From b70b99ba51652f8a47babe872f1294bdf99d1cf5 Mon Sep 17 00:00:00 2001 From: KKlochko Date: Mon, 26 May 2025 14:21:14 +0300 Subject: [PATCH] Update DBIServer's Index and Show to allow moderators to read. --- .../live/dbi_server_live/form_component.ex | 2 +- .../live/dbi_server_live/index.ex | 30 +++++++++++-------- .../live/dbi_server_live/show.ex | 5 ++-- lib/decentralised_book_index_web/router.ex | 22 +++++++------- .../live/live_views_permission_test.exs | 29 +++++++++++------- 5 files changed, 52 insertions(+), 36 deletions(-) diff --git a/lib/decentralised_book_index_web/live/dbi_server_live/form_component.ex b/lib/decentralised_book_index_web/live/dbi_server_live/form_component.ex index dbad093..17b4af9 100644 --- a/lib/decentralised_book_index_web/live/dbi_server_live/form_component.ex +++ b/lib/decentralised_book_index_web/live/dbi_server_live/form_component.ex @@ -61,7 +61,7 @@ defmodule DecentralisedBookIndexWeb.DbiServerLive.FormComponent do socket = socket |> put_flash(:info, "Server #{socket.assigns.form.source.type}d successfully") - |> push_navigate(to: patch_url(socket.assigns.action, dbi_server.id)) + |> redirect(to: patch_url(socket.assigns.action, dbi_server.id)) {:noreply, socket} diff --git a/lib/decentralised_book_index_web/live/dbi_server_live/index.ex b/lib/decentralised_book_index_web/live/dbi_server_live/index.ex index 6f8fc87..7f8dd8a 100644 --- a/lib/decentralised_book_index_web/live/dbi_server_live/index.ex +++ b/lib/decentralised_book_index_web/live/dbi_server_live/index.ex @@ -4,26 +4,30 @@ defmodule DecentralisedBookIndexWeb.DbiServerLive.Index do alias DecentralisedBookIndex.Metadata alias DecentralisedBookIndex.SyncTasks.SyncServerTask + alias DecentralisedBookIndex.Accounts.Role + @impl true def render(assigns) do ~H""" <.header> Listing Servers <:actions> -
-
- <.primary_button phx-click="sync"> - Sync now - -
+ <%= if @current_user != nil and Role.can_administrate?(@current_user.role) do %>
- <.link patch={~p"/oban"}> - <.primary_button> - Task dashboard +
+ <.primary_button phx-click="sync"> + Sync now - +
+
+ <.link patch={~p"/oban"}> + <.primary_button> + Task dashboard + + +
-
+ <% end %> @@ -63,7 +67,9 @@ defmodule DecentralisedBookIndexWeb.DbiServerLive.Index do <.link navigate={~p"/servers/#{dbi_server}"}>Show - <.link patch={~p"/servers/#{dbi_server}/edit"}>Edit + <%= if @current_user != nil and Role.can_administrate?(@current_user.role) do %> + <.link patch={~p"/servers/#{dbi_server}/edit"}>Edit + <% end %> diff --git a/lib/decentralised_book_index_web/live/dbi_server_live/show.ex b/lib/decentralised_book_index_web/live/dbi_server_live/show.ex index 40dcdcd..4fd4f35 100644 --- a/lib/decentralised_book_index_web/live/dbi_server_live/show.ex +++ b/lib/decentralised_book_index_web/live/dbi_server_live/show.ex @@ -1,6 +1,8 @@ defmodule DecentralisedBookIndexWeb.DbiServerLive.Show do use DecentralisedBookIndexWeb, :live_view + alias DecentralisedBookIndex.Accounts.Role + @impl true def render(assigns) do ~H""" @@ -8,7 +10,7 @@ defmodule DecentralisedBookIndexWeb.DbiServerLive.Show do {@dbi_server.name} <:actions> - <%= if is_nil(@dbi_server.dbi_server) do %> + <%= if is_nil(@dbi_server.dbi_server) and @current_user != nil and Role.can_administrate?(@current_user.role) do %> <.link patch={~p"/servers/#{@dbi_server}/edit"} phx-click={JS.push_focus()}> <.edit_button> Edit @@ -18,7 +20,6 @@ defmodule DecentralisedBookIndexWeb.DbiServerLive.Show do -
Url
diff --git a/lib/decentralised_book_index_web/router.ex b/lib/decentralised_book_index_web/router.ex index c8b1cd1..f616f32 100644 --- a/lib/decentralised_book_index_web/router.ex +++ b/lib/decentralised_book_index_web/router.ex @@ -41,6 +41,18 @@ defmodule DecentralisedBookIndexWeb.Router do scope "/", DecentralisedBookIndexWeb do pipe_through :browser + ash_authentication_live_session :admin_authenticated_routes, + on_mount: {DecentralisedBookIndexWeb.LiveUserAuth, :admin_required} do + live "/servers/new", DbiServerLive.Edit, :new + live "/servers/:id/edit", DbiServerLive.Edit, :edit + #live "/servers", DbiServerLive.Index, :index + #live "/servers/:id", DbiServerLive.Show, :show + + live "/users", UserLive.Index, :index + live "/users/:id", UserLive.Show, :show + live "/users/:id/edit", UserLive.Edit, :edit + end + ash_authentication_live_session :moderator_authenticated_routes, on_mount: {DecentralisedBookIndexWeb.LiveUserAuth, :moderator_required} do live "/books/new", BookLive.Edit, :new @@ -56,19 +68,9 @@ defmodule DecentralisedBookIndexWeb.Router do live "/publishers/:id/edit", PublisherLive.Edit, :edit live "/publishers/:id", PublisherLive.Show, :show - end - ash_authentication_live_session :admin_authenticated_routes, - on_mount: {DecentralisedBookIndexWeb.LiveUserAuth, :admin_required} do live "/servers", DbiServerLive.Index, :index - live "/servers/new", DbiServerLive.Edit, :new - live "/servers/:id/edit", DbiServerLive.Edit, :edit - live "/servers/:id", DbiServerLive.Show, :show - - live "/users", UserLive.Index, :index - live "/users/:id", UserLive.Show, :show - live "/users/:id/edit", UserLive.Edit, :edit end ash_authentication_live_session :maybe_authenticated_routes, diff --git a/test/decentralised_book_index_web/live/live_views_permission_test.exs b/test/decentralised_book_index_web/live/live_views_permission_test.exs index 06c33f0..f192c6f 100644 --- a/test/decentralised_book_index_web/live/live_views_permission_test.exs +++ b/test/decentralised_book_index_web/live/live_views_permission_test.exs @@ -303,12 +303,11 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissionsTest do end describe "Server Index /servers" do - test "can't be accessed by regular user and moderator", %{ + test "can't be accessed by regular user", %{ conn: conn, - user: user, - moderator: moderator + user: user } do - for user <- [nil, user, moderator] do + for user <- [nil, user] do assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} = conn |> log_in_user(user) @@ -316,8 +315,12 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissionsTest do end end - test "can be accessed by admin", %{conn: conn, admin: admin} do - for user <- [admin] do + test "can be accessed by moderator and admin", %{ + conn: conn, + moderator: moderator, + admin: admin + } do + for user <- [moderator, admin] do assert {:ok, _view, html} = conn |> log_in_user(user) @@ -333,13 +336,12 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissionsTest do %{server: generate(dbi_server())} end - test "can't be accessed by non-admin user", %{ + test "can't be accessed by non-moderator user", %{ conn: conn, user: user, - moderator: moderator, server: server } do - for user <- [nil, user, moderator] do + for user <- [nil, user] do assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} = conn |> log_in_user(user) @@ -347,8 +349,13 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissionsTest do end end - test "can be accessed by admin", %{conn: conn, admin: admin, server: server} do - for user <- [admin] do + test "can be accessed by admin", %{ + conn: conn, + moderator: moderator, + admin: admin, + server: server + } do + for user <- [moderator, admin] do {:ok, _view, html} = conn |> log_in_user(user)