Add admin users for which LiveDashboard is enabled in prod

lib/wiki/accounts/user.ex

@@ -7,7 +7,8 @@ defmodule Wiki.Accounts.User do
           password: String.t() | nil,
           hashed_password: String.t(),
           confirmed_at: NaiveDateTime.t(),
-          content_encryption_key_salt: String.t()
+          content_encryption_key_salt: String.t(),
+          is_admin: boolean()
         }
 
   @derive {Inspect, except: [:password]}
@@ -17,6 +18,7 @@ defmodule Wiki.Accounts.User do
     field :hashed_password, :string
     field :confirmed_at, :naive_datetime
     field :content_encryption_key_salt, :binary
+    field :is_admin, :boolean, default: false
 
     timestamps()
   end

lib/wiki_web/controllers/user_auth.ex

@@ -143,6 +143,19 @@ defmodule WikiWeb.UserAuth do
     end
   end
 
+  def require_admin_user(conn, _opts) do
+    case conn.assigns[:current_user] do
+      %Accounts.User{is_admin: true} ->
+        conn
+
+      _ ->
+        conn
+        |> put_flash(:error, "You must be logged in as an admin to access this page.")
+        |> redirect(to: "/")
+        |> halt()
+    end
+  end
+
   defp maybe_store_return_to(%{method: "GET", request_path: request_path} = conn) do
     put_session(conn, :user_return_to, request_path)
   end

lib/wiki_web/router.ex

@@ -2,6 +2,7 @@ defmodule WikiWeb.Router do
   use WikiWeb, :router
 
   import WikiWeb.UserAuth
+  import Phoenix.LiveDashboard.Router
 
   pipeline :browser do
     plug :accepts, ["html"]
@@ -21,22 +22,6 @@ defmodule WikiWeb.Router do
   #   pipe_through :api
   # end
 
-  # Enables LiveDashboard only for development
-  #
-  # If you want to use the LiveDashboard in production, you should put
-  # it behind authentication and allow only admins to access it.
-  # If your application does not have an admins-only section yet,
-  # you can use Plug.BasicAuth to set up some basic authentication
-  # as long as you are also using SSL (which you should anyway).
-  if Mix.env() in [:dev, :test] do
-    import Phoenix.LiveDashboard.Router
-
-    scope "/" do
-      pipe_through :browser
-      live_dashboard "/dashboard", metrics: WikiWeb.Telemetry
-    end
-  end
-
   ## Authentication routes
 
   scope "/", WikiWeb do
@@ -68,6 +53,12 @@ defmodule WikiWeb.Router do
     delete "/pages/:id/uploads/:upload_id", PageController, :delete_upload
   end
 
+  scope "/", WikiWeb do
+    pipe_through [:browser, :require_authenticated_user, :require_admin_user]
+
+    live_dashboard "/dashboard", metrics: WikiWeb.Telemetry
+  end
+
   scope "/", WikiWeb do
     pipe_through [:browser]
 

lib/wiki_web/templates/layout/app.html.eex

@@ -17,10 +17,10 @@
             <%= if @current_user do %>
               <li><%= link "New Page", to: Routes.page_path(@conn, :new) %></li>
               <li><%= link "Random", to: Routes.page_path(@conn, :random) %></li>
-            <% end %>
-            <%= if function_exported?(Routes, :live_dashboard_path, 2) do %>
+              <%= if @current_user.is_admin do %>
                 <li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
               <% end %>
+            <% end %>
           </ul>
           <%= render "_user_menu.html", assigns %>
         </nav>

priv/repo/migrations/20210410184709_users_add_is_admin.exs

@@ -0,0 +1,9 @@
+defmodule Wiki.Repo.Migrations.UsersAddIsAdmin do
+  use Ecto.Migration
+
+  def change do
+    alter table(:users) do
+      add :is_admin, :boolean, default: false
+    end
+  end
+end