feat: create controllers with authentication and authorization

- Application controller with authentication and role-based access
- Home controller for landing page and navigation
- Users controller for profile management
- Admin controllers for dashboard and user management
- Admin imports controller for CSV functionality
- Helper modules for view assistance and utilities

Author: lucasleandro1

app/controllers/admin/dashboard_controller.rb

@@ -0,0 +1,18 @@
+class Admin::DashboardController < ApplicationController
+  before_action :ensure_admin!
+
+  def index
+    result = DashboardStatsService.call(current_user)
+
+    if result.success?
+      stats = result.data
+      @user_stats = stats[:users]
+      @import_stats = stats[:imports]
+      @activity_stats = stats[:activity]
+      @growth_stats = stats[:growth]
+      @recent_users = stats[:users][:recent]
+    else
+      redirect_to root_path, alert: result.error_messages.join(", ")
+    end
+  end
+end

app/controllers/admin/imports_controller.rb

@@ -0,0 +1,64 @@
+class Admin::ImportsController < ApplicationController
+  before_action :ensure_admin!
+  before_action :set_import, only: [ :show ]
+
+  def index
+    @imports = Import.includes(:user)
+                     .recent
+                     .page(params[:page])
+                     .per(10)
+    @pending_imports = Import.where(status: "pending").count
+    @processing_imports = Import.where(status: "processing").count
+  end
+
+  def show
+    respond_to do |format|
+      format.html
+      format.json { render json: import_json }
+    end
+  end
+
+  def create
+    @import = current_user.imports.build
+
+    if params[:file].present?
+      @import.file.attach(params[:file])
+      @import.file_name = params[:file].original_filename
+
+      if @import.save
+        # Enqueue background job to process the import
+        UserImportJob.perform_later(@import)
+
+        redirect_to admin_import_path(@import),
+                    notice: "Import started successfully. Processing will begin shortly."
+      else
+        redirect_to admin_imports_path,
+                    alert: "Import failed: #{@import.errors.full_messages.join(', ')}"
+      end
+    else
+      redirect_to admin_imports_path, alert: "Please select a file to import."
+    end
+  end
+
+  private
+
+  def set_import
+    @import = Import.find(params[:id])
+  end
+
+  def import_json
+    {
+      id: @import.id,
+      status: @import.status,
+      progress: @import.progress,
+      total_rows: @import.total_rows,
+      processed_rows: @import.processed_rows,
+      successful_rows: @import.successful_rows,
+      failed_rows: @import.failed_rows,
+      success_rate: @import.success_rate,
+      estimated_time_remaining: @import.estimated_time_remaining,
+      created_at: @import.created_at,
+      updated_at: @import.updated_at
+    }
+  end
+end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,76 @@
+class Admin::UsersController < ApplicationController
+  before_action :ensure_admin!
+  before_action :set_user, only: [ :show, :edit, :update, :destroy, :toggle_role ]
+
+  def index
+    @users = User.with_attached_avatar_image.order(:created_at)
+    @users = @users.where(role: params[:role]) if params[:role].present?
+    @users = @users.where("full_name ILIKE ? OR email ILIKE ?", "%#{params[:search]}%", "%#{params[:search]}%") if params[:search].present?
+    @users = @users.page(params[:page]).per(10)
+  end
+
+  def show
+  end
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+    @user.password = SecureRandom.hex(8) if @user.password.blank?
+
+    if @user.save
+      UserMailer.welcome_email(@user, @user.password).deliver_later if Rails.env.production?
+      redirect_to admin_user_path(@user), notice: "User was successfully created."
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def edit
+  end
+
+  def update
+    user_update_params = user_params
+    user_update_params.delete(:password) if user_update_params[:password].blank?
+
+    if @user.update(user_update_params)
+      redirect_to admin_user_path(@user), notice: "User was successfully updated."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    if @user == current_user
+      redirect_to admin_users_path, alert: "You cannot delete your own account."
+      return
+    end
+
+    @user.destroy
+    redirect_to admin_users_path, notice: "User was successfully deleted."
+  end
+
+  def toggle_role
+    new_role = @user.admin? ? "user" : "admin"
+
+    if @user == current_user && new_role == "user"
+      redirect_to admin_users_path, alert: "You cannot remove admin access from your own account."
+      return
+    end
+
+    @user.update(role: new_role)
+    redirect_to admin_users_path, notice: "User role updated to #{new_role.humanize}."
+  end
+
+  private
+
+  def set_user
+    @user = User.find(params[:id])
+  end
+
+  def user_params
+    params.require(:user).permit(:full_name, :email, :password, :password_confirmation, :role, :avatar_url, :avatar_image)
+  end
+end

app/controllers/application_controller.rb

@@ -0,0 +1,38 @@
+class ApplicationController < ActionController::Base
+  # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
+  allow_browser versions: :modern
+
+  # Devise configuration
+  before_action :authenticate_user!
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  # Redirect after sign in
+  def after_sign_in_path_for(resource)
+    if resource.admin?
+      admin_dashboard_path
+    else
+      profile_path
+    end
+  end
+
+  # Redirect after sign out
+  def after_sign_out_path_for(resource_or_scope)
+    new_user_session_path
+  end
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [ :full_name, :avatar_url ])
+    devise_parameter_sanitizer.permit(:account_update, keys: [ :full_name, :avatar_url, :avatar_image ])
+  end
+
+  # Authorization helpers
+  def ensure_admin!
+    redirect_to root_path, alert: "Access denied." unless current_user&.admin?
+  end
+
+  def ensure_user_or_admin!(user)
+    redirect_to root_path, alert: "Access denied." unless current_user == user || current_user&.admin?
+  end
+end

app/controllers/concerns/.keep

@@ -0,0 +1,13 @@
+class HomeController < ApplicationController
+  skip_before_action :authenticate_user!, only: [ :index ]
+
+  def index
+    if user_signed_in?
+      if current_user.admin?
+        redirect_to admin_dashboard_path
+      else
+        redirect_to profile_path
+      end
+    end
+  end
+end

app/controllers/home_controller.rb

@@ -0,0 +1,44 @@
+class UsersController < ApplicationController
+  before_action :set_user
+  before_action :ensure_user_or_admin!
+
+  def show
+  end
+
+  def edit
+  end
+
+  def update
+    user_update_params = user_params
+    user_update_params.delete(:password) if user_update_params[:password].blank?
+
+    if @user.update(user_update_params)
+      redirect_to profile_path, notice: "Profile was successfully updated."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    if @user == current_user
+      @user.destroy
+      redirect_to root_path, notice: "Your account has been successfully deleted."
+    else
+      redirect_to profile_path, alert: "You can only delete your own account."
+    end
+  end
+
+  private
+
+  def set_user
+    @user = current_user
+  end
+
+  def ensure_user_or_admin!
+    redirect_to root_path, alert: "Access denied." unless current_user == @user || current_user&.admin?
+  end
+
+  def user_params
+    params.require(:user).permit(:full_name, :email, :password, :password_confirmation, :avatar_url, :avatar_image)
+  end
+end

app/controllers/users_controller.rb

@@ -0,0 +1,2 @@
+module Admin::DashboardHelper
+end

app/helpers/admin/dashboard_helper.rb

@@ -0,0 +1,2 @@
+module Admin::ImportsHelper
+end

app/helpers/admin/imports_helper.rb

@@ -0,0 +1,2 @@
+module Admin::UsersHelper
+end