Merge pull request #546 from alphagov/tidy-admin

Tidy up administration area

Author: alanth

app/assets/javascripts/admin.js

@@ -1,3 +1,4 @@
 //= require jquery
 //= require jquery_ujs
+//= require auto_logout
 //= require autosubmit_selects

app/assets/javascripts/auto_logout.js

@@ -0,0 +1,44 @@
+(function ($) {
+  'use strict';
+
+  $.fn.autoLogout = function() {
+    var $html = this;
+    var $continue = $html.find('#logout-warning-continue');
+    var $logout = $html.find('#logout-warning-logout');
+    var INTERVAL = 10000;
+    var WARNING_TIME = 120;
+
+    var AutoLogout = {
+      continueClicked: function(e) {
+        $.getJSON('/admin/continue.json', AutoLogout.processContinue);
+      },
+
+      logoutClicked: function(e) {
+        window.location = '/admin/logout';
+      },
+
+      processContinue: function(data) {
+        $html.hide();
+      },
+
+      processStatus: function(data) {
+        if (data.time_remaining == 0) {
+          window.location = '/admin/logout';
+        } else if (data.time_remaining <= WARNING_TIME) {
+          $html.show();
+        } else {
+          $html.hide();
+        }
+      },
+
+      checkStatus: function() {
+        $.getJSON('/admin/status.json', AutoLogout.processStatus);
+      }
+    };
+
+    $continue.on('click', AutoLogout.continueClicked);
+    $logout.on('click', AutoLogout.logoutClicked);
+
+    window.setInterval(AutoLogout.checkStatus, INTERVAL);
+  }
+})(jQuery);

app/assets/stylesheets/petitions/admin/_logout.scss

@@ -0,0 +1,30 @@
+#logout-warning {
+  width: 100%;
+  height: 100%;
+  position: fixed;
+  top: 0;
+  left: 0;
+  background-color: rgba(0, 0, 0, 0.5);
+  display: none;
+
+  .logout-warning-modal {
+    background-color: #FFF;
+    margin: 10% auto 0;
+    width: 40%;
+    padding: 24px;
+    box-shadow: 0px 5px 20px 10px rgba(0, 0, 0, 0.3);
+  }
+
+  .logout-warning-message {
+    margin: 0 0 24px 0;
+  }
+
+  .logout-warning-actions {
+    margin: 0;
+
+    button {
+      font-size: 16px;
+      margin-bottom: 2px;
+    }
+  }
+}

app/assets/stylesheets/petitions/admin/views/_shared.scss

@@ -63,6 +63,16 @@
     margin-top: $gutter;
   }
 
+  .mandatory {
+    color: $red-50;
+    font-weight: bold;
+    font-size: 24px;
+  }
+
+  .form-label-inline {
+    display: inline-block;
+  }
+
   .button_to {
     display: inline-block;
 

app/assets/stylesheets/site-admin.scss

@@ -45,6 +45,7 @@
 @import "petitions/admin/meta";
 @import "petitions/admin/actions";
 @import "petitions/admin/list";
+@import "petitions/admin/logout";
 @import "petitions/admin/tables";
 
 // Petition admin views

app/controllers/admin/admin_controller.rb

@@ -1,12 +1,10 @@
 class Admin::AdminController < ApplicationController
-  include Authentication
+  include Authentication, FlashI18n, FlashRender
 
-  before_action :require_admin_and_check_for_password_change
   before_action :do_not_cache
 
   layout 'admin'
 
   def index
   end
-
 end

app/controllers/admin/admin_users_controller.rb

@@ -1,54 +1,58 @@
 class Admin::AdminUsersController < Admin::AdminController
   before_filter :require_sysadmin
+  before_filter :find_user, only: %i[edit update destroy]
+
+  rescue_from AdminUser::CannotDeleteCurrentUser do
+    redirect_to admin_admin_users_url, alert: :user_is_current_user
+  end
+
+  rescue_from AdminUser::MustBeAtLeastOneAdminUser do
+    redirect_to admin_admin_users_url, alert: :user_count_is_too_low
+  end
 
   def index
-    @users = AdminUser.by_name.paginate(:page => params[:page], :per_page => 50)
+    @users = AdminUser.by_name.paginate(page: params[:page], per_page: 50)
   end
 
   def new
     @user = AdminUser.new
   end
 
   def create
-    @user = AdminUser.create(admin_user_params)
+    @user = AdminUser.new(admin_user_params)
+
     if @user.save
-      flash[:notice] = "User was successfully created"
-      redirect_to admin_admin_users_url
+      redirect_to admin_admin_users_url, notice: :user_created
     else
-      render :action => 'new'
+      render :new
     end
   end
 
   def edit
-    @user = AdminUser.find(params[:id])
   end
 
   def update
-    @user = AdminUser.find(params[:id])
-    if @user.update_attributes(admin_user_params)
-      flash[:notice] = "User was successfully updated"
-      redirect_to admin_admin_users_url
+    if @user.update(admin_user_params)
+      redirect_to admin_admin_users_url, notice: :user_updated
     else
-      render :action => 'edit'
+      render :edit
     end
   end
 
   def destroy
-    @user = AdminUser.find(params[:id])
-
-    # only destroy if user is not the logged in user and there are at least 2 users
-    if @user == current_user
-      flash[:error] = "You are not allowed to delete yourself!"
-    elsif AdminUser.count < 2
-      flash[:error] = "There needs to be at least 1 admin user"
+    if @user.destroy(current_user: current_user)
+      redirect_to admin_admin_users_url, notice: :user_deleted
     else
-      @user.destroy
+      redirect_to admin_admin_users_url, alert: :user_not_deleted
     end
-    redirect_to admin_admin_users_url
   end
 
   protected
 
+  def find_user
+    @user = AdminUser.find(params[:id])
+  end
+
   def admin_user_params
     params.
       require(:admin_user).

app/controllers/admin/debate_outcomes_controller.rb

@@ -15,9 +15,9 @@ def update
     if @debate_outcome.update(debate_outcome_params)
       if send_email_to_petitioners?
         EmailDebateOutcomesJob.run_later_tonight(petition: @petition)
-        message = 'Email will be sent overnight'
+        message = :email_sent_overnight
       else
-        message = 'Updated debate outcome successfully'
+        message = :debate_outcome_updated
       end
 
       redirect_to [:admin, @petition], notice: message

app/controllers/admin/government_response_controller.rb

@@ -15,9 +15,9 @@ def update
     if @government_response.update(government_response_params)
       if send_email_to_petitioners?
         EmailThresholdResponseJob.run_later_tonight(petition: @petition)
-        message = 'Email will be sent overnight'
+        message = :email_sent_overnight
       else
-        message = 'Updated government response successfully'
+        message = :government_response_updated
       end
 
       redirect_to [:admin, @petition], notice: message

app/controllers/admin/invalidations_controller.rb

@@ -18,7 +18,7 @@ def new
 
   def create
     if @invalidation.save
-      redirect_to admin_invalidations_url, notice: "Invalidation created successfully"
+      redirect_to admin_invalidations_url, notice: :invalidation_created
     else
       respond_to do |format|
         format.html { render :new }
@@ -32,69 +32,69 @@ def edit
         format.html
       end
     else
-      redirect_to_index_url notice: "Can't edit invalidations that aren't pending"
+      redirect_to_index_url notice: :invalidation_cant_be_edited
     end
   end
 
   def update
     if @invalidation.pending?
       if @invalidation.update(invalidation_params)
-        redirect_to admin_invalidations_url, notice: "Invalidation updated successfully"
+        redirect_to admin_invalidations_url, notice: :invalidation_updated
       else
         respond_to do |format|
           format.html { render :edit }
         end
       end
     else
-      redirect_to_index_url notice: "Can't edit invalidations that aren't pending"
+      redirect_to_index_url notice: :invalidation_cant_be_edited
     end
   end
 
   def destroy
     if @invalidation.started?
-      redirect_to_index_url notice: "Can't remove invalidations that have started"
+      redirect_to_index_url notice: :invalidation_cant_be_removed
     else
       if @invalidation.destroy
-        redirect_to_index_url notice: "Invalidation removed successfully"
+        redirect_to_index_url notice: :invalidation_removed
       else
-        redirect_to_index_url alert: "Invalidation could not be removed - please contact support"
+        redirect_to_index_url alert: :invalidation_not_removed
       end
     end
   end
 
   def cancel
     if @invalidation.completed?
-      redirect_to_index_url notice: "Can't cancel invalidations that have completed"
+      redirect_to_index_url notice: :invalidation_cant_be_cancelled
     else
       if @invalidation.cancel!
-        redirect_to_index_url notice: "Invalidation cancelled successfully"
+        redirect_to_index_url notice: :invalidation_cancelled
       else
-        redirect_to_index_url alert: "Invalidation could not be cancelled - please contact support"
+        redirect_to_index_url alert: :invalidation_not_cancelled
       end
     end
   end
 
   def count
     if @invalidation.pending?
       if @invalidation.count!
-        redirect_to_index_url notice: "Counted the matching signatures for invalidation #{@invalidation.summary.inspect}"
+        redirect_to_index_url notice: [:invalidation_counted, summary: @invalidation.summary.inspect]
       else
-        redirect_to_index_url alert: "Invalidation could not be counted - please contact support"
+        redirect_to_index_url alert: :invalidation_not_counted
       end
     else
-      redirect_to_index_url notice: "Can't count invalidations that aren't pending"
+      redirect_to_index_url notice: :invalidation_cant_be_counted
     end
   end
 
   def start
     if @invalidation.pending?
       if @invalidation.start!
-        redirect_to_index_url notice: "Enqueued the invalidation #{@invalidation.summary.inspect}"
+        redirect_to_index_url notice: [:invalidation_started, summary: @invalidation.summary.inspect]
       else
-        redirect_to_index_url alert: "Invalidation could not be enqueued - please contact support"
+        redirect_to_index_url alert: :invalidation_not_started
       end
     else
-      redirect_to_index_url notice: "Can't start invalidations that aren't pending"
+      redirect_to_index_url notice: :invalidation_cant_be_started
     end
   end