Add simple auth to all admin-only controllers

Inheriting from AdminController gives us rudimentary authorization based
on user role (must be admin or sysadmin). See #835.

Also changes one occurrence of the deprecated `update_attributes` ->
`update`.

app/controllers/categories_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class CategoriesController < ApplicationController
-  include NotUsingPunditYet
-
+class CategoriesController < AdminController
   before_action :set_category, only: %i[show edit update destroy]
 
   def index

app/controllers/communication_logs_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class CommunicationLogsController < ApplicationController
-  include NotUsingPunditYet
-
+class CommunicationLogsController < AdminController
   before_action :set_communication_log, only: %i[show edit update destroy]
 
   def index

app/controllers/custom_form_questions_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class CustomFormQuestionsController < ApplicationController
-  include NotUsingPunditYet
-
+class CustomFormQuestionsController < AdminController
   before_action :set_custom_form_question, only: %i[show edit update destroy]
 
   def index

app/controllers/donations_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class DonationsController < ApplicationController
-  include NotUsingPunditYet
-
+class DonationsController < AdminController
   before_action :authenticate_user!, except: %i[new create]
   before_action :set_donation, only: %i[show edit update destroy]
 

app/controllers/feedbacks_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class FeedbacksController < ApplicationController
-  include NotUsingPunditYet
-
+class FeedbacksController < AdminController
   before_action :set_feedback, only: %i[show edit update destroy]
 
   def index

app/controllers/form_questions_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class FormQuestionsController < ApplicationController
-  include NotUsingPunditYet
-
+class FormQuestionsController < AdminController
   before_action :set_form_question, only: %i[show edit update destroy]
 
   def index

app/controllers/forms_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class FormsController < ApplicationController
-  include NotUsingPunditYet
-
+class FormsController < AdminController
   before_action :set_form, only: %i[show edit update destroy]
 
   def index

app/controllers/history_logs_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class HistoryLogsController < ApplicationController
-  include NotUsingPunditYet
-
+class HistoryLogsController < AdminController
   def index
     @history_logs = HistoryLog.all
   end

app/controllers/listings_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class ListingsController < ApplicationController
-  include NotUsingPunditYet
-
+class ListingsController < AdminController
   before_action :set_listing, only: %i[show edit update destroy match match_confirm]
 
   def index

app/controllers/location_types_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class LocationTypesController < ApplicationController
-  include NotUsingPunditYet
-
+class LocationTypesController < AdminController
   before_action :set_location_type, only: %i[show edit update destroy]
 
   def index

app/controllers/locations_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class LocationsController < ApplicationController
-  include NotUsingPunditYet
-
+class LocationsController < AdminController
   before_action :set_location, only: %i[show edit update destroy]
 
   def index

app/controllers/matches_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class MatchesController < ApplicationController
-  include NotUsingPunditYet
-
+class MatchesController < AdminController
   before_action :set_match, only: %i[edit update destroy]
 
   def index

app/controllers/mobility_string_translations_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class MobilityStringTranslationsController < ApplicationController
-  include NotUsingPunditYet
-
+class MobilityStringTranslationsController < AdminController
   before_action :set_mobility_string_translation, only: %i[show edit update destroy]
 
   def index

app/controllers/organizations_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class OrganizationsController < ApplicationController
-  include NotUsingPunditYet
-
+class OrganizationsController < AdminController
   before_action :set_organization, only: %i[show edit update destroy]
 
   def index

app/controllers/positions_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class PositionsController < ApplicationController
-  include NotUsingPunditYet
-
+class PositionsController < AdminController
   before_action :set_position, only: %i[show edit update destroy]
 
   def index

app/controllers/service_areas_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class ServiceAreasController < ApplicationController
-  include NotUsingPunditYet
-
+class ServiceAreasController < AdminController
   before_action :set_service_area, only: %i[show edit update destroy]
 
   def index

app/controllers/shared_accounts_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class SharedAccountsController < ApplicationController
-  include NotUsingPunditYet
-
+class SharedAccountsController < AdminController
   before_action :set_shared_account, only: %i[show edit update destroy]
 
   def index

app/controllers/shift_matches_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class ShiftMatchesController < ApplicationController
-  include NotUsingPunditYet
-
+class ShiftMatchesController < AdminController
   before_action :set_shift_match, only: %i[show edit update destroy]
 
   def index

app/controllers/shifts_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class ShiftsController < ApplicationController
-  include NotUsingPunditYet
-
+class ShiftsController < AdminController
   before_action :set_shift, only: %i[show edit update destroy]
 
   def index

app/controllers/software_feedbacks_controller.rb

@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
-class SoftwareFeedbacksController < ApplicationController
-  include NotUsingPunditYet
-
+# FIXME: What's the difference between this and FeedbacksController?
+class SoftwareFeedbacksController < AdminController
   before_action :set_software_feedback, only: %i[show edit update destroy]
 
   def index

app/controllers/submission_response_imports_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class SubmissionResponseImportsController < ApplicationController
-  include NotUsingPunditYet
-
+class SubmissionResponseImportsController < AdminController
   def new; end
 
   def create

app/controllers/submission_responses_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class SubmissionResponsesController < ApplicationController
-  include NotUsingPunditYet
-
+class SubmissionResponsesController < AdminController
   before_action :set_submission_response, only: %i[show edit update destroy]
 
   def index

app/controllers/submissions_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class SubmissionsController < ApplicationController
-  include NotUsingPunditYet
-
+class SubmissionsController < AdminController
   before_action :set_submission, only: %i[show edit update destroy]
 
   def index

app/controllers/system_locales_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class SystemLocalesController < ApplicationController
-  include NotUsingPunditYet
-
+class SystemLocalesController < AdminController
   before_action :set_system_locale, only: %i[show edit update destroy]
 
   def index

app/controllers/system_settings_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class SystemSettingsController < ApplicationController
-  include NotUsingPunditYet
-
+class SystemSettingsController < AdminController
   before_action :set_system_setting, only: %i[show edit update destroy]
   before_action :set_primary_organization, only: %i[show edit update destroy]
 

app/controllers/teams_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
-class TeamsController < ApplicationController
-  include NotUsingPunditYet
-
+class TeamsController < AdminController
   before_action :set_team, only: %i[show edit update destroy]
 
   def index

app/models/listing.rb

@@ -67,7 +67,7 @@ def status
     elsif matches_as_provider.any?
       status = matches_as_provider.map{|m| m.completed?}.any? ? 'completed' : 'matched'
     end
-    update_attributes(state: status)
+    update(state: status)
     status
   end
 

spec/requests/listings_spec.rb

@@ -13,7 +13,7 @@
     location_attributes: { zip: '12e45' },
   }}
 
-  before { sign_in create(:user) }
+  before { sign_in create(:user, :admin) }
 
   describe 'GET /index' do
     it 'renders a successful response' do