Feature: Introduce Super Admins (#705)

* Feature: Introduce Super Admins

- added new devise model for super user
- added administrate gem
- sample dashboards for users and accounts

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

app/controllers/api/v1/accounts/accounts_controller.rb

@@ -16,7 +16,8 @@ class Api::V1::Accounts::AccountsController < Api::BaseController
   def create
     @user = AccountBuilder.new(
       account_name: account_params[:account_name],
-      email: account_params[:email]
+      email: account_params[:email],
+      confirmed: confirmed?
     ).perform
     if @user
       send_auth_headers(@user)
@@ -40,6 +41,10 @@ class Api::V1::Accounts::AccountsController < Api::BaseController
     authorize(Account)
   end
 
+  def confirmed?
+    super_admin? && params[:confirmed]
+  end
+
   def fetch_account
     @account = current_user.accounts.find(params[:id])
   end

app/controllers/concerns/access_token_auth_helper.rb

@@ -4,17 +4,25 @@ module AccessTokenAuthHelper
     'api/v1/accounts/conversations/messages' => ['create']
   }.freeze
 
-  def authenticate_access_token!
+  def ensure_access_token
     token = request.headers[:api_access_token] || request.headers[:HTTP_API_ACCESS_TOKEN]
-    access_token = AccessToken.find_by(token: token)
-    render_unauthorized('Invalid Access Token') && return unless access_token
+    @access_token = AccessToken.find_by(token: token) if token.present?
+  end
 
-    token_owner = access_token.owner
-    @resource = token_owner
+  def authenticate_access_token!
+    ensure_access_token
+    render_unauthorized('Invalid Access Token') && return if @access_token.blank?
+
+    @resource = @access_token.owner
+  end
+
+  def super_admin?
+    @resource.present? && @resource.is_a?(SuperAdmin)
   end
 
   def validate_bot_access_token!
     return if current_user.is_a?(User)
+    return if super_admin?
     return if agent_bot_accessible?
 
     render_unauthorized('Access to this endpoint is not authorized for bots')

app/controllers/super_admin/access_tokens_controller.rb

@@ -0,0 +1,44 @@
+class SuperAdmin::AccessTokensController < SuperAdmin::ApplicationController
+  # Overwrite any of the RESTful controller actions to implement custom behavior
+  # For example, you may want to send an email after a foo is updated.
+  #
+  # def update
+  #   super
+  #   send_foo_updated_email(requested_resource)
+  # end
+
+  # Override this method to specify custom lookup behavior.
+  # This will be used to set the resource for the `show`, `edit`, and `update`
+  # actions.
+  #
+  # def find_resource(param)
+  #   Foo.find_by!(slug: param)
+  # end
+
+  # The result of this lookup will be available as `requested_resource`
+
+  # Override this if you have certain roles that require a subset
+  # this will be used to set the records shown on the `index` action.
+  #
+  # def scoped_resource
+  #   if current_user.super_admin?
+  #     resource_class
+  #   else
+  #     resource_class.with_less_stuff
+  #   end
+  # end
+
+  # Override `resource_params` if you want to transform the submitted
+  # data before it's persisted. For example, the following would turn all
+  # empty values into nil values. It uses other APIs such as `resource_class`
+  # and `dashboard`:
+  #
+  # def resource_params
+  #   params.require(resource_class.model_name.param_key).
+  #     permit(dashboard.permitted_attributes).
+  #     transform_values { |value| value == "" ? nil : value }
+  # end
+
+  # See https://administrate-prototype.herokuapp.com/customizing_controller_actions
+  # for more information
+end

app/controllers/super_admin/accounts_controller.rb

@@ -0,0 +1,44 @@
+class SuperAdmin::AccountsController < SuperAdmin::ApplicationController
+  # Overwrite any of the RESTful controller actions to implement custom behavior
+  # For example, you may want to send an email after a foo is updated.
+  #
+  # def update
+  #   super
+  #   send_foo_updated_email(requested_resource)
+  # end
+
+  # Override this method to specify custom lookup behavior.
+  # This will be used to set the resource for the `show`, `edit`, and `update`
+  # actions.
+  #
+  # def find_resource(param)
+  #   Foo.find_by!(slug: param)
+  # end
+
+  # The result of this lookup will be available as `requested_resource`
+
+  # Override this if you have certain roles that require a subset
+  # this will be used to set the records shown on the `index` action.
+  #
+  # def scoped_resource
+  #   if current_user.super_admin?
+  #     resource_class
+  #   else
+  #     resource_class.with_less_stuff
+  #   end
+  # end
+
+  # Override `resource_params` if you want to transform the submitted
+  # data before it's persisted. For example, the following would turn all
+  # empty values into nil values. It uses other APIs such as `resource_class`
+  # and `dashboard`:
+  #
+  # def resource_params
+  #   params.require(resource_class.model_name.param_key).
+  #     permit(dashboard.permitted_attributes).
+  #     transform_values { |value| value == "" ? nil : value }
+  # end
+
+  # See https://administrate-prototype.herokuapp.com/customizing_controller_actions
+  # for more information
+end

app/controllers/super_admin/application_controller.rb

@@ -0,0 +1,16 @@
+# All Administrate controllers inherit from this
+# `Administrate::ApplicationController`, making it the ideal place to put
+# authentication logic or other before_actions.
+#
+# If you want to add pagination or other controller-level concerns,
+# you're free to overwrite the RESTful controller actions.
+class SuperAdmin::ApplicationController < Administrate::ApplicationController
+  # authenticiation done via devise : SuperAdmin Model
+  before_action :authenticate_super_admin!
+
+  # Override this value to specify the number of elements to display at a time
+  # on index pages. Defaults to 20.
+  # def records_per_page
+  #   params[:per_page] || 20
+  # end
+end

app/controllers/super_admin/devise/sessions_controller.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class SuperAdmin::Devise::SessionsController < Devise::SessionsController
+  def new
+    self.resource = resource_class.new(sign_in_params)
+  end
+
+  def create
+    return unless valid_credentials?
+
+    sign_in(@super_admin, scope: :super_admin)
+    flash.discard
+    redirect_to super_admin_users_path
+  end
+
+  def destroy
+    sign_out
+    flash.discard
+    redirect_to '/'
+  end
+
+  private
+
+  def valid_credentials?
+    @super_admin = SuperAdmin.find_by!(email: params[:super_admin][:email])
+    @super_admin.valid_password?(params[:super_admin][:password])
+  end
+end

app/controllers/super_admin/super_admins_controller.rb

@@ -0,0 +1,44 @@
+class SuperAdmin::SuperAdminsController < SuperAdmin::ApplicationController
+  # Overwrite any of the RESTful controller actions to implement custom behavior
+  # For example, you may want to send an email after a foo is updated.
+  #
+  # def update
+  #   super
+  #   send_foo_updated_email(requested_resource)
+  # end
+
+  # Override this method to specify custom lookup behavior.
+  # This will be used to set the resource for the `show`, `edit`, and `update`
+  # actions.
+  #
+  # def find_resource(param)
+  #   Foo.find_by!(slug: param)
+  # end
+
+  # The result of this lookup will be available as `requested_resource`
+
+  # Override this if you have certain roles that require a subset
+  # this will be used to set the records shown on the `index` action.
+  #
+  # def scoped_resource
+  #   if current_user.super_admin?
+  #     resource_class
+  #   else
+  #     resource_class.with_less_stuff
+  #   end
+  # end
+
+  # Override `resource_params` if you want to transform the submitted
+  # data before it's persisted. For example, the following would turn all
+  # empty values into nil values. It uses other APIs such as `resource_class`
+  # and `dashboard`:
+  #
+  # def resource_params
+  #   params.require(resource_class.model_name.param_key).
+  #     permit(dashboard.permitted_attributes).
+  #     transform_values { |value| value == "" ? nil : value }
+  # end
+
+  # See https://administrate-prototype.herokuapp.com/customizing_controller_actions
+  # for more information
+end

app/controllers/super_admin/users_controller.rb

@@ -0,0 +1,44 @@
+class SuperAdmin::UsersController < SuperAdmin::ApplicationController
+  # Overwrite any of the RESTful controller actions to implement custom behavior
+  # For example, you may want to send an email after a foo is updated.
+  #
+  # def update
+  #   super
+  #   send_foo_updated_email(requested_resource)
+  # end
+
+  # Override this method to specify custom lookup behavior.
+  # This will be used to set the resource for the `show`, `edit`, and `update`
+  # actions.
+  #
+  # def find_resource(param)
+  #   Foo.find_by!(slug: param)
+  # end
+
+  # The result of this lookup will be available as `requested_resource`
+
+  # Override this if you have certain roles that require a subset
+  # this will be used to set the records shown on the `index` action.
+  #
+  # def scoped_resource
+  #   if current_user.super_admin?
+  #     resource_class
+  #   else
+  #     resource_class.with_less_stuff
+  #   end
+  # end
+
+  # Override `resource_params` if you want to transform the submitted
+  # data before it's persisted. For example, the following would turn all
+  # empty values into nil values. It uses other APIs such as `resource_class`
+  # and `dashboard`:
+  #
+  # def resource_params
+  #   params.require(resource_class.model_name.param_key).
+  #     permit(dashboard.permitted_attributes).
+  #     transform_values { |value| value == "" ? nil : value }
+  # end
+
+  # See https://administrate-prototype.herokuapp.com/customizing_controller_actions
+  # for more information
+end