db/migrate/20250304101405_migrate_to_rbac_system.rb

+class MigrateToRbacSystem < ActiveRecord::Migration[8.0]
+  def up
+    # Create roles
+    shift_coordinator_role = Role.create!(name: 'shift_coordinator', description: 'Can manage session assignments and scheduling')
+    events_admin_role = Role.create!(name: 'events_admin', description: 'Can manage conferences and all sub-resources')
+
+    # Create permissions
+    manage_assignments = Permission.create!(name: 'manage_assignments', description: 'Can create and delete assignments')
+    manage_conferences = Permission.create!(name: 'manage_conferences', description: 'Can create, edit, and delete conferences')
+    manage_sessions = Permission.create!(name: 'manage_sessions', description: 'Can create, edit, and delete sessions')
+    manage_speakers = Permission.create!(name: 'manage_speakers', description: 'Can create, edit, and delete speakers')
+    manage_stages = Permission.create!(name: 'manage_stages', description: 'Can create, edit, and delete stages')
+
+    # Associate permissions with roles
+    shift_coordinator_role.permissions << manage_assignments
+
+    events_admin_role.permissions << manage_conferences
+    events_admin_role.permissions << manage_sessions
+    events_admin_role.permissions << manage_speakers
+    events_admin_role.permissions << manage_stages
+
+    # Migrate existing shift coordinators to the new role system
+    User.where(shiftcoordinator: true).find_each do |user|
+      user.roles << shift_coordinator_role
+      puts "Migrated user #{user.name} to shift_coordinator role"
+    end
+
+    # Add a column to track migration completion
+    add_column :users, :migrated_to_rbac, :boolean, default: false
+
+    # Mark all users as migrated
+    User.update_all(migrated_to_rbac: true)
+
+    # Only remove the shiftcoordinator column after we are sure all users are migrated
+    # We'll do this in a separate migration after verifying
+  end
+
+  def down
+    # Restore shift coordinator status
+    if column_exists?(:users, :shiftcoordinator) && column_exists?(:users, :migrated_to_rbac)
+      User.where(migrated_to_rbac: true).find_each do |user|
+        user.update(shiftcoordinator: user.has_role?('shift_coordinator'))
+      end
+    end
+
+    # Remove the migration tracking column if it exists
+    remove_column :users, :migrated_to_rbac if column_exists?(:users, :migrated_to_rbac)
+
+    # No need to delete roles and permissions as they will be dropped with their tables
+  end
+end

db/migrate/20250304110959_remove_shiftcoordinator_from_users.rb

+class RemoveShiftcoordinatorFromUsers < ActiveRecord::Migration[8.0]
+  def up
+    remove_column :users, :shiftcoordinator
+  end
+
+  def down
+    add_column :users, :shiftcoordinator, :boolean, default: false
+  end
+end

lib/tasks/admin.rake

+namespace :admin do
+  desc "Assign admin role to a user by email"
+  task :make_admin, [ :email ] => :environment do |t, args|
+    email = args[:email]
+
+    if email.blank?
+      puts "Error: Email is required."
+      puts "Usage: rake admin:make_admin[user@example.com]"
+      exit 1
+    end
+
+    user = User.find_by(email: email)
+
+    if user.nil?
+      puts "Error: User with email '#{email}' not found."
+      exit 1
+    end
+
+    # Get the shift_coordinator role
+    admin_role = Role.find_by(name: "shift_coordinator")
+
+    if admin_role.nil?
+      puts "Error: 'shift_coordinator' role does not exist."
+      exit 1
+    end
+
+    if user.has_role?("shift_coordinator")
+      puts "User '#{user.name}' already has the admin role."
+    else
+      user.roles << admin_role
+      puts "Successfully assigned admin role to '#{user.name}' (#{user.email})."
+    end
+  end
+
+  desc "List all admin users"
+  task list: :environment do
+    admin_role = Role.find_by(name: "shift_coordinator")
+
+    if admin_role.nil?
+      puts "Error: 'shift_coordinator' role does not exist."
+      exit 1
+    end
+
+    admins = admin_role.users
+
+    if admins.empty?
+      puts "No users with admin rights found."
+    else
+      puts "Users with admin rights:"
+      puts "-----------------------"
+      admins.each do |admin|
+        puts "#{admin.name} (#{admin.email || 'No email'})"
+      end
+    end
+  end
+
+  desc "Remove admin role from a user by email"
+  task :remove_admin, [ :email ] => :environment do |t, args|
+    email = args[:email]
+
+    if email.blank?
+      puts "Error: Email is required."
+      puts "Usage: rake admin:remove_admin[user@example.com]"
+      exit 1
+    end
+
+    user = User.find_by(email: email)
+
+    if user.nil?
+      puts "Error: User with email '#{email}' not found."
+      exit 1
+    end
+
+    # Get the shift_coordinator role
+    admin_role = Role.find_by(name: "shift_coordinator")
+
+    if admin_role.nil?
+      puts "Error: 'shift_coordinator' role does not exist."
+      exit 1
+    end
+
+    if !user.has_role?("shift_coordinator")
+      puts "User '#{user.name}' does not have the admin role."
+    else
+      user.roles.delete(admin_role)
+      puts "Successfully removed admin role from '#{user.name}' (#{user.email})."
+    end
+  end
+end

lib/tasks/events_admin.rake

+namespace :admin do
+  desc "Assign events_admin role to a user by email"
+  task :make_events_admin, [ :email ] => :environment do |t, args|
+    email = args[:email]
+
+    if email.blank?
+      puts "Error: Email is required."
+      puts "Usage: rake admin:make_events_admin[user@example.com]"
+      exit 1
+    end
+
+    user = User.find_by(email: email)
+
+    if user.nil?
+      puts "Error: User with email '#{email}' not found."
+      exit 1
+    end
+
+    # Get the events_admin role
+    admin_role = Role.find_by(name: "events_admin")
+
+    if admin_role.nil?
+      puts "Error: 'events_admin' role does not exist."
+      exit 1
+    end
+
+    if user.has_role?("events_admin")
+      puts "User '#{user.name}' already has the events_admin role."
+    else
+      user.roles << admin_role
+      puts "Successfully assigned events_admin role to '#{user.name}' (#{user.email})."
+    end
+  end
+
+  desc "List all events admin users"
+  task list_events_admins: :environment do
+    admin_role = Role.find_by(name: "events_admin")
+
+    if admin_role.nil?
+      puts "Error: 'events_admin' role does not exist."
+      exit 1
+    end
+
+    admins = admin_role.users
+
+    if admins.empty?
+      puts "No users with events_admin rights found."
+    else
+      puts "Users with events_admin rights:"
+      puts "------------------------------"
+      admins.each do |admin|
+        puts "#{admin.name} (#{admin.email || 'No email'})"
+      end
+    end
+  end
+
+  desc "Remove events_admin role from a user by email"
+  task :remove_events_admin, [ :email ] => :environment do |t, args|
+    email = args[:email]
+
+    if email.blank?
+      puts "Error: Email is required."
+      puts "Usage: rake admin:remove_events_admin[user@example.com]"
+      exit 1
+    end
+
+    user = User.find_by(email: email)
+
+    if user.nil?
+      puts "Error: User with email '#{email}' not found."
+      exit 1
+    end
+
+    # Get the events_admin role
+    admin_role = Role.find_by(name: "events_admin")
+
+    if admin_role.nil?
+      puts "Error: 'events_admin' role does not exist."
+      exit 1
+    end
+
+    if !user.has_role?("events_admin")
+      puts "User '#{user.name}' does not have the events_admin role."
+    else
+      user.roles.delete(admin_role)
+      puts "Successfully removed events_admin role from '#{user.name}' (#{user.email})."
+    end
+  end
+end

test/application_system_test_case.rb

 require "test_helper"
 
 class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
-  driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
+  driven_by :selenium, using: :chrome, screen_size: [ 1400, 1400 ]
 end

test/controllers/admin/roles_controller_test.rb

+require "test_helper"
+
+class Admin::RolesControllerTest < ActionDispatch::IntegrationTest
+  test "should get index" do
+    get admin_roles_index_url
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get admin_roles_edit_url
+    assert_response :success
+  end
+
+  test "should get update" do
+    get admin_roles_update_url
+    assert_response :success
+  end
+end