adding more authentication, fixing category bug

app/controllers/questions_controller.rb

@@ -1,4 +1,6 @@
 class QuestionsController < ApplicationController
+  before_action :authenticate_user!, except: [:show]
+  before_action :verify_super_admin, except: [:show]
   before_action :set_school, only: [:show]
   before_action :set_question, only: [:show, :edit, :update, :destroy]
 
@@ -78,4 +80,8 @@ class QuestionsController < ApplicationController
     def question_params
       params.require(:question).permit(:text, :option1, :option2, :option3, :option4, :option5, :category_id)
     end
+
+    def verify_super_admin
+      user_signed_in? && current_user.super_admin?
+    end
 end

app/controllers/schedules_controller.rb

@@ -1,12 +1,9 @@
 class SchedulesController < ApplicationController
+  before_action :authenticate_user!, except: [:show]
   before_action :set_school
+  before_action :verify_admin
   before_action :set_schedule, only: [:show, :edit, :update, :destroy]
 
-  # GET schools/1/schedules
-  def index
-    @schedules = @school.schedules
-  end
-
   # GET schools/1/schedules/1
   def show
   end
@@ -61,4 +58,11 @@ class SchedulesController < ApplicationController
     def schedule_params
       params.require(:schedule).permit(:name, :description, :school_id, :frequency_hours, :start_date, :end_date, :active, :random, :recipient_list_id, :question_list_id)
     end
+
+    def verify_admin
+      return true if current_user.admin?(@school)
+
+      redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.'
+      return false
+    end
 end