add require role plug and restrict router routes

lib/cannery_web/controllers/user_auth.ex

@@ -138,6 +138,21 @@ defmodule CanneryWeb.UserAuth do
       |> halt()
     end
   end
+  
+  @doc """
+  Used for routes that require the user to be an admin.
+  """
+  def require_role(conn, role: role_atom) do
+    if conn.assigns[:current_user] && conn.assigns.current_user.role == role_atom do
+      conn
+    else
+      conn
+      |> put_flash(:error, "You are not authorized to view this page.")
+      |> maybe_store_return_to()
+      |> redirect(to: Routes.home_path(conn, :index))
+      |> halt()
+    end
+  end
 
   defp maybe_store_return_to(%{method: "GET"} = conn) do
     put_session(conn, :user_return_to, current_path(conn))

lib/cannery_web/router.ex

@@ -1,6 +1,6 @@
 defmodule CanneryWeb.Router do
   use CanneryWeb, :router
-
+  import Phoenix.LiveDashboard.Router
   import CanneryWeb.UserAuth
 
   pipeline :browser do
@@ -12,6 +12,10 @@ defmodule CanneryWeb.Router do
     plug :put_secure_browser_headers
     plug :fetch_current_user
   end
+  
+  pipeline :require_admin do
+    plug :require_role, role: :admin
+  end
 
   pipeline :api do
     plug :accepts, ["json"]
@@ -20,25 +24,9 @@ defmodule CanneryWeb.Router do
   scope "/", CanneryWeb do
     pipe_through :browser
 
-    live "/", PageLive, :index
+    live "/", HomeLive, :index
   end
-
+  
-  # Enables LiveDashboard only for development
-  #
-  # If you want to use the LiveDashboard in production, you should put
-  # it behind authentication and allow only admins to access it.
-  # If your application does not have an admins-only section yet,
-  # you can use Plug.BasicAuth to set up some basic authentication
-  # as long as you are also using SSL (which you should anyway).
-  if Mix.env() in [:dev, :test] do
-    import Phoenix.LiveDashboard.Router
-
-    scope "/" do
-      pipe_through :browser
-      live_dashboard "/dashboard", metrics: CanneryWeb.Telemetry, ecto_repos: [Cannery.Repo]
-    end
-  end
-
   ## Authentication routes
 
   scope "/", CanneryWeb do
@@ -60,28 +48,28 @@ defmodule CanneryWeb.Router do
     get "/users/settings", UserSettingsController, :edit
     put "/users/settings", UserSettingsController, :update
     get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email
-    
+
     live "/tags", TagLive.Index, :index
     live "/tags/new", TagLive.Index, :new
     live "/tags/:id/edit", TagLive.Index, :edit
 
     live "/tags/:id", TagLive.Show, :show
     live "/tags/:id/show/edit", TagLive.Show, :edit
-    
+
     live "/ammo_types", AmmoTypeLive.Index, :index
     live "/ammo_types/new", AmmoTypeLive.Index, :new
     live "/ammo_types/:id/edit", AmmoTypeLive.Index, :edit
 
     live "/ammo_types/:id", AmmoTypeLive.Show, :show
     live "/ammo_types/:id/show/edit", AmmoTypeLive.Show, :edit
-    
+
     live "/containers", ContainerLive.Index, :index
     live "/containers/new", ContainerLive.Index, :new
     live "/containers/:id/edit", ContainerLive.Index, :edit
 
     live "/containers/:id", ContainerLive.Show, :show
     live "/containers/:id/show/edit", ContainerLive.Show, :edit
-    
+
     live "/ammo_groups", AmmoGroupLive.Index, :index
     live "/ammo_groups/new", AmmoGroupLive.Index, :new
     live "/ammo_groups/:id/edit", AmmoGroupLive.Index, :edit
@@ -90,6 +78,19 @@ defmodule CanneryWeb.Router do
     live "/ammo_groups/:id/show/edit", AmmoGroupLive.Show, :edit
   end
 
+  scope "/", CanneryWeb do
+    pipe_through [:browser, :require_authenticated_user, :require_admin]
+    
+    live_dashboard "/dashboard", metrics: CanneryWeb.Telemetry, ecto_repos: [Cannery.Repo]
+
+    live "/invites", InviteLive.Index, :index
+    live "/invites/new", InviteLive.Index, :new
+    live "/invites/:id/edit", InviteLive.Index, :edit
+
+    live "/invites/:id", InviteLive.Show, :show
+    live "/invites/:id/show/edit", InviteLive.Show, :edit
+  end
+
   scope "/", CanneryWeb do
     pipe_through [:browser]