Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new group for permanent config #233

Merged
merged 2 commits into from
Nov 16, 2023
Merged

Add new group for permanent config #233

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7050232
Add new group for permanent config
PaulJKim Nov 2, 2023
c38380b
Reuse existing screens-admin group and use more descriptive access le…
PaulJKim Nov 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion config/dev.exs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,5 +84,5 @@ config :screenplay,

config :ueberauth, Ueberauth,
providers: [
cognito: {Screenplay.Ueberauth.Strategy.Fake, [groups: ["screenplay"]]}
cognito: {Screenplay.Ueberauth.Strategy.Fake, [groups: ["screenplay-emergency-admin"]]}
]
20 changes: 13 additions & 7 deletions lib/screenplay_web/auth_manager/auth_manager.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ defmodule ScreenplayWeb.AuthManager do

use Guardian, otp_app: :screenplay

@type access_level :: :none | :read_only | :admin
@type access_level :: :none | :read_only | :emergency_admin | :screens_config_admmin

@screenplay_admin_group "screenplay"
@screenplay_admin_group "screenplay-emergency-admin"
@screens_admin "screens-admin"

@spec subject_for_token(
resource :: Guardian.Token.resource(),
Expand All @@ -24,11 +25,16 @@ defmodule ScreenplayWeb.AuthManager do
def resource_from_claims(_), do: {:error, :invalid_claims}

@spec claims_access_level(Guardian.Token.claims()) :: access_level()
def claims_access_level(%{"groups" => groups}) do
if not is_nil(groups) and @screenplay_admin_group in groups do
:admin
else
:read_only
def claims_access_level(%{"groups" => groups}) when not is_nil(groups) do
cond do
@screenplay_admin_group in groups ->
:emergency_admin

@screens_admin in groups ->
:screens_config_admmin

true ->
:read_only
end
end

Expand Down
2 changes: 1 addition & 1 deletion lib/screenplay_web/auth_manager/ensure_screenplay_admin_group.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ defmodule ScreenplayWeb.EnsureScreenplayAdminGroup do

def call(conn, _opts) do
with claims <- Guardian.Plug.current_claims(conn),
true <- ScreenplayWeb.AuthManager.claims_access_level(claims) == :admin do
true <- ScreenplayWeb.AuthManager.claims_access_level(claims) == :emergency_admin do
conn
else
_ ->
Expand Down
2 changes: 1 addition & 1 deletion lib/screenplay_web/plugs/metadata.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ defmodule ScreenplayWeb.Plugs.Metadata do
claims = Guardian.Plug.current_claims(conn)

not is_nil(claims) and
ScreenplayWeb.AuthManager.claims_access_level(claims) == :admin
ScreenplayWeb.AuthManager.claims_access_level(claims) == :emergency_admin
end
end
2 changes: 1 addition & 1 deletion test/support/conn_case.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ defmodule ScreenplayWeb.ConnCase do
Phoenix.ConnTest.build_conn()
|> Plug.Test.init_test_session(%{})
|> Guardian.Plug.sign_in(ScreenplayWeb.AuthManager, user, %{
"groups" => ["screenplay"]
"groups" => ["screenplay-emergency-admin"]
})
|> Plug.Conn.put_session(:username, user)

Expand Down
Loading