clean up

app/controllers/application_controller.rb

@@ -3,7 +3,7 @@
 class ApplicationController < ActionController::Base
   before_action :authenticate_auth_user!
 
-  def check_admin
+  def render_unauthorized
     return false if helpers.admin?
 
     render 'unauthorized', status: :unauthorized

app/controllers/skills_controller.rb

@@ -3,7 +3,7 @@
 class SkillsController < CrudController
   include ExportController
 
-  before_action :check_admin, except: %i[index show unrated_by_person]
+  before_action :render_unauthorized, except: %i[index show unrated_by_person]
 
   self.permitted_attrs = %i[title radar portfolio default_set category_id]
 

app/helpers/auth_helper.rb

@@ -2,7 +2,7 @@
 
 module AuthHelper
   def session_path(_scope)
-    new_person_session_path
+    new_auth_user_session_path
   end
 
   def admin?

app/models/auth_user.rb

@@ -4,13 +4,13 @@ class AuthUser < ApplicationRecord
 
   devise :omniauthable, omniauth_providers: [:keycloak_openid]
 
-
   class << self
     def from_omniauth(auth)
-      person = where(email: auth.info.email).first_or_create do |user|
+      person = where(uid: auth.uid).first_or_create do |user|
         user.name = auth.info.name
-
+        user.email = auth.info.email
       end
+      person.last_login = Time.zone.now
       set_admin(person, auth)
     end
 

app/models/person.rb

@@ -92,33 +92,4 @@ def picture_size
 
     errors.add(:picture, 'grösse kann maximal 10MB sein')
   end
-
-  class << self
-    def from_omniauth(auth) # rubocop:disable Metrics/AbcSize
-      person = where(email: auth.info.email).first_or_create do |user|
-        user.name = auth.info.name
-        user.birthdate = DateTime.new(2020, 1, 1)
-        user.nationality = 'CH'
-        user.location = 'Schweiz'
-        user.title = 'Software Engineer'
-        user.marital_status = :single
-        user.company = Company.first
-      end
-      set_admin(person, auth)
-    end
-
-    private
-
-    def set_admin(person, auth)
-      person.is_admin = admin?(auth)
-      person.save
-      person
-    end
-
-    def admin?(auth)
-      resources = auth.extra.raw_info.resource_access[AuthConfig.client_id]
-      resources.roles.include? AuthConfig.admin_role
-    end
-
-  end
 end

app/views/layouts/application.html.haml

@@ -28,7 +28,7 @@
                 %pzsh-icon.scale-icon-08.text-gray(name="question-circle")
             %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2
               - if auth_user_signed_in?
-                =link_to "Logout", destroy_person_session_path, data: { "turbo-method": :delete}
+                =link_to "Logout", destroy_auth_user_session_path, data: { "turbo-method": :delete}
               - elsif devise_mapping.omniauthable?
                 =button_to "Login", omniauth_authorize_path(resource_name, resource_class.omniauth_providers.first), {data: { "turbo": false}, class: "btn btn-link"}
         %div

db/schema.rb

@@ -147,7 +147,6 @@
     t.string "email"
     t.integer "department_id"
     t.string "shortname"
-    t.boolean "is_admin", default: false, null: false
     t.index ["company_id"], name: "index_people_on_company_id"
   end
 

db/seeds/support/person_seeder.rb

@@ -18,7 +18,6 @@ def seed_people(names)
       person.projects.each do |project|
         seed_project_technology(project.id)
       end
-      person.is_admin = false
     end
   end
 
@@ -103,7 +102,6 @@ def seed_person(name)
       p.competence_notes = competence_notes
       p.email = Faker::Internet.email
       p.department_id = Department.all.pluck(:id).sample
-      p.is_admin = false
     end
   end