Refactor into EnsureRoles

indocomsoft · indocomsoft · commit f08205dcfe7a · 2018-04-18T22:42:54.000+08:00
diff --git a/lib/cadet_web/plug/check_admin.ex b/lib/cadet_web/plug/check_admin.ex
diff --git a/lib/cadet_web/plug/ensure_roles.ex b/lib/cadet_web/plug/ensure_roles.ex
@@ -0,0 +1,25 @@
+defmodule CadetWeb.Plug.EnsureRoles do
+  @moduledoc """
+  Ensures that :current_user's role is inside a list provided as option.
+  If the user is not inside the list, HTTP 403 response will be sent.
+  """
+
+  import Plug.Conn
+
+  def init(opts), do: opts
+
+  def call(conn, %{roles: roles}) do
+    if conn.assigns[:current_user].role in roles do
+      conn
+    else
+      body =
+        roles
+        |> Enum.map(&to_string/1)
+        |> Enum.join("/")
+      conn
+      |> put_resp_content_type("text/html")
+      |> send_resp(:forbidden, "Not #{body}")
+      |> halt()
+    end
+  end
+end
diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex
@@ -18,8 +18,8 @@ defmodule CadetWeb.Router do
     plug(Guardian.Plug.EnsureAuthenticated)
   end
 
-  pipeline :ensure_admin do
-    plug(CadetWeb.Plug.CheckAdmin)
+  pipeline :ensure_admin_staff do
+    plug(CadetWeb.Plug.EnsureRoles, %{roles: [:admin, :staff]})
   end
 
   # Public Pages
@@ -39,7 +39,7 @@ defmodule CadetWeb.Router do
 
   # Admin Pages
   scope "/admin", CadetWeb do
-    pipe_through([:browser, :auth, :ensure_auth, :ensure_admin])
+    pipe_through([:browser, :auth, :ensure_auth, :ensure_admin_staff])
 
     get("/", AdminController, :index)
   end
diff --git a/lib/cadet_web/templates/layout/app.navbar.html.eex b/lib/cadet_web/templates/layout/app.navbar.html.eex
@@ -20,7 +20,7 @@
         Playground
       </button>
 
-    <%= if is_admin?(@conn) do %>
+    <%= if is_roles?(@conn, [:admin, :staff]) do %>
       <%= button "Admin", to: admin_path(@conn, :index), method: "get", class: "pt-button pt-minimal pt-icon-settings" %>
     <% end %>
 
diff --git a/lib/cadet_web/views/view_helpers.ex b/lib/cadet_web/views/view_helpers.ex
@@ -8,9 +8,9 @@ defmodule CadetWeb.ViewHelpers do
     conn.assigns[:current_user] != nil
   end
 
-  def is_admin?(conn) do
+  def is_roles?(conn, roles) do
     if logged_in?(conn) do
-      conn.assigns[:current_user].role == :admin
+      conn.assigns[:current_user].role in roles
     else
       false
     end
diff --git a/test/cadet_web/plug/check_admin_test.exs b/test/cadet_web/plug/check_admin_test.exs
diff --git a/test/cadet_web/plug/ensure_roles_test.exs b/test/cadet_web/plug/ensure_roles_test.exs
@@ -0,0 +1,32 @@
+defmodule CadetWeb.Plug.EnsureRolesTest do
+  use CadetWeb.ConnCase
+
+  alias CadetWeb.Plug.AssignCurrentUser
+  alias CadetWeb.Plug.EnsureRoles
+
+  test "init" do
+    EnsureRoles.init(%{})
+    # nothing to test
+  end
+
+  @tag authenticate: :student
+  test "logged in as student", %{conn: conn} do
+    conn = AssignCurrentUser.call(conn, %{})
+    conn = EnsureRoles.call(conn, %{roles: [:admin, :staff]})
+    assert html_response(conn, 403) =~ "Not admin/staff"
+  end
+
+  @tag authenticate: :staff
+  test "logged in as staff", %{conn: conn} do
+    conn = AssignCurrentUser.call(conn, %{})
+    conn = EnsureRoles.call(conn, %{roles: [:admin, :staff]})
+    refute conn.status # conn.status is not set yet
+  end
+
+  @tag authenticate: :admin
+  test "logged in as admin", %{conn: conn} do
+    conn = AssignCurrentUser.call(conn, %{})
+    conn = EnsureRoles.call(conn, %{roles: [:admin, :staff]})
+    refute conn.status # conn.status is not set yet
+  end
+end
