Add admin users for which LiveDashboard is enabled in prod
This commit is contained in:
parent
5235403a19
commit
e7211d2042
|
@ -7,7 +7,8 @@ defmodule Wiki.Accounts.User do
|
||||||
password: String.t() | nil,
|
password: String.t() | nil,
|
||||||
hashed_password: String.t(),
|
hashed_password: String.t(),
|
||||||
confirmed_at: NaiveDateTime.t(),
|
confirmed_at: NaiveDateTime.t(),
|
||||||
content_encryption_key_salt: String.t()
|
content_encryption_key_salt: String.t(),
|
||||||
|
is_admin: boolean()
|
||||||
}
|
}
|
||||||
|
|
||||||
@derive {Inspect, except: [:password]}
|
@derive {Inspect, except: [:password]}
|
||||||
|
@ -17,6 +18,7 @@ defmodule Wiki.Accounts.User do
|
||||||
field :hashed_password, :string
|
field :hashed_password, :string
|
||||||
field :confirmed_at, :naive_datetime
|
field :confirmed_at, :naive_datetime
|
||||||
field :content_encryption_key_salt, :binary
|
field :content_encryption_key_salt, :binary
|
||||||
|
field :is_admin, :boolean, default: false
|
||||||
|
|
||||||
timestamps()
|
timestamps()
|
||||||
end
|
end
|
||||||
|
|
|
@ -143,6 +143,19 @@ defmodule WikiWeb.UserAuth do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def require_admin_user(conn, _opts) do
|
||||||
|
case conn.assigns[:current_user] do
|
||||||
|
%Accounts.User{is_admin: true} ->
|
||||||
|
conn
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:error, "You must be logged in as an admin to access this page.")
|
||||||
|
|> redirect(to: "/")
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
defp maybe_store_return_to(%{method: "GET", request_path: request_path} = conn) do
|
defp maybe_store_return_to(%{method: "GET", request_path: request_path} = conn) do
|
||||||
put_session(conn, :user_return_to, request_path)
|
put_session(conn, :user_return_to, request_path)
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,7 @@ defmodule WikiWeb.Router do
|
||||||
use WikiWeb, :router
|
use WikiWeb, :router
|
||||||
|
|
||||||
import WikiWeb.UserAuth
|
import WikiWeb.UserAuth
|
||||||
|
import Phoenix.LiveDashboard.Router
|
||||||
|
|
||||||
pipeline :browser do
|
pipeline :browser do
|
||||||
plug :accepts, ["html"]
|
plug :accepts, ["html"]
|
||||||
|
@ -21,22 +22,6 @@ defmodule WikiWeb.Router do
|
||||||
# pipe_through :api
|
# pipe_through :api
|
||||||
# end
|
# end
|
||||||
|
|
||||||
# Enables LiveDashboard only for development
|
|
||||||
#
|
|
||||||
# If you want to use the LiveDashboard in production, you should put
|
|
||||||
# it behind authentication and allow only admins to access it.
|
|
||||||
# If your application does not have an admins-only section yet,
|
|
||||||
# you can use Plug.BasicAuth to set up some basic authentication
|
|
||||||
# as long as you are also using SSL (which you should anyway).
|
|
||||||
if Mix.env() in [:dev, :test] do
|
|
||||||
import Phoenix.LiveDashboard.Router
|
|
||||||
|
|
||||||
scope "/" do
|
|
||||||
pipe_through :browser
|
|
||||||
live_dashboard "/dashboard", metrics: WikiWeb.Telemetry
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
## Authentication routes
|
## Authentication routes
|
||||||
|
|
||||||
scope "/", WikiWeb do
|
scope "/", WikiWeb do
|
||||||
|
@ -68,6 +53,12 @@ defmodule WikiWeb.Router do
|
||||||
delete "/pages/:id/uploads/:upload_id", PageController, :delete_upload
|
delete "/pages/:id/uploads/:upload_id", PageController, :delete_upload
|
||||||
end
|
end
|
||||||
|
|
||||||
|
scope "/", WikiWeb do
|
||||||
|
pipe_through [:browser, :require_authenticated_user, :require_admin_user]
|
||||||
|
|
||||||
|
live_dashboard "/dashboard", metrics: WikiWeb.Telemetry
|
||||||
|
end
|
||||||
|
|
||||||
scope "/", WikiWeb do
|
scope "/", WikiWeb do
|
||||||
pipe_through [:browser]
|
pipe_through [:browser]
|
||||||
|
|
||||||
|
|
|
@ -17,10 +17,10 @@
|
||||||
<%= if @current_user do %>
|
<%= if @current_user do %>
|
||||||
<li><%= link "New Page", to: Routes.page_path(@conn, :new) %></li>
|
<li><%= link "New Page", to: Routes.page_path(@conn, :new) %></li>
|
||||||
<li><%= link "Random", to: Routes.page_path(@conn, :random) %></li>
|
<li><%= link "Random", to: Routes.page_path(@conn, :random) %></li>
|
||||||
<% end %>
|
<%= if @current_user.is_admin do %>
|
||||||
<%= if function_exported?(Routes, :live_dashboard_path, 2) do %>
|
|
||||||
<li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
|
<li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
<%= render "_user_menu.html", assigns %>
|
<%= render "_user_menu.html", assigns %>
|
||||||
</nav>
|
</nav>
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
defmodule Wiki.Repo.Migrations.UsersAddIsAdmin do
|
||||||
|
use Ecto.Migration
|
||||||
|
|
||||||
|
def change do
|
||||||
|
alter table(:users) do
|
||||||
|
add :is_admin, :boolean, default: false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue