Access check

Pick a user and an application to see whether the user can access it and, if so, which group(s) grant that access.

<%= form_with url: admin_access_path, method: :get, class: "space-y-4" do |form| %>
<%= form.label :user_id, "User", class: "block text-sm font-medium text-gray-700 dark:text-gray-300" %> <%= form.select :user_id, @users.map { |u| [u.email_address, u.id] }, { include_blank: "Select a user…", selected: @user&.id }, class: "mt-1 block w-full rounded-md border-gray-300 dark:border-gray-600 dark:bg-gray-800 dark:text-gray-100 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
<%= form.label :application_id, "Application", class: "block text-sm font-medium text-gray-700 dark:text-gray-300" %> <%= form.select :application_id, @applications.map { |a| [a.name, a.id] }, { include_blank: "Select an application…", selected: @application&.id }, class: "mt-1 block w-full rounded-md border-gray-300 dark:border-gray-600 dark:bg-gray-800 dark:text-gray-100 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
<%= form.submit "Check access", class: "rounded-md bg-blue-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-blue-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-blue-600" %>
<% end %> <% if @user && @application %>
p-4">
<% if @allowed %> <% else %> <% end %>

"> <%= @user.email_address %> <%= @allowed ? "can access" : "cannot access" %> <%= @application.name %>.

<% if @allowed %>

Granted via: <% @via.each_with_index do |g, i| %> <%= link_to g.name, admin_group_path(g), class: "underline" %><%= "," unless i == @via.size - 1 %> <% end %>

<% else %>

<% reasons = [] %> <% reasons << "the application is inactive" unless @application.active? %> <% reasons << "the user is #{@user.status.humanize.downcase}" unless @user.active? %> <% if @application.active? && @user.active? %> <% if @application.allowed_groups.empty? %> <% reasons << "the application has no allowed groups (default deny)" %> <% else %> <% reasons << "the user shares no group with the application's allowed groups" %> <% end %> <% end %> Reason: <%= reasons.join("; ") %>.

<% end %>

<%= link_to "View user", admin_user_path(@user), class: "underline" %> · <%= link_to "View application", admin_application_path(@application), class: "underline" %>

<% end %>