handle non-admin user access; tests

app/controllers/avo/application_controller.rb

@@ -12,7 +12,7 @@ class ApplicationController < BaseApplicationController
 
     def ensure_admin
       unless Current.user&.admin?
-        redirect_to root_path
+        redirect_to main_app.root_path, alert: "You are not authorized to access this page."
       end
     end
   end

app/controllers/static_controller.rb

@@ -0,0 +1,6 @@
+class StaticController < ApplicationController
+  allow_unauthenticated_access
+
+  def index
+  end
+end

app/views/layouts/application.html.erb

@@ -23,6 +23,17 @@
   </head>
 
   <body>
+    <%= link_to 'Home', root_path %>
+    <%= link_to 'Avo', Avo.configuration.root_path %>
+    <% if authenticated? %>
+      <%= Current.user.email_address %>
+      <%= button_to 'Sign out', session_path, method: :delete %>
+    <% else %>
+      <%= link_to 'Sign in', new_session_path %>
+    <% end %>
+    <%= notice %>
+    <%= alert %>
+    <hr>
     <%= yield %>
   </body>
 </html>

app/views/static/index.html.erb

@@ -0,0 +1,2 @@
+<h1>Static#index</h1>
+<p>Find me in app/views/static/index.html.erb</p>

config/routes.rb

@@ -15,5 +15,5 @@
   # get "service-worker" => "rails/pwa#service_worker", as: :pwa_service_worker
 
   # Defines the root path route ("/")
-  root "sessions#new"
+  root "static#index"
 end

test/controllers/static_controller_test.rb

@@ -0,0 +1,22 @@
+require "test_helper"
+
+class StaticControllerTest < ActionDispatch::IntegrationTest
+  test "should get index" do
+    get root_url
+    assert_response :success
+
+    get Avo.configuration.root_path
+    assert_redirected_to '/session/new'
+
+    post '/session', params: { email_address: users(:one).email_address, password: 'password' }
+    # assert_redirected_to Avo.configuration.root_path
+    get Avo.configuration.root_path
+    assert_redirected_to '/'
+    follow_redirect!
+    assert_response :success
+
+    users(:one).update(admin: true)
+    get '/avo/resources/users'
+    assert_response :success
+  end
+end