diff --git a/lib/cannery_web/controllers/user_auth.ex b/lib/cannery_web/controllers/user_auth.ex index 9668a21..602667e 100644 --- a/lib/cannery_web/controllers/user_auth.ex +++ b/lib/cannery_web/controllers/user_auth.ex @@ -138,6 +138,21 @@ defmodule CanneryWeb.UserAuth do |> halt() end end + + @doc """ + Used for routes that require the user to be an admin. + """ + def require_role(conn, role: role_atom) do + if conn.assigns[:current_user] && conn.assigns.current_user.role == role_atom do + conn + else + conn + |> put_flash(:error, "You are not authorized to view this page.") + |> maybe_store_return_to() + |> redirect(to: Routes.home_path(conn, :index)) + |> halt() + end + end defp maybe_store_return_to(%{method: "GET"} = conn) do put_session(conn, :user_return_to, current_path(conn)) diff --git a/lib/cannery_web/router.ex b/lib/cannery_web/router.ex index b0b73dd..4d78e86 100644 --- a/lib/cannery_web/router.ex +++ b/lib/cannery_web/router.ex @@ -1,6 +1,6 @@ defmodule CanneryWeb.Router do use CanneryWeb, :router - + import Phoenix.LiveDashboard.Router import CanneryWeb.UserAuth pipeline :browser do @@ -12,6 +12,10 @@ defmodule CanneryWeb.Router do plug :put_secure_browser_headers plug :fetch_current_user end + + pipeline :require_admin do + plug :require_role, role: :admin + end pipeline :api do plug :accepts, ["json"] @@ -20,25 +24,9 @@ defmodule CanneryWeb.Router do scope "/", CanneryWeb do pipe_through :browser - live "/", PageLive, :index + live "/", HomeLive, :index end - - # Enables LiveDashboard only for development - # - # If you want to use the LiveDashboard in production, you should put - # it behind authentication and allow only admins to access it. - # If your application does not have an admins-only section yet, - # you can use Plug.BasicAuth to set up some basic authentication - # as long as you are also using SSL (which you should anyway). - if Mix.env() in [:dev, :test] do - import Phoenix.LiveDashboard.Router - - scope "/" do - pipe_through :browser - live_dashboard "/dashboard", metrics: CanneryWeb.Telemetry, ecto_repos: [Cannery.Repo] - end - end - + ## Authentication routes scope "/", CanneryWeb do @@ -60,28 +48,28 @@ defmodule CanneryWeb.Router do get "/users/settings", UserSettingsController, :edit put "/users/settings", UserSettingsController, :update get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email - + live "/tags", TagLive.Index, :index live "/tags/new", TagLive.Index, :new live "/tags/:id/edit", TagLive.Index, :edit live "/tags/:id", TagLive.Show, :show live "/tags/:id/show/edit", TagLive.Show, :edit - + live "/ammo_types", AmmoTypeLive.Index, :index live "/ammo_types/new", AmmoTypeLive.Index, :new live "/ammo_types/:id/edit", AmmoTypeLive.Index, :edit live "/ammo_types/:id", AmmoTypeLive.Show, :show live "/ammo_types/:id/show/edit", AmmoTypeLive.Show, :edit - + live "/containers", ContainerLive.Index, :index live "/containers/new", ContainerLive.Index, :new live "/containers/:id/edit", ContainerLive.Index, :edit live "/containers/:id", ContainerLive.Show, :show live "/containers/:id/show/edit", ContainerLive.Show, :edit - + live "/ammo_groups", AmmoGroupLive.Index, :index live "/ammo_groups/new", AmmoGroupLive.Index, :new live "/ammo_groups/:id/edit", AmmoGroupLive.Index, :edit @@ -90,6 +78,19 @@ defmodule CanneryWeb.Router do live "/ammo_groups/:id/show/edit", AmmoGroupLive.Show, :edit end + scope "/", CanneryWeb do + pipe_through [:browser, :require_authenticated_user, :require_admin] + + live_dashboard "/dashboard", metrics: CanneryWeb.Telemetry, ecto_repos: [Cannery.Repo] + + live "/invites", InviteLive.Index, :index + live "/invites/new", InviteLive.Index, :new + live "/invites/:id/edit", InviteLive.Index, :edit + + live "/invites/:id", InviteLive.Show, :show + live "/invites/:id/show/edit", InviteLive.Show, :edit + end + scope "/", CanneryWeb do pipe_through [:browser]