Last active
April 9, 2016 22:03
-
-
Save therealklanni/82924dd1540ab558cc2adb7e55e482be to your computer and use it in GitHub Desktop.
Authorized plug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
defmodule Org.Router do | |
use Org.Web, :router | |
pipeline :browser do | |
plug :accepts, ["html"] | |
plug :fetch_session | |
plug :fetch_flash | |
plug :protect_from_forgery | |
plug :put_secure_browser_headers | |
plug Org.Plugs.AssignCurrentUser | |
end | |
pipeline :authenticated do | |
plug Org.Plugs.Authenticated | |
end | |
pipeline :auth_admin do | |
plug Org.Plugs.Authenticated | |
plug Org.Plugs.Authorized, :admin | |
end | |
pipeline :auth_member do | |
plug Org.Plugs.Authenticated | |
plug Org.Plugs.Authorized, :member | |
end | |
pipeline :api do | |
plug :accepts, ["json"] | |
end | |
# Scope for OAuth2 routes | |
scope "/auth", Org do | |
pipe_through :browser | |
get "/:provider", AuthController, :index | |
get "/:provider/callback", AuthController, :callback | |
delete "/logout", AuthController, :delete | |
end | |
# Scope for admin-only routes | |
scope "/", Org.Admin do | |
pipe_through [:browser, :auth_admin] | |
resources "/users", UserController, except: [:index, :show] | |
resources "/groups", GroupController, except: [:index, :show] | |
end | |
# Scope for authenticated-only routes (user is logged in) | |
scope "/", Org do | |
pipe_through [:browser, :authenticated] | |
get "/apply", PageController, :apply | |
get "/thanks", PageController, :thanks | |
resources "/users", UserController, only: [:index, :show] | |
end | |
# Scope for all other routes | |
scope "/", Org do | |
pipe_through :browser | |
get "/", PageController, :home | |
get "/signin", PageController, :signin | |
resources "/groups", GroupController, only: [:index, :show] | |
end | |
# Other scopes may use custom stacks. | |
# scope "/api", Org do | |
# pipe_through :api | |
# end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@behaviour Plug
statement at the top so that the compiler will perform compile time checkscase current_user |> Map.get(:role) do
you are assuming that the key is present. As long as that's true of your schema, that's fine. And if it's always present, you can just use the accessor shortcutcase current_user.role do
debug("User ##{current_user.id} is an admin")
. Just for your own debugging sanity.