Add admin users for which LiveDashboard is enabled in prod

2021-04-10 14:54:14 -04:00 · 2021-04-10 14:54:14 -04:00 · e7211d2042
parent 5235403a19
commit e7211d2042
5 changed files with 35 additions and 20 deletions
--- a/lib/wiki/accounts/user.ex
+++ b/lib/wiki/accounts/user.ex
@ -7,7 +7,8 @@ defmodule Wiki.Accounts.User do
          password: String.t() | nil,
          hashed_password: String.t(),
          confirmed_at: NaiveDateTime.t(),
-          content_encryption_key_salt: String.t()
+          content_encryption_key_salt: String.t(),
+          is_admin: boolean()
        }

  @derive {Inspect, except: [:password]}
@ -17,6 +18,7 @@ defmodule Wiki.Accounts.User do
    field :hashed_password, :string
    field :confirmed_at, :naive_datetime
    field :content_encryption_key_salt, :binary
+    field :is_admin, :boolean, default: false

    timestamps()
  end
--- a/lib/wiki_web/controllers/user_auth.ex
+++ b/lib/wiki_web/controllers/user_auth.ex
@ -143,6 +143,19 @@ defmodule WikiWeb.UserAuth do
    end
  end

+  def require_admin_user(conn, _opts) do
+    case conn.assigns[:current_user] do
+      %Accounts.User{is_admin: true} ->
+        conn
+
+      _ ->
+        conn
+        |> put_flash(:error, "You must be logged in as an admin to access this page.")
+        |> redirect(to: "/")
+        |> halt()
+    end
+  end
+
  defp maybe_store_return_to(%{method: "GET", request_path: request_path} = conn) do
    put_session(conn, :user_return_to, request_path)
  end
--- a/lib/wiki_web/router.ex
+++ b/lib/wiki_web/router.ex
@ -2,6 +2,7 @@ defmodule WikiWeb.Router do
  use WikiWeb, :router

  import WikiWeb.UserAuth
+  import Phoenix.LiveDashboard.Router

  pipeline :browser do
    plug :accepts, ["html"]
@ -21,22 +22,6 @@ defmodule WikiWeb.Router do
  #   pipe_through :api
  # end

-  # Enables LiveDashboard only for development
-  #
-  # If you want to use the LiveDashboard in production, you should put
-  # it behind authentication and allow only admins to access it.
-  # If your application does not have an admins-only section yet,
-  # you can use Plug.BasicAuth to set up some basic authentication
-  # as long as you are also using SSL (which you should anyway).
-  if Mix.env() in [:dev, :test] do
-    import Phoenix.LiveDashboard.Router
-
-    scope "/" do
-      pipe_through :browser
-      live_dashboard "/dashboard", metrics: WikiWeb.Telemetry
-    end
-  end
-
  ## Authentication routes

  scope "/", WikiWeb do
@ -68,6 +53,12 @@ defmodule WikiWeb.Router do
    delete "/pages/:id/uploads/:upload_id", PageController, :delete_upload
  end

+  scope "/", WikiWeb do
+    pipe_through [:browser, :require_authenticated_user, :require_admin_user]
+
+    live_dashboard "/dashboard", metrics: WikiWeb.Telemetry
+  end
+
  scope "/", WikiWeb do
    pipe_through [:browser]

--- a/lib/wiki_web/templates/layout/app.html.eex
+++ b/lib/wiki_web/templates/layout/app.html.eex
@ -17,9 +17,9 @@
            <%= if @current_user do %>
              <li><%= link "New Page", to: Routes.page_path(@conn, :new) %></li>
              <li><%= link "Random", to: Routes.page_path(@conn, :random) %></li>
-            <% end %>
-            <%= if function_exported?(Routes, :live_dashboard_path, 2) do %>
-              <li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
+              <%= if @current_user.is_admin do %>
+                <li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
+              <% end %>
            <% end %>
          </ul>
          <%= render "_user_menu.html", assigns %>
--- a/priv/repo/migrations/20210410184709_users_add_is_admin.exs
+++ b/priv/repo/migrations/20210410184709_users_add_is_admin.exs
@ -0,0 +1,9 @@
+defmodule Wiki.Repo.Migrations.UsersAddIsAdmin do
+  use Ecto.Migration
+
+  def change do
+    alter table(:users) do
+      add :is_admin, :boolean, default: false
+    end
+  end
+end