Modify admin layout to only manage tenants and admins

We only want to render the account link and login items in the header.
And we want only render the Multitenancy and Administrators sections in
the admin sidebar.

We include the administrators management so it's possible to give
permissions to other users to manage tenants.

In order to restrict access to other sections by typing the URL or
following a link, we're only enabling the rest of the routes when we
aren't in the multitenancy management mode.

app/assets/stylesheets/admin/menu.scss

@@ -109,6 +109,14 @@
     &.ml-link {
       @include icon(brain, solid);
     }
+
+    &.administrators-link {
+      @include icon(user, solid);
+    }
+
+    &.tenants-link {
+      @include icon(building, regular);
+    }
   }
 
   li {

app/components/admin/menu_component.rb

@@ -3,6 +3,16 @@ class Admin::MenuComponent < ApplicationComponent
   use_helpers :can?
 
   def links
+    if Rails.application.multitenancy_management_mode?
+      multitenancy_management_links
+    else
+      default_links
+    end
+  end
+
+  private
+
+    def default_links
       [
         (proposals_link if feature?(:proposals)),
         (debates_link if feature?(:debates)),
@@ -23,7 +33,9 @@ class Admin::MenuComponent < ApplicationComponent
       ]
     end
 
-  private
+    def multitenancy_management_links
+      [tenants_link, administrators_link]
+    end
 
     def moderated_content?
       moderated_sections.include?(controller_name) && controller.class.module_parent != Admin::Legislation
@@ -395,7 +407,8 @@ class Admin::MenuComponent < ApplicationComponent
       [
         t("admin.menu.administrators"),
         admin_administrators_path,
-        controller_name == "administrators"
+        controller_name == "administrators",
+        class: "administrators-link"
       ]
     end
 
@@ -482,7 +495,8 @@ class Admin::MenuComponent < ApplicationComponent
         [
           t("admin.menu.multitenancy"),
           admin_tenants_path,
-          controller_name == "tenants"
+          controller_name == "tenants",
+          class: "tenants-link"
         ]
       end
     end

app/components/layout/admin_header_component.html.erb

@@ -2,9 +2,11 @@
   <div class="top-links">
     <%= render Layout::LocaleSwitcherComponent.new %>
 
+    <% if show_link_to_root_path? %>
       <%= link_to root_path do %>
         <%= t("admin.dashboard.index.back", org: setting["org_name"]) %>
       <% end %>
+    <% end %>
   </div>
 
   <div class="top-bar">

app/components/layout/admin_header_component.rb

@@ -29,4 +29,8 @@ class Layout::AdminHeaderComponent < ApplicationComponent
     def show_account_menu?
       show_admin_menu?(user) || namespace != "management"
     end
+
+    def show_link_to_root_path?
+      !Rails.application.multitenancy_management_mode?
+    end
 end

app/components/layout/admin_login_items_component.rb

@@ -7,7 +7,7 @@ class Layout::AdminLoginItemsComponent < ApplicationComponent
   end
 
   def render?
-    show_admin_menu?(user)
+    show_admin_menu?(user) && !Rails.application.multitenancy_management_mode?
   end
 
   private

app/components/layout/footer_component.rb

@@ -1,6 +1,10 @@
 class Layout::FooterComponent < ApplicationComponent
   use_helpers :content_block
 
+  def render?
+    !Rails.application.multitenancy_management_mode?
+  end
+
   def footer_legal_content_block
     content_block("footer_legal")
   end

app/components/layout/login_items_component.html.erb

@@ -1,4 +1,5 @@
 <% if user %>
+  <% if show_my_activity_link? %>
     <li>
       <%= layout_menu_link_to t("layouts.header.my_activity_link"),
                               user_path(user),
@@ -7,6 +8,7 @@
                               title: t("shared.go_to_page") +
                                      t("layouts.header.my_activity_link") %>
     </li>
+  <% end %>
   <li>
     <%= layout_menu_link_to t("layouts.header.my_account_link"),
                             account_path,

app/components/layout/login_items_component.rb

@@ -5,4 +5,10 @@ class Layout::LoginItemsComponent < ApplicationComponent
   def initialize(user)
     @user = user
   end
+
+  private
+
+    def show_my_activity_link?
+      !Rails.application.multitenancy_management_mode?
+    end
 end

app/components/layout/notification_item_component.rb

@@ -6,7 +6,7 @@ class Layout::NotificationItemComponent < ApplicationComponent
   end
 
   def render?
-    user.present?
+    user.present? && !Rails.application.multitenancy_management_mode?
   end
 
   private

app/components/layout/subnavigation_component.rb

@@ -1,3 +1,7 @@
 class Layout::SubnavigationComponent < ApplicationComponent
   use_helpers :content_block, :layout_menu_link_to
+
+  def render?
+    !Rails.application.multitenancy_management_mode?
+  end
 end

app/controllers/users/sessions_controller.rb

@@ -7,7 +7,9 @@ class Users::SessionsController < Devise::SessionsController
   private
 
     def after_sign_in_path_for(resource)
-      if !verifying_via_email? && resource.show_welcome_screen?
+      if Rails.application.multitenancy_management_mode? && !resource.administrator?
+        account_path
+      elsif !verifying_via_email? && resource.show_welcome_screen?
         welcome_path
       else
         super

config/application.rb

@@ -161,6 +161,10 @@ module Consul
     config.multitenancy = Rails.application.secrets.multitenancy
     # Set to true if you want that the default tenant only to be used to manage other tenants
     config.multitenancy_management_mode = Rails.application.secrets.multitenancy_management_mode
+
+    def multitenancy_management_mode?
+      config.multitenancy && Tenant.default? && config.multitenancy_management_mode
+    end
   end
 end
 

config/routes.rb

@@ -6,11 +6,13 @@ Rails.application.routes.draw do
 
   draw :account
   draw :admin
+  draw :devise
+
+  constraints lambda { |request| !Rails.application.multitenancy_management_mode? } do
     draw :budget
     draw :comment
     draw :community
     draw :debate
-  draw :devise
     draw :direct_upload
     draw :document
     draw :graphql
@@ -46,6 +48,7 @@ Rails.application.routes.draw do
 
     # Static pages
     resources :pages, path: "/", only: [:show]
+  end
 
   resolve "Budget::Investment" do |investment, options|
     [investment.budget, :investment, options.merge(id: investment)]

config/routes/admin.rb

@@ -1,5 +1,18 @@
 namespace :admin do
   root to: "dashboard#index"
+
+  resources :administrators, only: [:index, :create, :destroy, :edit, :update] do
+    get :search, on: :collection
+  end
+
+  resources :tenants, except: [:show, :destroy] do
+    member do
+      put :hide
+      put :restore
+    end
+  end
+
+  constraints lambda { |request| !Rails.application.multitenancy_management_mode? } do
     resources :organizations, only: :index do
       get :search, on: :collection
       member do
@@ -147,10 +160,6 @@ namespace :admin do
       resources :managers, only: [:index, :create, :destroy]
     end
 
-  resources :administrators, only: [:index, :create, :destroy, :edit, :update] do
-    get :search, on: :collection
-  end
-
     resources :users, only: [:index, :show]
 
     scope module: :poll do
@@ -295,12 +304,6 @@ namespace :admin do
       post :execute, on: :collection
       delete :cancel, on: :collection
     end
-
-  resources :tenants, except: [:show, :destroy] do
-    member do
-      put :hide
-      put :restore
-    end
   end
 end
 

config/routes/custom.rb

@@ -26,3 +26,12 @@
 # over the default routes. So, if you define a route for `/proposals`,
 # the default action for `/proposals` will not be used and the one you
 # define will be used instead.
+
+constraints lambda { |request| !Rails.application.multitenancy_management_mode? } do
+  # The routes defined within this block will not be accessible if multitenancy
+  # management mode is enabled. If you need these routes to be accessible when
+  # using multitenancy management mode, you should define them outside of this block.
+  #
+  # If multitenancy management mode is not being used, routes can be included within
+  # this block and will still be accessible.
+end

spec/components/admin/menu_component_spec.rb

@@ -1,6 +1,6 @@
 require "rails_helper"
 
-describe Admin::MenuComponent, controller: Admin::NewslettersController do
+describe Admin::MenuComponent, :admin, controller: Admin::NewslettersController do
   it "disables all buttons when JavaScript isn't available" do
     render_inline Admin::MenuComponent.new
 
@@ -20,6 +20,17 @@ describe Admin::MenuComponent, controller: Admin::NewslettersController do
     expect(page).to have_css "button[aria-expanded='false']", exact_text: "Settings"
   end
 
+  it "only renders the multitenancy and administrators sections in multitenancy management mode" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+
+    render_inline Admin::MenuComponent.new
+
+    expect(page).to have_css "#admin_menu"
+    expect(page).to have_link "Multitenancy"
+    expect(page).to have_link "Administrators"
+    expect(page).to have_link count: 2
+  end
+
   describe "#polls_link" do
     it "is marked as current when managing poll options",
        controller: Admin::Poll::Questions::OptionsController do

spec/components/layout/admin_header_component_spec.rb

@@ -35,4 +35,13 @@ describe Layout::AdminHeaderComponent do
       expect(page).not_to have_css "[data-toggle]"
     end
   end
+
+  it "does not show link to root path when multitenancy_management_mode is enabled" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+    create(:administrator, user: user)
+
+    render_inline Layout::AdminHeaderComponent.new(user)
+
+    expect(page).not_to have_link "Go back to CONSUL"
+  end
 end

spec/components/layout/admin_login_items_component_spec.rb

@@ -15,6 +15,15 @@ describe Layout::AdminLoginItemsComponent do
     expect(page).not_to be_rendered
   end
 
+  it "is not rendered when multitenancy_management_mode is enabled" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+    user = create(:administrator).user
+
+    render_inline Layout::AdminLoginItemsComponent.new(user)
+
+    expect(page).not_to be_rendered
+  end
+
   it "shows access to all places except officing to administrators" do
     user = create(:administrator).user
 

spec/components/layout/footer_component_spec.rb

@@ -13,4 +13,11 @@ describe Layout::FooterComponent do
       end
     end
   end
+
+  it "is not rendered when multitenancy_management_mode is enabled" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+    render_inline Layout::FooterComponent.new
+
+    expect(page).not_to be_rendered
+  end
 end

spec/components/layout/login_items_component_spec.rb

@@ -0,0 +1,11 @@
+require "rails_helper"
+
+describe Layout::LoginItemsComponent do
+  it "does not show the my activity link when multitenancy_management_mode is enabled" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+
+    render_inline Layout::LoginItemsComponent.new(create(:user))
+
+    expect(page).not_to have_content "My content"
+  end
+end

spec/components/layout/notification_item_component_spec.rb

@@ -12,4 +12,11 @@ describe Layout::NotificationItemComponent do
 
     expect(page).to be_rendered
   end
+
+  it "is not rendered when multitenancy_management_mode is enabled" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+    render_inline Layout::NotificationItemComponent.new(create(:user))
+
+    expect(page).not_to be_rendered
+  end
 end

spec/components/layout/subnavigation_component_spec.rb

@@ -0,0 +1,10 @@
+require "rails_helper"
+
+describe Layout::SubnavigationComponent do
+  it "is not rendered when multitenancy_management_mode is enabled" do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+    render_inline Layout::SubnavigationComponent.new
+
+    expect(page).not_to be_rendered
+  end
+end

spec/controllers/users/sessions_controller_spec.rb

@@ -69,4 +69,22 @@ describe Users::SessionsController do
       end
     end
   end
+
+  describe "after_sign_in_path_for" do
+    it "redirects to account path when multitenancy_management_mode is enabled and user is not an admin" do
+      allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+
+      post :create, params: { user: { login: "citizen@consul.org", password: "12345678" }}
+
+      expect(response).to redirect_to account_path
+    end
+
+    it "redirects to welcome path when multitenancy_management_mode is disabled" do
+      allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(false)
+
+      post :create, params: { user: { login: "citizen@consul.org", password: "12345678" }}
+
+      expect(response).to redirect_to welcome_path
+    end
+  end
 end

spec/system/multitenancy_management_mode_spec.rb

@@ -0,0 +1,28 @@
+require "rails_helper"
+
+describe "Multitenancy management mode", :admin do
+  before do
+    allow(Rails.application.config).to receive(:multitenancy_management_mode).and_return(true)
+    Setting["org_name"] = "CONSUL"
+  end
+
+  scenario "renders expected content for multitenancy manage mode in admin section" do
+    visit admin_root_path
+
+    within ".top-links" do
+      expect(page).not_to have_content "Go back to CONSUL"
+    end
+
+    within ".top-bar" do
+      expect(page).to have_css "li", count: 2
+      expect(page).to have_content "My account"
+      expect(page).to have_content "Sign out"
+    end
+
+    within "#admin_menu" do
+      expect(page).to have_content "Multitenancy"
+      expect(page).to have_content "Administrators"
+      expect(page).to have_css "li", count: 2
+    end
+  end
+end