add require role plug and restrict router routes

This commit is contained in:
shibao 2021-09-10 00:24:54 -04:00 committed by oliviasculley
parent fd5ebcce67
commit c20d1c1f5a
2 changed files with 39 additions and 23 deletions

View File

@ -138,6 +138,21 @@ defmodule CanneryWeb.UserAuth do
|> halt()
end
end
@doc """
Used for routes that require the user to be an admin.
"""
def require_role(conn, role: role_atom) do
if conn.assigns[:current_user] && conn.assigns.current_user.role == role_atom do
conn
else
conn
|> put_flash(:error, "You are not authorized to view this page.")
|> maybe_store_return_to()
|> redirect(to: Routes.home_path(conn, :index))
|> halt()
end
end
defp maybe_store_return_to(%{method: "GET"} = conn) do
put_session(conn, :user_return_to, current_path(conn))

View File

@ -1,6 +1,6 @@
defmodule CanneryWeb.Router do
use CanneryWeb, :router
import Phoenix.LiveDashboard.Router
import CanneryWeb.UserAuth
pipeline :browser do
@ -12,6 +12,10 @@ defmodule CanneryWeb.Router do
plug :put_secure_browser_headers
plug :fetch_current_user
end
pipeline :require_admin do
plug :require_role, role: :admin
end
pipeline :api do
plug :accepts, ["json"]
@ -20,25 +24,9 @@ defmodule CanneryWeb.Router do
scope "/", CanneryWeb do
pipe_through :browser
live "/", PageLive, :index
live "/", HomeLive, :index
end
# Enables LiveDashboard only for development
#
# If you want to use the LiveDashboard in production, you should put
# it behind authentication and allow only admins to access it.
# If your application does not have an admins-only section yet,
# you can use Plug.BasicAuth to set up some basic authentication
# as long as you are also using SSL (which you should anyway).
if Mix.env() in [:dev, :test] do
import Phoenix.LiveDashboard.Router
scope "/" do
pipe_through :browser
live_dashboard "/dashboard", metrics: CanneryWeb.Telemetry, ecto_repos: [Cannery.Repo]
end
end
## Authentication routes
scope "/", CanneryWeb do
@ -60,28 +48,28 @@ defmodule CanneryWeb.Router do
get "/users/settings", UserSettingsController, :edit
put "/users/settings", UserSettingsController, :update
get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email
live "/tags", TagLive.Index, :index
live "/tags/new", TagLive.Index, :new
live "/tags/:id/edit", TagLive.Index, :edit
live "/tags/:id", TagLive.Show, :show
live "/tags/:id/show/edit", TagLive.Show, :edit
live "/ammo_types", AmmoTypeLive.Index, :index
live "/ammo_types/new", AmmoTypeLive.Index, :new
live "/ammo_types/:id/edit", AmmoTypeLive.Index, :edit
live "/ammo_types/:id", AmmoTypeLive.Show, :show
live "/ammo_types/:id/show/edit", AmmoTypeLive.Show, :edit
live "/containers", ContainerLive.Index, :index
live "/containers/new", ContainerLive.Index, :new
live "/containers/:id/edit", ContainerLive.Index, :edit
live "/containers/:id", ContainerLive.Show, :show
live "/containers/:id/show/edit", ContainerLive.Show, :edit
live "/ammo_groups", AmmoGroupLive.Index, :index
live "/ammo_groups/new", AmmoGroupLive.Index, :new
live "/ammo_groups/:id/edit", AmmoGroupLive.Index, :edit
@ -90,6 +78,19 @@ defmodule CanneryWeb.Router do
live "/ammo_groups/:id/show/edit", AmmoGroupLive.Show, :edit
end
scope "/", CanneryWeb do
pipe_through [:browser, :require_authenticated_user, :require_admin]
live_dashboard "/dashboard", metrics: CanneryWeb.Telemetry, ecto_repos: [Cannery.Repo]
live "/invites", InviteLive.Index, :index
live "/invites/new", InviteLive.Index, :new
live "/invites/:id/edit", InviteLive.Index, :edit
live "/invites/:id", InviteLive.Show, :show
live "/invites/:id/show/edit", InviteLive.Show, :edit
end
scope "/", CanneryWeb do
pipe_through [:browser]