adding more authentication, fixing category bug

app/controllers/questions_controller.rb

@@ -1,4 +1,6 @@
 class QuestionsController < ApplicationController
+  before_action :authenticate_user!, except: [:show]
+  before_action :verify_super_admin, except: [:show]
   before_action :set_school, only: [:show]
   before_action :set_question, only: [:show, :edit, :update, :destroy]
 
@@ -78,4 +80,8 @@ class QuestionsController < ApplicationController
     def question_params
       params.require(:question).permit(:text, :option1, :option2, :option3, :option4, :option5, :category_id)
     end
+
+    def verify_super_admin
+      user_signed_in? && current_user.super_admin?
+    end
 end

app/controllers/schedules_controller.rb

@@ -1,12 +1,9 @@
 class SchedulesController < ApplicationController
+  before_action :authenticate_user!, except: [:show]
   before_action :set_school
+  before_action :verify_admin
   before_action :set_schedule, only: [:show, :edit, :update, :destroy]
 
-  # GET schools/1/schedules
-  def index
-    @schedules = @school.schedules
-  end
-
   # GET schools/1/schedules/1
   def show
   end
@@ -61,4 +58,11 @@ class SchedulesController < ApplicationController
     def schedule_params
       params.require(:schedule).permit(:name, :description, :school_id, :frequency_hours, :start_date, :end_date, :active, :random, :recipient_list_id, :question_list_id)
     end
+
+    def verify_admin
+      return true if current_user.admin?(@school)
+
+      redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.'
+      return false
+    end
 end

app/models/attempt.rb

@@ -18,7 +18,7 @@ class Attempt < ApplicationRecord
   def messages
     [
       #question.text,
-      "#{question.text}\n#{question.option1}: Reply 1\n\r#{question.option2}: Reply 2\n\r#{question.option3}: Reply 3\n\r#{question.option4}: Reply 4\n\r#{question.option5}: Reply 5\n\rReply 'stop' to stop these messages."
+      "#{question.text}\n\r#{question.option1}: Reply 1\n\r#{question.option2}: Reply 2\n\r#{question.option3}: Reply 3\n\r#{question.option4}: Reply 4\n\r#{question.option5}: Reply 5\n\rReply 'stop' to stop these messages."
     ]
   end
 

app/models/category.rb

@@ -30,7 +30,7 @@ class Category < ApplicationRecord
       "resources",
       "indicators-of-academic-learning",
       "character-and-wellbeing-outcomes",
-      "family-questions"
+      "pilot-family-questions"
     ].index(root_identifier)
   end
 

app/models/recipient.rb

@@ -4,6 +4,7 @@ class Recipient < ApplicationRecord
   belongs_to :school
   validates_associated :school
 
+  has_many :recipient_schedules
   has_many :attempts
 
   validates :name, presence: true

app/views/schedules/index.html.haml

@@ -1,33 +0,0 @@
-%h1 Listing schedules
-%table
-  %tr
-    %th Name
-    %th Description
-    %th School
-    %th Frequency hours
-    %th Start date
-    %th End date
-    %th Active
-    %th Random
-    %th Recipient list
-    %th Question list
-    %th
-    %th
-    %th
-  - @schedules.each do |schedule|
-    %tr
-      %td= schedule.name
-      %td= schedule.description
-      %td= schedule.school.name
-      %td= schedule.frequency_hours
-      %td= schedule.start_date
-      %td= schedule.end_date
-      %td= schedule.active
-      %td= schedule.random
-      %td= schedule.recipient_list.name
-      %td= schedule.question_list.name
-      %td= link_to 'Show', [schedule.school, schedule]
-      %td= link_to 'Edit', edit_school_schedule_path(schedule.school, schedule)
-      %td= link_to 'Destroy', [schedule.school, schedule], :confirm => 'Are you sure?', :method => :delete
-%br/
-= link_to 'New Schedule', new_school_schedule_path(@school)

spec/controllers/questions_controller_spec.rb

@@ -23,6 +23,7 @@ RSpec.describe QuestionsController, type: :controller do
   # This should return the minimal set of attributes required to create a valid
   # Question. As you add validations to Question, be sure to
   # adjust the attributes here as well.
+  let!(:user) { User.create(email: 'test@test.com', password: '123456') }
   let (:category) { Category.create!(name: 'Category') }
   let(:valid_attributes) {
     {
@@ -45,6 +46,10 @@ RSpec.describe QuestionsController, type: :controller do
   # QuestionsController. Be sure to keep this updated too.
   let(:valid_session) { {} }
 
+  before :each do
+    sign_in user
+  end
+
   describe "GET #index" do
     it "assigns all questions as @questions" do
       question = Question.create! valid_attributes

spec/controllers/schedules_controller_spec.rb

@@ -20,6 +20,7 @@ require 'rails_helper'
 
 RSpec.describe SchedulesController, type: :controller do
 
+  let!(:user) { User.create(email: 'test@test.com', password: '123456') }
   let!(:school) { School.create!(name: 'School') }
 
   let!(:recipients) { create_recipients(school, 3) }
@@ -54,12 +55,9 @@ RSpec.describe SchedulesController, type: :controller do
   # SchedulesController. Be sure to keep this updated too.
   let(:valid_session) { {} }
 
-  describe "GET #index" do
-    it "assigns all schedules as @schedules" do
-      schedule = Schedule.create! valid_attributes
-      get :index, params: {school_id: school.id}, session: valid_session
-      expect(assigns(:schedules)).to eq([schedule])
-    end
+  before :each do
+    user.user_schools.create(school: school)
+    sign_in user
   end
 
   describe "GET #show" do

spec/models/attempt_spec.rb

@@ -93,7 +93,7 @@ RSpec.describe Attempt, type: :model do
 
     it 'should contact the Twilio API' do
       expect(FakeSMS.messages.length).to eq(1)
-      expect(FakeSMS.messages.last.body).to eq("Question 0:1\nOption 0:1 A: Reply 1\n\rOption 0:1 B: Reply 2\n\rOption 0:1 C: Reply 3\n\rOption 0:1 D: Reply 4\n\rOption 0:1 E: Reply 5\n\rReply 'stop' to stop these messages.")
+      expect(FakeSMS.messages.last.body).to eq("Question 0:1\n\rOption 0:1 A: Reply 1\n\rOption 0:1 B: Reply 2\n\rOption 0:1 C: Reply 3\n\rOption 0:1 D: Reply 4\n\rOption 0:1 E: Reply 5\n\rReply 'stop' to stop these messages.")
       expect(FakeSMS.messages.last.to).to eq('1111111111')
     end
 

spec/views/schedules/index.html.erb_spec.rb

@@ -1,46 +0,0 @@
-require 'rails_helper'
-
-RSpec.describe "schedules/index", type: :view do
-  before(:each) do
-    @question_list = QuestionList.create!(name: 'Parents Questions', question_id_array: [1, 2, 3])
-
-    @school = assign(:school, School.create!(name: 'School'))
-
-    @recipient_list = RecipientList.create!(name: 'Parents', recipient_id_array: [1, 2, 3], school: @school)
-
-    assign(:schedules, [
-      Schedule.create!(
-        :name => "Name",
-        :description => "MyText",
-        :school_id => @school.id,
-        :frequency_hours => 3,
-        :active => false,
-        :random => false,
-        :recipient_list_id => @recipient_list.id,
-        :question_list_id => @question_list.id
-      ),
-      Schedule.create!(
-        :name => "Name",
-        :description => "MyText",
-        :school_id => @school.id,
-        :frequency_hours => 3,
-        :active => false,
-        :random => true,
-        :recipient_list_id => @recipient_list.id,
-        :question_list_id => @question_list.id,
-      )
-    ])
-  end
-
-  it "renders a list of schedules" do
-    render
-    assert_select "tr>td", :text => "Name".to_s, :count => 2
-    assert_select "tr>td", :text => "MyText".to_s, :count => 2
-    assert_select "tr>td", :text => @school.name, :count => 2
-    assert_select "tr>td", :text => 3.to_s, :count => 2
-    assert_select "tr>td", :text => false.to_s, :count => 3
-    assert_select "tr>td", :text => true.to_s, :count => 1
-    assert_select "tr>td", :text => @recipient_list.name, :count => 2
-    assert_select "tr>td", :text => @question_list.name, :count => 2
-  end
-end