diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb index 4236b3c68..351a11e3e 100644 --- a/app/controllers/admin/application_controller.rb +++ b/app/controllers/admin/application_controller.rb @@ -17,7 +17,7 @@ class ApplicationController < Administrate::ApplicationController sig { void } def authenticate_admin authenticate_user! - render plain: "Not authorised", status: :forbidden unless T.must(current_user).has_role?(:admin) || T.must(current_user).has_role?(:api_editor) + render plain: "Not authorised", status: :forbidden unless T.must(current_user).can_login_to_admin? end sig { returns(T::Array[Symbol]) } diff --git a/app/models/user.rb b/app/models/user.rb index 5e14468ed..6ada9ad48 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -37,6 +37,11 @@ def send_devise_notification(notification, *args) end # rubocop:enable Style/ArgumentsForwarding + sig { returns(T::Boolean) } + def can_login_to_admin? + has_role?(:admin) || has_role?(:api_editor) + end + # This is currently used when creating users via an alert # TODO: Remove this as soon as users are purely being created by people registering sig { void } diff --git a/app/views/application/_profile_menu.html.erb b/app/views/application/_profile_menu.html.erb index c5706cc43..8fa2b8c01 100644 --- a/app/views/application/_profile_menu.html.erb +++ b/app/views/application/_profile_menu.html.erb @@ -8,9 +8,11 @@
  • <%= button_to "Sign out", destroy_user_session_path, method: :delete, class: "#{pa_link_classes(quiet: false)} cursor-pointer" %>
    • -<% if current_user.has_role?(:admin) %> +<% if current_user.can_login_to_admin? %> <% end %>