "test@example.com", password: "password")
user = User.new(email: "test@example.com", password: "password")
User.create(email: "test@example.com", password: "password123456")
user = User.new(email: "test@example.com", password: "password123456")
assert_not user.valid?
end
test "should have a default role of contributor" do
user = User.new(email: "test@example.com", password: "password")
user = User.new(email: "test@example.com", password: "password123456")
assert user.contributor?
end
test "can be a reviewer" do
user = User.new(email: "test@example.com", password: "password", role: :reviewer)
user = User.new(email: "test@example.com", password: "password123456", role: :reviewer)
assert user.reviewer?
end
test "can be an admin" do
user = User.new(email: "test@example.com", password: "password", role: :admin)
user = User.new(email: "test@example.com", password: "password123456", role: :admin)
assert user.admin?
end
test "should be invalid with a password shorter than 12 characters" do
user = User.new(email: "test@example.com", password: "short")
assert_not user.valid?
assert_includes user.errors[:password], "is too short (minimum is 12 characters)"
end
end