use RBAC v0.2.0 to transform roles from List of Maps/Structs to Strin…

…g for #91

lib/auth/person.ex

@@ -35,7 +35,7 @@ defmodule Auth.Person do
   @doc """
   Default attributes validation for Person
   """
-  def changeset(person, attrs, roles \\ []) do
+  def changeset(person, attrs) do
     # IO.inspect(person, label: "changeset > person")
     # IO.inspect(attrs, label: "changeset > attrs")
     # IO.inspect(roles, label: "changeset > roles")
@@ -58,14 +58,14 @@ defmodule Auth.Person do
     |> validate_required([:email])
     |> put_email_hash()
     |> put_pass_hash()
-    |> put_assoc(:roles, roles)
   end
 
   def create_person(person) do
     person =
       %Person{}
       |> changeset(person)
       |> put_email_status_verified()
+      |> put_assoc(:roles, [ Auth.Role.get_role!(6) ])
 
     case get_person_by_email(person.changes.email) do
       nil ->
@@ -164,8 +164,10 @@ defmodule Auth.Person do
   end
 
   def create_google_person(profile) do
-    transform_google_profile_data_to_person(profile)
+    person = transform_google_profile_data_to_person(profile)
     |> upsert_person()
+
+    Map.replace!(person, :roles, RBAC.transform_role_list_to_string(person.roles))
   end
 
   # @doc """
@@ -200,7 +202,9 @@ defmodule Auth.Person do
 
   def verify_person_by_id(id) do
     person = get_person_by_id(id)
-    %{email: person.email, status: get_status_verified()} |> upsert_person()
+    %{email: person.email, status: get_status_verified()}
+    |> upsert_person()
+
   end
 
   def get_person_by_id(id) do
@@ -246,7 +250,8 @@ defmodule Auth.Person do
           changeset(%Person{id: ep.id}, merged)
           |> Repo.update()
 
-        person
+        # ensure that the preloads are returned:
+        get_person_by_email(person.email)
     end
   end
 

lib/auth_web/controllers/auth_controller.ex

@@ -340,6 +340,9 @@ defmodule AuthWeb.AuthController do
 
     if changeset.valid? do
       person = Auth.Person.upsert_person(%{email: email, password: p["password"]})
+      # replace %Auth.Role{} struct with string  github.com/dwyl/rbac/issues/4
+      person = Map.replace!(person, :roles,
+        RBAC.transform_role_list_to_string(person.roles))
       redirect_or_render(conn, person, p["state"])
     else
       conn
@@ -447,7 +450,8 @@ defmodule AuthWeb.AuthController do
       id: person.id,
       picture: person.picture,
       status: person.status,
-      email: person.email
+      email: person.email,
+      roles: RBAC.transform_role_list_to_string(person.roles)
     }
 
     jwt = AuthPlug.Token.generate_jwt!(data, client_secret)

mix.exs

@@ -1,7 +1,4 @@
 defmodule Auth.Mixfile do
-  @moduledoc """
-  Defines the Mix Project, Dependencies and Scripts
-  """
   use Mix.Project
 
   def project do
@@ -66,6 +63,8 @@ defmodule Auth.Mixfile do
       {:elixir_auth_google, "~> 1.3.0"},
       # https://github.com/dwyl/auth_plug
       {:auth_plug, "1.2.0"},
+      # https://github.com/dwyl/rbac
+      {:rbac, "~> 0.2.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
       {:fields, "~> 2.6.0"},

mix.lock

@@ -52,6 +52,7 @@
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"},
   "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
+  "rbac": {:hex, :rbac, "0.2.0", "ed77a2bcad9e8bc4879d887a288a216be85641f06cecd0d2a84eaadc97c2ade8", [:mix], [], "hexpm", "78f37cffcff1675957c2c510d2052e5e9a99053ec205e3c695609dcc9cd306bd"},
   "sobelow": {:hex, :sobelow, "0.10.2", "00e91208046d3b434f9f08779fe0ca7c6d6595b7fa33b289e792dffa6dde8081", [:mix], [], "hexpm", "e30fc994330cf6f485c1c4f2fb7c4b2d403557d0e101c6e5329fd17a58e55a7e"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "stream_data": {:hex, :stream_data, "0.4.3", "62aafd870caff0849a5057a7ec270fad0eb86889f4d433b937d996de99e3db25", [:mix], [], "hexpm", "7dafd5a801f0bc897f74fcd414651632b77ca367a7ae4568778191fc3bf3a19a"},

priv/repo/seeds.exs

@@ -119,9 +119,7 @@ defmodule SetupRoles do
       # |> IO.inspect()
     end)
   end
-
-  def assign_superadmin_role() do
-  end
 end
 
 SetupRoles.create_default_roles()
+Auth.PeopleRoles.insert(1, 1, 1)

test/auth/people_roles_test.exs

@@ -8,12 +8,14 @@ defmodule AuthWeb.PeopleRolesTest do
     role_id = 4
     # grant the "creator" role (id: 4) to the new person:
     Auth.PeopleRoles.insert(1, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id) |> IO.inspect()
-    role = List.first(person_with_role.roles)
-    assert role_id == role.id
+    person_with_role = Auth.Person.get_person_by_id(grantee.id) # |> IO.inspect()
+    roles = RBAC.transform_role_list_to_string(person_with_role.roles)
+    assert roles =~ Integer.to_string(role_id)
 
     # check the latest people_roles record:
-    pr = List.last(Auth.PeopleRoles.list_people_roles())
+    list = Auth.PeopleRoles.list_people_roles()
+    # IO.inspect(list, label: "list")
+    pr = List.last(list)
     assert pr.granter_id == 1
     assert pr.person_id == grantee.id
   end
@@ -26,4 +28,7 @@ defmodule AuthWeb.PeopleRolesTest do
   #   conn = Auth.PeopleRoles.insert(conn, grantee.id, role_id)
   #   assert conn.status == 401
   # end
+  # test "get list of roles" do
+  #   Auth.Role.list_roles() |> IO.inspect()
+  # end
 end

test/auth_web/controllers/apikey_controller_test.exs

@@ -131,13 +131,13 @@ defmodule AuthWeb.ApikeyControllerTest do
     test "attempt to edit a key I don't own > should 404", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
 
-      wrong_person =
-        Auth.Person.create_person(%{
-          email: "[email protected]",
-          auth_provider: "email"
-        })
-
-      conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      wrong_person_data = %{
+        email: "[email protected]",
+        auth_provider: "email",
+        id: 42
+      }
+      Auth.Person.create_person(wrong_person_data)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -152,7 +152,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   describe "update apikey" do
     test "redirects when data is valid", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = AuthPlug.create_jwt_session(conn, %{id: person.id})
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -168,7 +168,7 @@ defmodule AuthWeb.ApikeyControllerTest do
 
     test "renders errors when data is invalid", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -182,13 +182,13 @@ defmodule AuthWeb.ApikeyControllerTest do
     test "attempt to UPDATE a key I don't own > should 404", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
       # create session with wrong person:
-      wrong_person =
-        Auth.Person.create_person(%{
-          email: "[email protected]",
-          auth_provider: "email"
-        })
-
-      conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      wrong_person_data = %{
+        email: "[email protected]",
+        auth_provider: "email",
+        id: 42
+      }
+      Auth.Person.create_person(wrong_person_data)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000", "person_id" => person.id}
@@ -203,7 +203,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   describe "delete apikey" do
     test "deletes chosen apikey", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -219,13 +219,14 @@ defmodule AuthWeb.ApikeyControllerTest do
     end
 
     test "cannot delete a key belonging to someone else! 404", %{conn: conn} do
-      wrong_person =
-        Auth.Person.create_person(%{
-          email: "[email protected]",
-          auth_provider: "email"
-        })
 
-      conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      wrong_person_data = %{
+        email: "[email protected]",
+        auth_provider: "email",
+        id: 42
+      }
+      Auth.Person.create_person(wrong_person_data)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
       person = Auth.Person.get_person_by_email(@email)
 
       {:ok, key} =

test/auth_web/controllers/auth_controller_test.exs

@@ -127,11 +127,11 @@ defmodule AuthWeb.AuthControllerTest do
       auth_provider: "google"
     }
 
-    person = Auth.Person.upsert_person(data)
+    Auth.Person.upsert_person(data)
 
     conn =
-      AuthPlug.create_jwt_session(conn, person)
-      |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
+    AuthPlug.create_jwt_session(conn, data)
+    |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
 
     assert html_response(conn, 200) =~ "Google account"
   end
@@ -320,6 +320,7 @@ defmodule AuthWeb.AuthControllerTest do
 
     link = AuthWeb.AuthController.make_verify_link(conn, person, state)
     link = "/auth/verify" <> List.last(String.split(link, "/auth/verify"))
+
     conn = get(conn, link, %{})
     assert html_response(conn, 302) =~ "redirected"
   end

test/test_helper.exs

@@ -11,6 +11,12 @@ defmodule AuthTest do
   """
   def admin_login(conn) do
     person = Auth.Person.get_person_by_email(@admin_email)
-    AuthPlug.create_jwt_session(conn, person)
+    data = %{
+      id: person.id,
+      email: person.email,
+      auth_provider: person.auth_provider
+    }
+    # IO.inspect(person, label: "person")
+    AuthPlug.create_jwt_session(conn, data)
   end
 end