[95] Disable self-signup, add roles and user management system

[krissy]

Addresses issue: #95

Progress: 100%

:eyes: Reviewers: Please see "What This Could Have" section below for things that are known to need improvement / fixing but will be made into post-pilot tickets. Also, there was a lot of hacky stuff we had to do to get around Devise so I'd say don't worry too much about the stuff in controllers/profiles and views/profiles which hold a bunch of community-suggested overrides to get things working.

What this does

• [x] Remove public self-signup page
• [x] Set up roles assignment:admin, org_admin, super_admin. Currently, only application is super_admin ability to manage users.
• [x] Add user management section to add, edit, delete users (available to super_admins)
• [x] Configure sign-up process: super_admin creates new user details (with no password), email is sent to user to confirm email and set their own password as part of activation process (see Screenshots below for flow)
• [x] Configure re-confirmation on email change process: similar to above
• [x] Add individual Organisation view pages linked to from user details
• [x] Create a load of custom Devise overrides to make authentication work the way we wan it, and cater for a whole lot of edge cases and different scenarios depending on who is modifying user details and in what context (e.g. confirmation, own user profile, user management pages).
• [x] Update email config for staging and live environments (see Deploy Instructions below for mail setup info)
• [x] Add seed data for initial user setup
• [x] Update README

What this could have (if time permitted)

NB: These aren't blocking enough to be done before second pilot but noting here as they should be addressed eventually and be translated into tickets

• [ ] UX / Frontend love for user management system and related email layouts sent for email confirmation, password re-send, etc
• [ ] Much better test coverage
• [ ] Role assignment for org_admins as per business rules in ticket, and a sweep over the platform to see what else should have conditional access applied

Deploy instructions

Mail:

On both our staging and production instance, we've installed the add-on for the SendGrid email service.

Deployment

• Run migrations:
  • db/migrate/20161009225419_add_role_to_users.rb
  • db/migrate/20161030193401_add_confirmable_to_devise.rb
• Push the button
• Manually update any users to super_admin in console: e.g. your_user.role = 'super_admin; your_user.save!

Screenshots

Flow:

User Management section (accessible by super_admin only)

Edit Existing User

Add New User

Confirmation/Activation

(User activated and auto-logged in)

[steverabino]

This is incredible, @krissy, thank you! 💕

[krissy]

All tasks done and email setup updated (including Devise from address) - hopefully ok after one last sweep?

[krissy]

🌵 Rebased on master and force-pushed 🌵