From 0d4dfd5bb2a62ed2e783278bea9e6da470d68d26 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 17 Jul 2020 13:52:46 +0100
Subject: [PATCH 001/166] improve clarity in create_apikey in seeds.exs

---
 priv/repo/seeds.exs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index be260fc2..a9e0174b 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -39,15 +39,15 @@ defmodule Auth.Seeds do
         "name" => "system admin key",
         "description" => "Created by /priv/repo/seeds.exs during setup.",
         # the default host in %Plug.Conn
-        "url" => "www.example.com"
+        "url" => "localhost:4000"
       }
       |> AuthWeb.ApikeyController.make_apikey(person.id)
       |> Auth.Apikey.create_apikey()
 
     api_key = key.client_id <> "/" <> key.client_secret
     # Set the AUTH_API_KEY to a valid value that is in the DB:
-    System.put_env("AUTH_API_KEY", api_key)
-    IO.inspect(System.get_env("AUTH_API_KEY"), label: "AUTH_API_KEY")
+    IO.puts("Remember to set the AUTH_API_KEY environment variable:")
+    IO.puts("export AUTH_API_KEY=#{api_key}")
     IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
     key
   end

From a351bfc9a5c7112fd4e7ac6ef2b77e495de50e90 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 17 Jul 2020 14:12:43 +0100
Subject: [PATCH 002/166] remember to export the AUTH_API_KEY in seeds.exs so
 its present during test lifecyle #54

---
 priv/repo/seeds.exs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index a9e0174b..27bbee06 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -45,6 +45,8 @@ defmodule Auth.Seeds do
       |> Auth.Apikey.create_apikey()
 
     api_key = key.client_id <> "/" <> key.client_secret
+    # set the AUTH_API_KEY during test run:
+    System.put_env("AUTH_API_KEY", api_key)
     # Set the AUTH_API_KEY to a valid value that is in the DB:
     IO.puts("Remember to set the AUTH_API_KEY environment variable:")
     IO.puts("export AUTH_API_KEY=#{api_key}")

From c2f3d19aaa0e748548a1585ecc7a9dee7c847f1c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 17 Jul 2020 14:13:51 +0100
Subject: [PATCH 003/166] if an apikey belongs to SuperAdmin dont check the URL
 as its the System Key

---
 lib/auth_web/controllers/auth_controller.ex | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index e0aa83fc..3c5b3248 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -417,7 +417,6 @@ defmodule AuthWeb.AuthController do
 
   def get_client_secret(client_id, state) do
     person_id = AuthWeb.ApikeyController.decode_decrypt(client_id)
-
     # decode_decrypt fails with state 0
     if person_id == 0 do
       0
@@ -425,7 +424,13 @@ defmodule AuthWeb.AuthController do
       apikeys = Auth.Apikey.list_apikeys_for_person(person_id)
 
       Enum.filter(apikeys, fn k ->
-        k.client_id == client_id and state =~ k.url
+        # if the API Key belongs to Super Admin, don't check URL as it's the "setup key":
+        if person_id == 1 do
+          k.client_id == client_id 
+        else
+          # check url matches the state for all other keys:
+          k.client_id == client_id and state =~ k.url
+        end
       end)
       |> List.first()
       |> Map.get(:client_secret)

From 0498e98f296cc9fc8e052acd9d0ca92ad64c8873 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 24 Jul 2020 15:25:07 +0100
Subject: [PATCH 004/166] add test for get_client_secret/2

---
 .../controllers/auth_controller_test.exs        | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 1925d4d5..c3de1577 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -49,6 +49,23 @@ defmodule AuthWeb.AuthControllerTest do
     assert conn.resp_body =~ "state=http://localhost/admin"
   end
 
+  test "get_client_secret(client_id, state) gets the secret for the given client_id" do
+
+    person = Auth.Person.create_person(%{
+      email: "alex@gmail.com",
+      auth_provider: "email"
+    })
+
+    {:ok, key} = %{"name" => "test key", "url" => "example.com"}
+    |> AuthWeb.ApikeyController.make_apikey(person.id)
+    |> Auth.Apikey.create_apikey()
+
+    state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
+    secret = AuthWeb.AuthController.get_client_secret(key.client_id, state)
+    
+    assert secret == key.client_secret
+  end
+
   test "github_handler/2 github auth callback", %{conn: conn} do
     baseurl = AuthPlug.Helpers.get_baseurl_from_conn(conn)
 

From 9cf0ef5628c1a32fa39e2d91c796e2856a03ee51 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 18 Jul 2020 11:34:51 +0100
Subject: [PATCH 005/166] reduce noise in tests by checking for Mix.env() ==
 :test

---
 priv/repo/seeds.exs | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 27bbee06..d2c05421 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -26,10 +26,12 @@ defmodule Auth.Seeds do
         person ->
           person
       end
-
-    IO.inspect(person.id, label: "seeds.exs person.id")
-    IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
-
+    if(Mix.env() == :test) do
+      # don't print noise during tests
+    else
+      IO.inspect(person.id, label: "seeds.exs person.id")
+      IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
+    end
     person
   end
 
@@ -47,10 +49,14 @@ defmodule Auth.Seeds do
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY during test run:
     System.put_env("AUTH_API_KEY", api_key)
-    # Set the AUTH_API_KEY to a valid value that is in the DB:
-    IO.puts("Remember to set the AUTH_API_KEY environment variable:")
-    IO.puts("export AUTH_API_KEY=#{api_key}")
-    IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
+
+    if(Mix.env() == :test) do
+      # don't print noise during tests
+    else
+      IO.puts("Remember to set the AUTH_API_KEY environment variable:")
+      IO.puts("export AUTH_API_KEY=#{api_key}")
+      IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
+    end
     key
   end
 end

From 090aa6673bd91b7c921ef8850adadbe0c35010e2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 22 Jul 2020 16:36:58 +0100
Subject: [PATCH 006/166] add notes on RBAC #81

---
 role-based-access-control.md | 83 ++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 role-based-access-control.md

diff --git a/role-based-access-control.md b/role-based-access-control.md
new file mode 100644
index 00000000..26014365
--- /dev/null
+++ b/role-based-access-control.md
@@ -0,0 +1,83 @@
+# Role Based Access Control (RBAC)
+
+_Understand_ the fundamentals of Role Based Access Control (RBAC)
+
+## Why?
+
+RBAC lets you easily manage roles and permissions in any application
+and see at a glance exactly permissions a person has in the system.
+It reduces complexity over traditional
+Access Control List (ACL) based permissions systems. 
+
+
+## What?
+
+The purpose of RBAC is to provide a framework
+for application administrators and developers
+to manage the permissions assigned to the people using the App(s).
+
+Each role granted just enough flexibility and permissions 
+to perform the tasks required for their job, 
+this helps enforce the 
+[principal of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege)
+
+The RBAC methodology is based on a set of three principal rules 
+that govern access to systems:
+
+1. **Role Assignment**: 
+Each transaction or operation can only be carried out 
+if the person has assumed the appropriate role. 
+An operation is defined as any action taken 
+with respect to a system or network object that is protected by RBAC. 
+Roles may be assigned by a separate party 
+or selected by the person attempting to perform the action.
+
+2. **Role Authorization**: 
+The purpose of role authorization 
+is to ensure that people can only assume a role 
+for which they have been given the appropriate authorization. 
+When a person assumes a role, 
+they must do so with authorization from an administrator.
+
+3. **Transaction Authorization**: 
+An operation can only be completed 
+if the person attempting to complete the transaction 
+possesses the appropriate role.
+
+
+## Who?
+
+Anyone who is interested in developing secure multi-user applications
+should learn about RBAC.
+
+
+## _How_?
+
+Let's create the Database Schemas (Tables) to store our RBAC data,
+starting with **`Roles`**:
+
+```
+mix phx.gen.html Ctx Role roles name:string desc:string person_id:references:people
+```
+
+
+```
+mix phx.gen.html Ctx Permission permissions name:string desc:string person_id:references:people
+```
+
+Next create the **`many-to-many`** relationship between roles and permissions.
+
+```
+mix ecto.gen.migration create_role_permissions
+```
+
+Now create the **`many-to-many`** relationship between people and roles.
+
+
+
+
+## Recommended Reading
+
++ https://en.wikipedia.org/wiki/Role-based_access_control
++ https://www.sumologic.com/glossary/role-based-access-control
++ https://medium.com/@adriennedomingus/role-based-access-control-rbac-permissions-vs-roles-55f1f0051468

From 46a2813da840bf7435f9497b3d74db08d2c69bd9 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 22 Jul 2020 18:35:52 +0100
Subject: [PATCH 007/166] add ping to mix.exs see: https://github.com/dwyl/ping

---
 mix.exs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mix.exs b/mix.exs
index f7be88e4..8ca755aa 100644
--- a/mix.exs
+++ b/mix.exs
@@ -69,6 +69,9 @@ defmodule Auth.Mixfile do
       # Base58 Encodeing: https://github.com/dwyl/base58
       {:B58, "~> 1.0", hex: :b58},
 
+      # Ping to Wake Heroku Instance: https://github.com/dwyl/ping
+      {:ping, "~> 1.0.1"},
+
       # Check test coverage
       {:excoveralls, "~> 0.12.3", only: :test}, 
 

From 46c45c7966080440225a103e39fdf5e5c429e55f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 22 Jul 2020 18:41:36 +0100
Subject: [PATCH 008/166] add RBAC schema instructions [WiP] #27 / #31

---
 README.md                    |  3 +--
 role-based-access-control.md | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index c0b83831..555b2d9c 100644
--- a/README.md
+++ b/README.md
@@ -173,7 +173,6 @@ And for sending emails you will need the
 `SECRET_KEY_BASE` and `EMAIL_APP_URL` defined.
 
 
-
 ### 4. Create and migrate your database:
 
 > Ensure that PostgreSQL is running
@@ -190,7 +189,7 @@ mix ecto.setup
 mix phoenix.server
 ```
 
-> It may take a couple of minutes to compile the app the first time. ⏳
+> It may take a minute to compile the app the first time. ⏳
 
 Now you can visit [`localhost:4000`](http://localhost:4000) from your browser.
 
diff --git a/role-based-access-control.md b/role-based-access-control.md
index 26014365..66ceb558 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -53,6 +53,14 @@ should learn about RBAC.
 
 ## _How_?
 
+Before creating any roles,
+you will need to have a baseline schema including people
+as people will be referenced by roles.
+
+If you don't already have these schemas/tables,
+see: https://github.com/dwyl/app-mvp-phoenix#create-schemas
+
+
 Let's create the Database Schemas (Tables) to store our RBAC data,
 starting with **`Roles`**:
 
@@ -60,7 +68,7 @@ starting with **`Roles`**:
 mix phx.gen.html Ctx Role roles name:string desc:string person_id:references:people
 ```
 
-
+Next create the permissions schema:
 ```
 mix phx.gen.html Ctx Permission permissions name:string desc:string person_id:references:people
 ```
@@ -71,7 +79,13 @@ Next create the **`many-to-many`** relationship between roles and permissions.
 mix ecto.gen.migration create_role_permissions
 ```
 
-Now create the **`many-to-many`** relationship between people and roles.
+
+
+Now create the **`many-to-many`** relationship between people and roles:
+
+```
+mix ecto.gen.migration create_people_roles
+```
 
 
 

From 2f26ed1b970ad1d0b925c42de462388e2ffe7697 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 22 Jul 2020 18:55:01 +0100
Subject: [PATCH 009/166] add /ping to wake Heroku app see:
 https://github.com/dwyl/ping

---
 README.md                                          |  1 +
 lib/auth_web/controllers/ping_controller.ex        |  8 ++++++++
 lib/auth_web/router.ex                             |  3 +++
 mix.lock                                           |  1 +
 test/auth_web/controllers/ping_controller_test.exs | 10 ++++++++++
 5 files changed, 23 insertions(+)
 create mode 100644 lib/auth_web/controllers/ping_controller.ex
 create mode 100644 test/auth_web/controllers/ping_controller_test.exs

diff --git a/README.md b/README.md
index 555b2d9c..5b66a9b9 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@ you can setup in ***5 minutes***.
 <!-- uncomment when service is working ...
 [![Inline docs](http://inch-ci.org/github/dwyl/auth.svg?branch=master&style=flat-square)](http://inch-ci.org/github/dwyl/auth)
 -->
+![wake-sleeping-heroku-app](https://dwylauth.herokuapp.com/ping)
 
 </div>
 
diff --git a/lib/auth_web/controllers/ping_controller.ex b/lib/auth_web/controllers/ping_controller.ex
new file mode 100644
index 00000000..b3f59710
--- /dev/null
+++ b/lib/auth_web/controllers/ping_controller.ex
@@ -0,0 +1,8 @@
+defmodule AuthWeb.PingController do
+  use AuthWeb, :controller
+
+  # see: github.com/dwyl/ping
+  def ping(conn, params) do
+    Ping.render_pixel(conn, params)
+  end
+end
\ No newline at end of file
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 864c19b8..8fb5f35c 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -24,6 +24,9 @@ defmodule AuthWeb.Router do
     # get "/auth/password/new", AuthController, :password_input
     post "/auth/password/create", AuthController, :password_create
     post "/auth/password/verify", AuthController, :password_prompt
+
+    # https://github.com/dwyl/ping
+    get "/ping", PingController, :ping
   end
 
   pipeline :auth do
diff --git a/mix.lock b/mix.lock
index 2c92a781..737d4801 100644
--- a/mix.lock
+++ b/mix.lock
@@ -45,6 +45,7 @@
   "phoenix_html": {:hex, :phoenix_html, "2.14.2", "b8a3899a72050f3f48a36430da507dd99caf0ac2d06c77529b1646964f3d563e", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "58061c8dfd25da5df1ea0ca47c972f161beb6c875cd293917045b92ffe1bf617"},
   "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.2", "38d94c30df5e2ef11000697a4fbe2b38d0fbf79239d492ff1be87bbc33bc3a84", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "a3dec3d28ddb5476c96a7c8a38ea8437923408bc88da43e5c45d97037b396280"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.0.0", "a1ae76717bb168cdeb10ec9d92d1480fec99e3080f011402c0a2d68d47395ffb", [:mix], [], "hexpm", "c52d948c4f261577b9c6fa804be91884b381a7f8f18450c5045975435350f771"},
+  "ping": {:hex, :ping, "1.0.1", "1f44c7b7151af18627edbd7946a376935871f285fc9c11e9f16ddb1555ea65b5", [:mix], [{:plug, "~> 1.10.1", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c1421bebcb6601e7fb1158700ca99eb2dc0976b45fe2a26023db5a9318aadfa6"},
   "plug": {:hex, :plug, "1.10.3", "c9cebe917637d8db0e759039cc106adca069874e1a9034fd6e3fdd427fd3c283", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "01f9037a2a1de1d633b5a881101e6a444bcabb1d386ca1e00bb273a1f1d9d939"},
   "plug_cowboy": {:hex, :plug_cowboy, "2.3.0", "149a50e05cb73c12aad6506a371cd75750c0b19a32f81866e1a323dda9e0e99d", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "bc595a1870cef13f9c1e03df56d96804db7f702175e4ccacdb8fc75c02a7b97e"},
   "plug_crypto": {:hex, :plug_crypto, "1.1.2", "bdd187572cc26dbd95b87136290425f2b580a116d3fb1f564216918c9730d227", [:mix], [], "hexpm", "6b8b608f895b6ffcfad49c37c7883e8df98ae19c6a28113b02aa1e9c5b22d6b5"},
diff --git a/test/auth_web/controllers/ping_controller_test.exs b/test/auth_web/controllers/ping_controller_test.exs
new file mode 100644
index 00000000..d6e3192a
--- /dev/null
+++ b/test/auth_web/controllers/ping_controller_test.exs
@@ -0,0 +1,10 @@
+defmodule AuthWeb.PingControllerTest do
+  use AuthWeb.ConnCase
+
+  test "GET /ping (GIF) renders 1x1 pixel", %{conn: conn} do
+    conn = get(conn, Routes.ping_path(conn, :ping))
+    assert conn.status == 200
+    assert conn.state == :sent
+    assert conn.resp_body =~ <<71, 73, 70, 56, 57>>
+  end
+end
\ No newline at end of file

From 0114fc8ae98f48736350b7e0d200d5f54552d4bc Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 22 Jul 2020 18:59:54 +0100
Subject: [PATCH 010/166] create roles schema and resources #27 / #31

---
 lib/auth/ctx.ex                               | 104 ++++++++++++++++++
 lib/auth/ctx/role.ex                          |  19 ++++
 lib/auth_web/controllers/role_controller.ex   |  62 +++++++++++
 lib/auth_web/router.ex                        |   2 +
 lib/auth_web/templates/role/edit.html.eex     |   5 +
 lib/auth_web/templates/role/form.html.eex     |  19 ++++
 lib/auth_web/templates/role/index.html.eex    |  28 +++++
 lib/auth_web/templates/role/new.html.eex      |   5 +
 lib/auth_web/templates/role/show.html.eex     |  18 +++
 lib/auth_web/views/role_view.ex               |   3 +
 .../20200722175850_create_roles.exs           |  15 +++
 test/auth/ctx_test.exs                        |  66 +++++++++++
 .../controllers/role_controller_test.exs      |  88 +++++++++++++++
 13 files changed, 434 insertions(+)
 create mode 100644 lib/auth/ctx.ex
 create mode 100644 lib/auth/ctx/role.ex
 create mode 100644 lib/auth_web/controllers/role_controller.ex
 create mode 100644 lib/auth_web/templates/role/edit.html.eex
 create mode 100644 lib/auth_web/templates/role/form.html.eex
 create mode 100644 lib/auth_web/templates/role/index.html.eex
 create mode 100644 lib/auth_web/templates/role/new.html.eex
 create mode 100644 lib/auth_web/templates/role/show.html.eex
 create mode 100644 lib/auth_web/views/role_view.ex
 create mode 100644 priv/repo/migrations/20200722175850_create_roles.exs
 create mode 100644 test/auth/ctx_test.exs
 create mode 100644 test/auth_web/controllers/role_controller_test.exs

diff --git a/lib/auth/ctx.ex b/lib/auth/ctx.ex
new file mode 100644
index 00000000..2a07041c
--- /dev/null
+++ b/lib/auth/ctx.ex
@@ -0,0 +1,104 @@
+defmodule Auth.Ctx do
+  @moduledoc """
+  The Ctx context.
+  """
+
+  import Ecto.Query, warn: false
+  alias Auth.Repo
+
+  alias Auth.Ctx.Role
+
+  @doc """
+  Returns the list of roles.
+
+  ## Examples
+
+      iex> list_roles()
+      [%Role{}, ...]
+
+  """
+  def list_roles do
+    Repo.all(Role)
+  end
+
+  @doc """
+  Gets a single role.
+
+  Raises `Ecto.NoResultsError` if the Role does not exist.
+
+  ## Examples
+
+      iex> get_role!(123)
+      %Role{}
+
+      iex> get_role!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_role!(id), do: Repo.get!(Role, id)
+
+  @doc """
+  Creates a role.
+
+  ## Examples
+
+      iex> create_role(%{field: value})
+      {:ok, %Role{}}
+
+      iex> create_role(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_role(attrs \\ %{}) do
+    %Role{}
+    |> Role.changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a role.
+
+  ## Examples
+
+      iex> update_role(role, %{field: new_value})
+      {:ok, %Role{}}
+
+      iex> update_role(role, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_role(%Role{} = role, attrs) do
+    role
+    |> Role.changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a role.
+
+  ## Examples
+
+      iex> delete_role(role)
+      {:ok, %Role{}}
+
+      iex> delete_role(role)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_role(%Role{} = role) do
+    Repo.delete(role)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking role changes.
+
+  ## Examples
+
+      iex> change_role(role)
+      %Ecto.Changeset{data: %Role{}}
+
+  """
+  def change_role(%Role{} = role, attrs \\ %{}) do
+    Role.changeset(role, attrs)
+  end
+end
diff --git a/lib/auth/ctx/role.ex b/lib/auth/ctx/role.ex
new file mode 100644
index 00000000..e6cd02b0
--- /dev/null
+++ b/lib/auth/ctx/role.ex
@@ -0,0 +1,19 @@
+defmodule Auth.Ctx.Role do
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  schema "roles" do
+    field :desc, :string
+    field :name, :string
+    field :person_id, :id
+
+    timestamps()
+  end
+
+  @doc false
+  def changeset(role, attrs) do
+    role
+    |> cast(attrs, [:name, :desc])
+    |> validate_required([:name, :desc])
+  end
+end
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
new file mode 100644
index 00000000..e25c3394
--- /dev/null
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -0,0 +1,62 @@
+defmodule AuthWeb.RoleController do
+  use AuthWeb, :controller
+
+  alias Auth.Ctx
+  alias Auth.Ctx.Role
+
+  def index(conn, _params) do
+    roles = Ctx.list_roles()
+    render(conn, "index.html", roles: roles)
+  end
+
+  def new(conn, _params) do
+    changeset = Ctx.change_role(%Role{})
+    render(conn, "new.html", changeset: changeset)
+  end
+
+  def create(conn, %{"role" => role_params}) do
+    case Ctx.create_role(role_params) do
+      {:ok, role} ->
+        conn
+        |> put_flash(:info, "Role created successfully.")
+        |> redirect(to: Routes.role_path(conn, :show, role))
+
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render(conn, "new.html", changeset: changeset)
+    end
+  end
+
+  def show(conn, %{"id" => id}) do
+    role = Ctx.get_role!(id)
+    render(conn, "show.html", role: role)
+  end
+
+  def edit(conn, %{"id" => id}) do
+    role = Ctx.get_role!(id)
+    changeset = Ctx.change_role(role)
+    render(conn, "edit.html", role: role, changeset: changeset)
+  end
+
+  def update(conn, %{"id" => id, "role" => role_params}) do
+    role = Ctx.get_role!(id)
+
+    case Ctx.update_role(role, role_params) do
+      {:ok, role} ->
+        conn
+        |> put_flash(:info, "Role updated successfully.")
+        |> redirect(to: Routes.role_path(conn, :show, role))
+
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render(conn, "edit.html", role: role, changeset: changeset)
+    end
+  end
+
+  def delete(conn, %{"id" => id}) do
+    role = Ctx.get_role!(id)
+    {:ok, _role} = Ctx.delete_role(role)
+
+    conn
+    |> put_flash(:info, "Role deleted successfully.")
+    |> redirect(to: Routes.role_path(conn, :index))
+  end
+end
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 8fb5f35c..298652a2 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -38,6 +38,8 @@ defmodule AuthWeb.Router do
     pipe_through :auth
 
     get "/profile", AuthController, :admin
+    resources "/roles", RoleController
+    
     resources "/settings/apikeys", ApikeyController
   end
 
diff --git a/lib/auth_web/templates/role/edit.html.eex b/lib/auth_web/templates/role/edit.html.eex
new file mode 100644
index 00000000..f5527cf7
--- /dev/null
+++ b/lib/auth_web/templates/role/edit.html.eex
@@ -0,0 +1,5 @@
+<h1>Edit Role</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.role_path(@conn, :update, @role)) %>
+
+<span><%= link "Back", to: Routes.role_path(@conn, :index) %></span>
diff --git a/lib/auth_web/templates/role/form.html.eex b/lib/auth_web/templates/role/form.html.eex
new file mode 100644
index 00000000..1339ceb1
--- /dev/null
+++ b/lib/auth_web/templates/role/form.html.eex
@@ -0,0 +1,19 @@
+<%= form_for @changeset, @action, fn f -> %>
+  <%= if @changeset.action do %>
+    <div class="alert alert-danger">
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <%= label f, :name %>
+  <%= text_input f, :name %>
+  <%= error_tag f, :name %>
+
+  <%= label f, :desc %>
+  <%= text_input f, :desc %>
+  <%= error_tag f, :desc %>
+
+  <div>
+    <%= submit "Save" %>
+  </div>
+<% end %>
diff --git a/lib/auth_web/templates/role/index.html.eex b/lib/auth_web/templates/role/index.html.eex
new file mode 100644
index 00000000..4920d942
--- /dev/null
+++ b/lib/auth_web/templates/role/index.html.eex
@@ -0,0 +1,28 @@
+<h1>Listing Roles</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>Name</th>
+      <th>Desc</th>
+
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+<%= for role <- @roles do %>
+    <tr>
+      <td><%= role.name %></td>
+      <td><%= role.desc %></td>
+
+      <td>
+        <span><%= link "Show", to: Routes.role_path(@conn, :show, role) %></span>
+        <span><%= link "Edit", to: Routes.role_path(@conn, :edit, role) %></span>
+        <span><%= link "Delete", to: Routes.role_path(@conn, :delete, role), method: :delete, data: [confirm: "Are you sure?"] %></span>
+      </td>
+    </tr>
+<% end %>
+  </tbody>
+</table>
+
+<span><%= link "New Role", to: Routes.role_path(@conn, :new) %></span>
diff --git a/lib/auth_web/templates/role/new.html.eex b/lib/auth_web/templates/role/new.html.eex
new file mode 100644
index 00000000..79e26f37
--- /dev/null
+++ b/lib/auth_web/templates/role/new.html.eex
@@ -0,0 +1,5 @@
+<h1>New Role</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.role_path(@conn, :create)) %>
+
+<span><%= link "Back", to: Routes.role_path(@conn, :index) %></span>
diff --git a/lib/auth_web/templates/role/show.html.eex b/lib/auth_web/templates/role/show.html.eex
new file mode 100644
index 00000000..98f82c6e
--- /dev/null
+++ b/lib/auth_web/templates/role/show.html.eex
@@ -0,0 +1,18 @@
+<h1>Show Role</h1>
+
+<ul>
+
+  <li>
+    <strong>Name:</strong>
+    <%= @role.name %>
+  </li>
+
+  <li>
+    <strong>Desc:</strong>
+    <%= @role.desc %>
+  </li>
+
+</ul>
+
+<span><%= link "Edit", to: Routes.role_path(@conn, :edit, @role) %></span>
+<span><%= link "Back", to: Routes.role_path(@conn, :index) %></span>
diff --git a/lib/auth_web/views/role_view.ex b/lib/auth_web/views/role_view.ex
new file mode 100644
index 00000000..1aff1f86
--- /dev/null
+++ b/lib/auth_web/views/role_view.ex
@@ -0,0 +1,3 @@
+defmodule AuthWeb.RoleView do
+  use AuthWeb, :view
+end
diff --git a/priv/repo/migrations/20200722175850_create_roles.exs b/priv/repo/migrations/20200722175850_create_roles.exs
new file mode 100644
index 00000000..c393b64d
--- /dev/null
+++ b/priv/repo/migrations/20200722175850_create_roles.exs
@@ -0,0 +1,15 @@
+defmodule Auth.Repo.Migrations.CreateRoles do
+  use Ecto.Migration
+
+  def change do
+    create table(:roles) do
+      add :name, :string
+      add :desc, :string
+      add :person_id, references(:people, on_delete: :nothing)
+
+      timestamps()
+    end
+
+    create index(:roles, [:person_id])
+  end
+end
diff --git a/test/auth/ctx_test.exs b/test/auth/ctx_test.exs
new file mode 100644
index 00000000..b09034f3
--- /dev/null
+++ b/test/auth/ctx_test.exs
@@ -0,0 +1,66 @@
+defmodule Auth.CtxTest do
+  use Auth.DataCase
+
+  alias Auth.Ctx
+
+  describe "roles" do
+    alias Auth.Ctx.Role
+
+    @valid_attrs %{desc: "some desc", name: "some name"}
+    @update_attrs %{desc: "some updated desc", name: "some updated name"}
+    @invalid_attrs %{desc: nil, name: nil}
+
+    def role_fixture(attrs \\ %{}) do
+      {:ok, role} =
+        attrs
+        |> Enum.into(@valid_attrs)
+        |> Ctx.create_role()
+
+      role
+    end
+
+    test "list_roles/0 returns all roles" do
+      role = role_fixture()
+      assert Ctx.list_roles() == [role]
+    end
+
+    test "get_role!/1 returns the role with given id" do
+      role = role_fixture()
+      assert Ctx.get_role!(role.id) == role
+    end
+
+    test "create_role/1 with valid data creates a role" do
+      assert {:ok, %Role{} = role} = Ctx.create_role(@valid_attrs)
+      assert role.desc == "some desc"
+      assert role.name == "some name"
+    end
+
+    test "create_role/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = Ctx.create_role(@invalid_attrs)
+    end
+
+    test "update_role/2 with valid data updates the role" do
+      role = role_fixture()
+      assert {:ok, %Role{} = role} = Ctx.update_role(role, @update_attrs)
+      assert role.desc == "some updated desc"
+      assert role.name == "some updated name"
+    end
+
+    test "update_role/2 with invalid data returns error changeset" do
+      role = role_fixture()
+      assert {:error, %Ecto.Changeset{}} = Ctx.update_role(role, @invalid_attrs)
+      assert role == Ctx.get_role!(role.id)
+    end
+
+    test "delete_role/1 deletes the role" do
+      role = role_fixture()
+      assert {:ok, %Role{}} = Ctx.delete_role(role)
+      assert_raise Ecto.NoResultsError, fn -> Ctx.get_role!(role.id) end
+    end
+
+    test "change_role/1 returns a role changeset" do
+      role = role_fixture()
+      assert %Ecto.Changeset{} = Ctx.change_role(role)
+    end
+  end
+end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
new file mode 100644
index 00000000..97fe5a18
--- /dev/null
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -0,0 +1,88 @@
+defmodule AuthWeb.RoleControllerTest do
+  use AuthWeb.ConnCase
+
+  alias Auth.Ctx
+
+  @create_attrs %{desc: "some desc", name: "some name"}
+  @update_attrs %{desc: "some updated desc", name: "some updated name"}
+  @invalid_attrs %{desc: nil, name: nil}
+
+  def fixture(:role) do
+    {:ok, role} = Ctx.create_role(@create_attrs)
+    role
+  end
+
+  describe "index" do
+    test "lists all roles", %{conn: conn} do
+      conn = get(conn, Routes.role_path(conn, :index))
+      assert html_response(conn, 200) =~ "Listing Roles"
+    end
+  end
+
+  describe "new role" do
+    test "renders form", %{conn: conn} do
+      conn = get(conn, Routes.role_path(conn, :new))
+      assert html_response(conn, 200) =~ "New Role"
+    end
+  end
+
+  describe "create role" do
+    test "redirects to show when data is valid", %{conn: conn} do
+      conn = post(conn, Routes.role_path(conn, :create), role: @create_attrs)
+
+      assert %{id: id} = redirected_params(conn)
+      assert redirected_to(conn) == Routes.role_path(conn, :show, id)
+
+      conn = get(conn, Routes.role_path(conn, :show, id))
+      assert html_response(conn, 200) =~ "Show Role"
+    end
+
+    test "renders errors when data is invalid", %{conn: conn} do
+      conn = post(conn, Routes.role_path(conn, :create), role: @invalid_attrs)
+      assert html_response(conn, 200) =~ "New Role"
+    end
+  end
+
+  describe "edit role" do
+    setup [:create_role]
+
+    test "renders form for editing chosen role", %{conn: conn, role: role} do
+      conn = get(conn, Routes.role_path(conn, :edit, role))
+      assert html_response(conn, 200) =~ "Edit Role"
+    end
+  end
+
+  describe "update role" do
+    setup [:create_role]
+
+    test "redirects when data is valid", %{conn: conn, role: role} do
+      conn = put(conn, Routes.role_path(conn, :update, role), role: @update_attrs)
+      assert redirected_to(conn) == Routes.role_path(conn, :show, role)
+
+      conn = get(conn, Routes.role_path(conn, :show, role))
+      assert html_response(conn, 200) =~ "some updated desc"
+    end
+
+    test "renders errors when data is invalid", %{conn: conn, role: role} do
+      conn = put(conn, Routes.role_path(conn, :update, role), role: @invalid_attrs)
+      assert html_response(conn, 200) =~ "Edit Role"
+    end
+  end
+
+  describe "delete role" do
+    setup [:create_role]
+
+    test "deletes chosen role", %{conn: conn, role: role} do
+      conn = delete(conn, Routes.role_path(conn, :delete, role))
+      assert redirected_to(conn) == Routes.role_path(conn, :index)
+      assert_error_sent 404, fn ->
+        get(conn, Routes.role_path(conn, :show, role))
+      end
+    end
+  end
+
+  defp create_role(_) do
+    role = fixture(:role)
+    %{role: role}
+  end
+end

From 18be2a034141c73309c5e7bc36b9ee2ab92a5f10 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 22 Jul 2020 19:01:11 +0100
Subject: [PATCH 011/166] create permissions schema and resources #27 / #31

---
 lib/auth/ctx.ex                               | 96 +++++++++++++++++++
 lib/auth/ctx/permission.ex                    | 19 ++++
 .../controllers/permission_controller.ex      | 62 ++++++++++++
 lib/auth_web/router.ex                        |  2 +-
 .../templates/permission/edit.html.eex        |  5 +
 .../templates/permission/form.html.eex        | 19 ++++
 .../templates/permission/index.html.eex       | 28 ++++++
 .../templates/permission/new.html.eex         |  5 +
 .../templates/permission/show.html.eex        | 18 ++++
 lib/auth_web/views/permission_view.ex         |  3 +
 .../20200722180019_create_permissions.exs     | 15 +++
 test/auth/ctx_test.exs                        | 61 ++++++++++++
 .../permission_controller_test.exs            | 88 +++++++++++++++++
 13 files changed, 420 insertions(+), 1 deletion(-)
 create mode 100644 lib/auth/ctx/permission.ex
 create mode 100644 lib/auth_web/controllers/permission_controller.ex
 create mode 100644 lib/auth_web/templates/permission/edit.html.eex
 create mode 100644 lib/auth_web/templates/permission/form.html.eex
 create mode 100644 lib/auth_web/templates/permission/index.html.eex
 create mode 100644 lib/auth_web/templates/permission/new.html.eex
 create mode 100644 lib/auth_web/templates/permission/show.html.eex
 create mode 100644 lib/auth_web/views/permission_view.ex
 create mode 100644 priv/repo/migrations/20200722180019_create_permissions.exs
 create mode 100644 test/auth_web/controllers/permission_controller_test.exs

diff --git a/lib/auth/ctx.ex b/lib/auth/ctx.ex
index 2a07041c..d914f3db 100644
--- a/lib/auth/ctx.ex
+++ b/lib/auth/ctx.ex
@@ -101,4 +101,100 @@ defmodule Auth.Ctx do
   def change_role(%Role{} = role, attrs \\ %{}) do
     Role.changeset(role, attrs)
   end
+
+  alias Auth.Ctx.Permission
+
+  @doc """
+  Returns the list of permissions.
+
+  ## Examples
+
+      iex> list_permissions()
+      [%Permission{}, ...]
+
+  """
+  def list_permissions do
+    Repo.all(Permission)
+  end
+
+  @doc """
+  Gets a single permission.
+
+  Raises `Ecto.NoResultsError` if the Permission does not exist.
+
+  ## Examples
+
+      iex> get_permission!(123)
+      %Permission{}
+
+      iex> get_permission!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_permission!(id), do: Repo.get!(Permission, id)
+
+  @doc """
+  Creates a permission.
+
+  ## Examples
+
+      iex> create_permission(%{field: value})
+      {:ok, %Permission{}}
+
+      iex> create_permission(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_permission(attrs \\ %{}) do
+    %Permission{}
+    |> Permission.changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a permission.
+
+  ## Examples
+
+      iex> update_permission(permission, %{field: new_value})
+      {:ok, %Permission{}}
+
+      iex> update_permission(permission, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_permission(%Permission{} = permission, attrs) do
+    permission
+    |> Permission.changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a permission.
+
+  ## Examples
+
+      iex> delete_permission(permission)
+      {:ok, %Permission{}}
+
+      iex> delete_permission(permission)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_permission(%Permission{} = permission) do
+    Repo.delete(permission)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking permission changes.
+
+  ## Examples
+
+      iex> change_permission(permission)
+      %Ecto.Changeset{data: %Permission{}}
+
+  """
+  def change_permission(%Permission{} = permission, attrs \\ %{}) do
+    Permission.changeset(permission, attrs)
+  end
 end
diff --git a/lib/auth/ctx/permission.ex b/lib/auth/ctx/permission.ex
new file mode 100644
index 00000000..c321e880
--- /dev/null
+++ b/lib/auth/ctx/permission.ex
@@ -0,0 +1,19 @@
+defmodule Auth.Ctx.Permission do
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  schema "permissions" do
+    field :desc, :string
+    field :name, :string
+    field :person_id, :id
+
+    timestamps()
+  end
+
+  @doc false
+  def changeset(permission, attrs) do
+    permission
+    |> cast(attrs, [:name, :desc])
+    |> validate_required([:name, :desc])
+  end
+end
diff --git a/lib/auth_web/controllers/permission_controller.ex b/lib/auth_web/controllers/permission_controller.ex
new file mode 100644
index 00000000..2bc52e54
--- /dev/null
+++ b/lib/auth_web/controllers/permission_controller.ex
@@ -0,0 +1,62 @@
+defmodule AuthWeb.PermissionController do
+  use AuthWeb, :controller
+
+  alias Auth.Ctx
+  alias Auth.Ctx.Permission
+
+  def index(conn, _params) do
+    permissions = Ctx.list_permissions()
+    render(conn, "index.html", permissions: permissions)
+  end
+
+  def new(conn, _params) do
+    changeset = Ctx.change_permission(%Permission{})
+    render(conn, "new.html", changeset: changeset)
+  end
+
+  def create(conn, %{"permission" => permission_params}) do
+    case Ctx.create_permission(permission_params) do
+      {:ok, permission} ->
+        conn
+        |> put_flash(:info, "Permission created successfully.")
+        |> redirect(to: Routes.permission_path(conn, :show, permission))
+
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render(conn, "new.html", changeset: changeset)
+    end
+  end
+
+  def show(conn, %{"id" => id}) do
+    permission = Ctx.get_permission!(id)
+    render(conn, "show.html", permission: permission)
+  end
+
+  def edit(conn, %{"id" => id}) do
+    permission = Ctx.get_permission!(id)
+    changeset = Ctx.change_permission(permission)
+    render(conn, "edit.html", permission: permission, changeset: changeset)
+  end
+
+  def update(conn, %{"id" => id, "permission" => permission_params}) do
+    permission = Ctx.get_permission!(id)
+
+    case Ctx.update_permission(permission, permission_params) do
+      {:ok, permission} ->
+        conn
+        |> put_flash(:info, "Permission updated successfully.")
+        |> redirect(to: Routes.permission_path(conn, :show, permission))
+
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render(conn, "edit.html", permission: permission, changeset: changeset)
+    end
+  end
+
+  def delete(conn, %{"id" => id}) do
+    permission = Ctx.get_permission!(id)
+    {:ok, _permission} = Ctx.delete_permission(permission)
+
+    conn
+    |> put_flash(:info, "Permission deleted successfully.")
+    |> redirect(to: Routes.permission_path(conn, :index))
+  end
+end
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 298652a2..e16949c8 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -39,7 +39,7 @@ defmodule AuthWeb.Router do
 
     get "/profile", AuthController, :admin
     resources "/roles", RoleController
-    
+    resources "/permissions", PermissionController
     resources "/settings/apikeys", ApikeyController
   end
 
diff --git a/lib/auth_web/templates/permission/edit.html.eex b/lib/auth_web/templates/permission/edit.html.eex
new file mode 100644
index 00000000..1794189c
--- /dev/null
+++ b/lib/auth_web/templates/permission/edit.html.eex
@@ -0,0 +1,5 @@
+<h1>Edit Permission</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.permission_path(@conn, :update, @permission)) %>
+
+<span><%= link "Back", to: Routes.permission_path(@conn, :index) %></span>
diff --git a/lib/auth_web/templates/permission/form.html.eex b/lib/auth_web/templates/permission/form.html.eex
new file mode 100644
index 00000000..1339ceb1
--- /dev/null
+++ b/lib/auth_web/templates/permission/form.html.eex
@@ -0,0 +1,19 @@
+<%= form_for @changeset, @action, fn f -> %>
+  <%= if @changeset.action do %>
+    <div class="alert alert-danger">
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <%= label f, :name %>
+  <%= text_input f, :name %>
+  <%= error_tag f, :name %>
+
+  <%= label f, :desc %>
+  <%= text_input f, :desc %>
+  <%= error_tag f, :desc %>
+
+  <div>
+    <%= submit "Save" %>
+  </div>
+<% end %>
diff --git a/lib/auth_web/templates/permission/index.html.eex b/lib/auth_web/templates/permission/index.html.eex
new file mode 100644
index 00000000..b4277070
--- /dev/null
+++ b/lib/auth_web/templates/permission/index.html.eex
@@ -0,0 +1,28 @@
+<h1>Listing Permissions</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>Name</th>
+      <th>Desc</th>
+
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+<%= for permission <- @permissions do %>
+    <tr>
+      <td><%= permission.name %></td>
+      <td><%= permission.desc %></td>
+
+      <td>
+        <span><%= link "Show", to: Routes.permission_path(@conn, :show, permission) %></span>
+        <span><%= link "Edit", to: Routes.permission_path(@conn, :edit, permission) %></span>
+        <span><%= link "Delete", to: Routes.permission_path(@conn, :delete, permission), method: :delete, data: [confirm: "Are you sure?"] %></span>
+      </td>
+    </tr>
+<% end %>
+  </tbody>
+</table>
+
+<span><%= link "New Permission", to: Routes.permission_path(@conn, :new) %></span>
diff --git a/lib/auth_web/templates/permission/new.html.eex b/lib/auth_web/templates/permission/new.html.eex
new file mode 100644
index 00000000..736492b0
--- /dev/null
+++ b/lib/auth_web/templates/permission/new.html.eex
@@ -0,0 +1,5 @@
+<h1>New Permission</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.permission_path(@conn, :create)) %>
+
+<span><%= link "Back", to: Routes.permission_path(@conn, :index) %></span>
diff --git a/lib/auth_web/templates/permission/show.html.eex b/lib/auth_web/templates/permission/show.html.eex
new file mode 100644
index 00000000..cb78e3a1
--- /dev/null
+++ b/lib/auth_web/templates/permission/show.html.eex
@@ -0,0 +1,18 @@
+<h1>Show Permission</h1>
+
+<ul>
+
+  <li>
+    <strong>Name:</strong>
+    <%= @permission.name %>
+  </li>
+
+  <li>
+    <strong>Desc:</strong>
+    <%= @permission.desc %>
+  </li>
+
+</ul>
+
+<span><%= link "Edit", to: Routes.permission_path(@conn, :edit, @permission) %></span>
+<span><%= link "Back", to: Routes.permission_path(@conn, :index) %></span>
diff --git a/lib/auth_web/views/permission_view.ex b/lib/auth_web/views/permission_view.ex
new file mode 100644
index 00000000..52313083
--- /dev/null
+++ b/lib/auth_web/views/permission_view.ex
@@ -0,0 +1,3 @@
+defmodule AuthWeb.PermissionView do
+  use AuthWeb, :view
+end
diff --git a/priv/repo/migrations/20200722180019_create_permissions.exs b/priv/repo/migrations/20200722180019_create_permissions.exs
new file mode 100644
index 00000000..7c47cbad
--- /dev/null
+++ b/priv/repo/migrations/20200722180019_create_permissions.exs
@@ -0,0 +1,15 @@
+defmodule Auth.Repo.Migrations.CreatePermissions do
+  use Ecto.Migration
+
+  def change do
+    create table(:permissions) do
+      add :name, :string
+      add :desc, :string
+      add :person_id, references(:people, on_delete: :nothing)
+
+      timestamps()
+    end
+
+    create index(:permissions, [:person_id])
+  end
+end
diff --git a/test/auth/ctx_test.exs b/test/auth/ctx_test.exs
index b09034f3..ef89d285 100644
--- a/test/auth/ctx_test.exs
+++ b/test/auth/ctx_test.exs
@@ -63,4 +63,65 @@ defmodule Auth.CtxTest do
       assert %Ecto.Changeset{} = Ctx.change_role(role)
     end
   end
+
+  describe "permissions" do
+    alias Auth.Ctx.Permission
+
+    @valid_attrs %{desc: "some desc", name: "some name"}
+    @update_attrs %{desc: "some updated desc", name: "some updated name"}
+    @invalid_attrs %{desc: nil, name: nil}
+
+    def permission_fixture(attrs \\ %{}) do
+      {:ok, permission} =
+        attrs
+        |> Enum.into(@valid_attrs)
+        |> Ctx.create_permission()
+
+      permission
+    end
+
+    test "list_permissions/0 returns all permissions" do
+      permission = permission_fixture()
+      assert Ctx.list_permissions() == [permission]
+    end
+
+    test "get_permission!/1 returns the permission with given id" do
+      permission = permission_fixture()
+      assert Ctx.get_permission!(permission.id) == permission
+    end
+
+    test "create_permission/1 with valid data creates a permission" do
+      assert {:ok, %Permission{} = permission} = Ctx.create_permission(@valid_attrs)
+      assert permission.desc == "some desc"
+      assert permission.name == "some name"
+    end
+
+    test "create_permission/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = Ctx.create_permission(@invalid_attrs)
+    end
+
+    test "update_permission/2 with valid data updates the permission" do
+      permission = permission_fixture()
+      assert {:ok, %Permission{} = permission} = Ctx.update_permission(permission, @update_attrs)
+      assert permission.desc == "some updated desc"
+      assert permission.name == "some updated name"
+    end
+
+    test "update_permission/2 with invalid data returns error changeset" do
+      permission = permission_fixture()
+      assert {:error, %Ecto.Changeset{}} = Ctx.update_permission(permission, @invalid_attrs)
+      assert permission == Ctx.get_permission!(permission.id)
+    end
+
+    test "delete_permission/1 deletes the permission" do
+      permission = permission_fixture()
+      assert {:ok, %Permission{}} = Ctx.delete_permission(permission)
+      assert_raise Ecto.NoResultsError, fn -> Ctx.get_permission!(permission.id) end
+    end
+
+    test "change_permission/1 returns a permission changeset" do
+      permission = permission_fixture()
+      assert %Ecto.Changeset{} = Ctx.change_permission(permission)
+    end
+  end
 end
diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
new file mode 100644
index 00000000..a087b14a
--- /dev/null
+++ b/test/auth_web/controllers/permission_controller_test.exs
@@ -0,0 +1,88 @@
+defmodule AuthWeb.PermissionControllerTest do
+  use AuthWeb.ConnCase
+
+  alias Auth.Ctx
+
+  @create_attrs %{desc: "some desc", name: "some name"}
+  @update_attrs %{desc: "some updated desc", name: "some updated name"}
+  @invalid_attrs %{desc: nil, name: nil}
+
+  def fixture(:permission) do
+    {:ok, permission} = Ctx.create_permission(@create_attrs)
+    permission
+  end
+
+  describe "index" do
+    test "lists all permissions", %{conn: conn} do
+      conn = get(conn, Routes.permission_path(conn, :index))
+      assert html_response(conn, 200) =~ "Listing Permissions"
+    end
+  end
+
+  describe "new permission" do
+    test "renders form", %{conn: conn} do
+      conn = get(conn, Routes.permission_path(conn, :new))
+      assert html_response(conn, 200) =~ "New Permission"
+    end
+  end
+
+  describe "create permission" do
+    test "redirects to show when data is valid", %{conn: conn} do
+      conn = post(conn, Routes.permission_path(conn, :create), permission: @create_attrs)
+
+      assert %{id: id} = redirected_params(conn)
+      assert redirected_to(conn) == Routes.permission_path(conn, :show, id)
+
+      conn = get(conn, Routes.permission_path(conn, :show, id))
+      assert html_response(conn, 200) =~ "Show Permission"
+    end
+
+    test "renders errors when data is invalid", %{conn: conn} do
+      conn = post(conn, Routes.permission_path(conn, :create), permission: @invalid_attrs)
+      assert html_response(conn, 200) =~ "New Permission"
+    end
+  end
+
+  describe "edit permission" do
+    setup [:create_permission]
+
+    test "renders form for editing chosen permission", %{conn: conn, permission: permission} do
+      conn = get(conn, Routes.permission_path(conn, :edit, permission))
+      assert html_response(conn, 200) =~ "Edit Permission"
+    end
+  end
+
+  describe "update permission" do
+    setup [:create_permission]
+
+    test "redirects when data is valid", %{conn: conn, permission: permission} do
+      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+      assert redirected_to(conn) == Routes.permission_path(conn, :show, permission)
+
+      conn = get(conn, Routes.permission_path(conn, :show, permission))
+      assert html_response(conn, 200) =~ "some updated desc"
+    end
+
+    test "renders errors when data is invalid", %{conn: conn, permission: permission} do
+      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+      assert html_response(conn, 200) =~ "Edit Permission"
+    end
+  end
+
+  describe "delete permission" do
+    setup [:create_permission]
+
+    test "deletes chosen permission", %{conn: conn, permission: permission} do
+      conn = delete(conn, Routes.permission_path(conn, :delete, permission))
+      assert redirected_to(conn) == Routes.permission_path(conn, :index)
+      assert_error_sent 404, fn ->
+        get(conn, Routes.permission_path(conn, :show, permission))
+      end
+    end
+  end
+
+  defp create_permission(_) do
+    permission = fixture(:permission)
+    %{permission: permission}
+  end
+end

From e961a173365837edd15c0ce4b15c8f4d59a07b6d Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 11:57:38 +0100
Subject: [PATCH 012/166] add AuthTest.admin_login/1 helper function to login
 as admin https://github.com/dwyl/auth/issues/27#issuecomment-662895801

---
 test/test_helper.exs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/test/test_helper.exs b/test/test_helper.exs
index 26689cc8..c4d0d2a0 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -1,2 +1,17 @@
 ExUnit.start()
 Ecto.Adapters.SQL.Sandbox.mode(Auth.Repo, :manual)
+
+
+defmodule AuthTest do
+  @moduledoc """
+  Test helper functions :-)
+  """
+  @admin_email System.get_env("ADMIN_EMAIL")
+  @doc """
+  add a valid JWT/session to the conn for routes that require auth as "SuperAdmin"
+  """
+  def admin_login(conn) do
+    person = Auth.Person.get_person_by_email(@admin_email)
+    AuthPlug.create_jwt_session(conn, person)
+  end
+end
\ No newline at end of file

From a202d73ea3e777cf63e1bf3ad74aa061534818a4 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 11:58:56 +0100
Subject: [PATCH 013/166] import AuthTest helper function in conn_case.ex so
 helper functions are available in all tests #27

---
 test/support/conn_case.ex | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index f453f883..07e74d03 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -22,6 +22,9 @@ defmodule AuthWeb.ConnCase do
       # Import conveniences for testing with connections
       import Plug.Conn
       import Phoenix.ConnTest
+      # AuthTest is defined in test_helpers.exs
+      # as per https://stackoverflow.com/a/58902158/1148249
+      import AuthTest 
       alias AuthWeb.Router.Helpers, as: Routes
 
       # The default endpoint for testing

From 39ff5c1ac3f5b3fbf7cff45c3448c51804fd2a88 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 12:07:51 +0100
Subject: [PATCH 014/166] add admin_login/1 to all Role routes for RBAC #27 /
 #31

---
 .../controllers/role_controller_test.exs      | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 97fe5a18..f18c9b56 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -14,21 +14,22 @@ defmodule AuthWeb.RoleControllerTest do
 
   describe "index" do
     test "lists all roles", %{conn: conn} do
-      conn = get(conn, Routes.role_path(conn, :index))
+      conn = admin_login(conn) |> get(Routes.role_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Roles"
     end
   end
 
   describe "new role" do
     test "renders form", %{conn: conn} do
-      conn = get(conn, Routes.role_path(conn, :new))
+      conn = admin_login(conn) |> get(Routes.role_path(conn, :new))
       assert html_response(conn, 200) =~ "New Role"
     end
   end
 
   describe "create role" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn = post(conn, Routes.role_path(conn, :create), role: @create_attrs)
+      conn = admin_login(conn) 
+      |> post(Routes.role_path(conn, :create), role: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.role_path(conn, :show, id)
@@ -38,7 +39,8 @@ defmodule AuthWeb.RoleControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn = post(conn, Routes.role_path(conn, :create), role: @invalid_attrs)
+      conn = admin_login(conn) 
+      |> post(Routes.role_path(conn, :create), role: @invalid_attrs)
       assert html_response(conn, 200) =~ "New Role"
     end
   end
@@ -47,7 +49,8 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "renders form for editing chosen role", %{conn: conn, role: role} do
-      conn = get(conn, Routes.role_path(conn, :edit, role))
+      conn = admin_login(conn) 
+      |> get(Routes.role_path(conn, :edit, role))
       assert html_response(conn, 200) =~ "Edit Role"
     end
   end
@@ -56,7 +59,8 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "redirects when data is valid", %{conn: conn, role: role} do
-      conn = put(conn, Routes.role_path(conn, :update, role), role: @update_attrs)
+      conn = admin_login(conn) 
+      |> put(Routes.role_path(conn, :update, role), role: @update_attrs)
       assert redirected_to(conn) == Routes.role_path(conn, :show, role)
 
       conn = get(conn, Routes.role_path(conn, :show, role))
@@ -64,7 +68,8 @@ defmodule AuthWeb.RoleControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, role: role} do
-      conn = put(conn, Routes.role_path(conn, :update, role), role: @invalid_attrs)
+      conn = admin_login(conn) 
+      |> put(Routes.role_path(conn, :update, role), role: @invalid_attrs)
       assert html_response(conn, 200) =~ "Edit Role"
     end
   end
@@ -73,7 +78,8 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "deletes chosen role", %{conn: conn, role: role} do
-      conn = delete(conn, Routes.role_path(conn, :delete, role))
+      conn = admin_login(conn) 
+      |> delete(Routes.role_path(conn, :delete, role))
       assert redirected_to(conn) == Routes.role_path(conn, :index)
       assert_error_sent 404, fn ->
         get(conn, Routes.role_path(conn, :show, role))

From f468b4d3637adf4726b358e0c57b1ceada72cbd3 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 12:37:49 +0100
Subject: [PATCH 015/166] add admin_login/1 to all permissions tests #27 / #31

---
 role-based-access-control.md                  | 15 +++++++-----
 .../controllers/apikey_controller_test.exs    | 12 ++++------
 .../permission_controller_test.exs            | 23 ++++++++++++-------
 3 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/role-based-access-control.md b/role-based-access-control.md
index 66ceb558..8a909a49 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -1,13 +1,16 @@
-# Role Based Access Control (RBAC)
+# Role Based Access Control (RBAC)
 
 _Understand_ the fundamentals of Role Based Access Control (RBAC)
+so that you can easily control who has access to what in your App.
 
 ## Why?
 
 RBAC lets you easily manage roles and permissions in any application
-and see at a glance exactly permissions a person has in the system.
+and see at a glance exactly what permissions a person has.
 It reduces complexity over traditional
-Access Control List (ACL) based permissions systems. 
+Access Control List (ACL) based permissions systems
+and helps everyone building and maintaining the app
+to focus on security.
 
 
 ## What?
@@ -53,9 +56,9 @@ should learn about RBAC.
 
 ## _How_?
 
-Before creating any roles,
-you will need to have a baseline schema including people
-as people will be referenced by roles.
+_Before_ creating any roles,
+you will need to have a baseline schema including **`people`**
+as **`person.id`** will be referenced by roles.
 
 If you don't already have these schemas/tables,
 see: https://github.com/dwyl/app-mvp-phoenix#create-schemas
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 2f4d26d6..38c73115 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -74,8 +74,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   #
   describe "index" do
     test "lists all apikeys", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, %{email: @email, id: person.id})
+      conn = admin_login(conn)
       |> get(Routes.apikey_path(conn, :index))
 
       assert html_response(conn, 200) =~ "Auth API Keys"
@@ -84,9 +83,7 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "new apikey" do
     test "renders form", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-
-      conn = AuthPlug.create_jwt_session(conn, %{email: @email, id: person.id})
+      conn = admin_login(conn)
       |> get(Routes.apikey_path(conn, :new))
 
       assert html_response(conn, 200) =~ "New Apikey"
@@ -95,8 +92,7 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "create apikey" do
     test "redirects to show when data is valid", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
       |> post(Routes.apikey_path(conn, :create), apikey: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
@@ -118,7 +114,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   describe "edit apikey" do
     test "renders form for editing chosen apikey", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
index a087b14a..47e00bb9 100644
--- a/test/auth_web/controllers/permission_controller_test.exs
+++ b/test/auth_web/controllers/permission_controller_test.exs
@@ -14,21 +14,23 @@ defmodule AuthWeb.PermissionControllerTest do
 
   describe "index" do
     test "lists all permissions", %{conn: conn} do
-      conn = get(conn, Routes.permission_path(conn, :index))
+      conn = admin_login(conn) |> get(Routes.permission_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Permissions"
     end
   end
 
   describe "new permission" do
     test "renders form", %{conn: conn} do
-      conn = get(conn, Routes.permission_path(conn, :new))
+      conn = admin_login(conn) |> get(Routes.permission_path(conn, :new))
       assert html_response(conn, 200) =~ "New Permission"
     end
   end
 
   describe "create permission" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn = post(conn, Routes.permission_path(conn, :create), permission: @create_attrs)
+
+      conn = admin_login(conn) 
+      |> post(Routes.permission_path(conn, :create), permission: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.permission_path(conn, :show, id)
@@ -38,7 +40,8 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn = post(conn, Routes.permission_path(conn, :create), permission: @invalid_attrs)
+      conn =  admin_login(conn) 
+      |> post(Routes.permission_path(conn, :create), permission: @invalid_attrs)
       assert html_response(conn, 200) =~ "New Permission"
     end
   end
@@ -47,7 +50,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "renders form for editing chosen permission", %{conn: conn, permission: permission} do
-      conn = get(conn, Routes.permission_path(conn, :edit, permission))
+      conn =  admin_login(conn) 
+      |> get(Routes.permission_path(conn, :edit, permission))
       assert html_response(conn, 200) =~ "Edit Permission"
     end
   end
@@ -56,7 +60,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "redirects when data is valid", %{conn: conn, permission: permission} do
-      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+      conn =  admin_login(conn) 
+      |> put(Routes.permission_path(conn, :update, permission), permission: @update_attrs)
       assert redirected_to(conn) == Routes.permission_path(conn, :show, permission)
 
       conn = get(conn, Routes.permission_path(conn, :show, permission))
@@ -64,7 +69,8 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, permission: permission} do
-      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+      conn =  admin_login(conn) 
+      |> put(Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
       assert html_response(conn, 200) =~ "Edit Permission"
     end
   end
@@ -73,7 +79,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "deletes chosen permission", %{conn: conn, permission: permission} do
-      conn = delete(conn, Routes.permission_path(conn, :delete, permission))
+      conn = admin_login(conn) 
+      |> delete(Routes.permission_path(conn, :delete, permission))
       assert redirected_to(conn) == Routes.permission_path(conn, :index)
       assert_error_sent 404, fn ->
         get(conn, Routes.permission_path(conn, :show, permission))

From 2a3c361e87cbe4fadbd6beda2eef989299c48a53 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 13:48:55 +0100
Subject: [PATCH 016/166] add table listing 7 default roles to rbac doc #82

---
 role-based-access-control.md | 49 ++++++++++++++++++++++++++++++++----
 1 file changed, 44 insertions(+), 5 deletions(-)

diff --git a/role-based-access-control.md b/role-based-access-control.md
index 8a909a49..a064e4e9 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -22,7 +22,7 @@ to manage the permissions assigned to the people using the App(s).
 Each role granted just enough flexibility and permissions 
 to perform the tasks required for their job, 
 this helps enforce the 
-[principal of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege)
+[principal of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
 
 The RBAC methodology is based on a set of three principal rules 
 that govern access to systems:
@@ -40,7 +40,7 @@ The purpose of role authorization
 is to ensure that people can only assume a role 
 for which they have been given the appropriate authorization. 
 When a person assumes a role, 
-they must do so with authorization from an administrator.
+they must do so with authorization from an admin.
 
 3. **Transaction Authorization**: 
 An operation can only be completed 
@@ -48,6 +48,35 @@ if the person attempting to complete the transaction
 possesses the appropriate role.
 
 
+### Default Roles
+
+We have defined the following 7 `default` roles based on our experience/research 
+into RBAC systems of several of the most popular applications
+including both "enterprise" (closed source) and popular open source CRM/CMS apps.
+
+| **`id`** | **`name`** | **`desc`** | `person_id` |
+| -------- | ---------- | ---------- | ----------- |
+| `1` | superadmin | Can **`CREATE`** new roles. Can **`CREATE`**, **`UPDATE`** and **`DELETE`** Any content. Can **`PURGE`** deleted items. Can "ban" any user including people with "Admin" Role. | 1 |
+| `2` | admin | Can **create** new roles and **assign** existing roles. Can **`CREATE`**, **`UPDATE`** and **`DELETE`** any content. Can "ban" any user except people with "admin" Role. Can see deleted content and un-delete it. Cannot _purge_ deleted. This guarantees audit-trail. | 1 | 
+| `3` | editor | Can **`CREATE`** and **`UPDATE`** _Any_ content. Can **"`DELETE`"** content. Cannot _see_ deleted content. | 1 |
+| `4` | creator | Can **`CREATE`** content. Can **`UPDATE`** their _own_ content. Can **`DELETE`** their _own_ content. | 1 |
+| `5` | commenter | Can **`COMMENT`** on content that has commenting enabled. | 1 |
+| `6` | subscriber | Can **`SUBSCRIBE`** to receive updates (e.g: newsletter), but has either not verified their account or has made negative comments and is therefore _not_ allowed to comment. | 1 |
+| `7` | banned | Can login and see their past content. Cannot create any new content. Can see the _reason_ for their banning (_which the Admin has to write when performing the "ban user" action. usually linked to a specific action the person performed like a particularly unacceptable comment._) | 1 | 
+
+The first 3 roles closely matches WordPress: 
+https://wordpress.org/support/article/roles-and-capabilities
+We have renamed "author" to "creator" to emphasize the creative part
+and the fact that we will allow for various types of content not just "posts".
+We have added a "**commenter** role as an "upgrade" to **subscriber**,
+to indicate that the person has the ability to _comment_ on content.
+Finally, we have added the concept of a "**banned**" role
+that still allows the person to login and view their _own_ content,
+but they have no other privileges.
+
+
+
+
 ## Who?
 
 Anyone who is interested in developing secure multi-user applications
@@ -64,7 +93,10 @@ If you don't already have these schemas/tables,
 see: https://github.com/dwyl/app-mvp-phoenix#create-schemas
 
 
-Let's create the Database Schemas (Tables) to store our RBAC data,
+### Create `Roles` and `Permissions` Schemas
+
+Let's create the Database Schemas (Tables) 
+to store our RBAC data,
 starting with **`Roles`**:
 
 ```
@@ -76,14 +108,20 @@ Next create the permissions schema:
 mix phx.gen.html Ctx Permission permissions name:string desc:string person_id:references:people
 ```
 
-Next create the **`many-to-many`** relationship between roles and permissions.
+We placed the roles and permissions resources in an **`auth`** pipeline
+because we only want people with **`superadmin`** role to access them.
+
+
+### Create Associations
+
+Next create the **`many-to-many`** relationship 
+between roles and permissions.
 
 ```
 mix ecto.gen.migration create_role_permissions
 ```
 
 
-
 Now create the **`many-to-many`** relationship between people and roles:
 
 ```
@@ -93,6 +131,7 @@ mix ecto.gen.migration create_people_roles
 
 
 
+
 ## Recommended Reading
 
 + https://en.wikipedia.org/wiki/Role-based_access_control

From 2b7a66d69d83ab640bbc97c57943ca092e49547c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 15:51:01 +0100
Subject: [PATCH 017/166] mix ecto.gen.migration create_role_permissions #27
 /#31

---
 ...20200723143204_create_role_permissions.exs | 14 ++++++
 role-based-access-control.md                  | 47 ++++++++++++++-----
 2 files changed, 50 insertions(+), 11 deletions(-)
 create mode 100644 priv/repo/migrations/20200723143204_create_role_permissions.exs

diff --git a/priv/repo/migrations/20200723143204_create_role_permissions.exs b/priv/repo/migrations/20200723143204_create_role_permissions.exs
new file mode 100644
index 00000000..30e23849
--- /dev/null
+++ b/priv/repo/migrations/20200723143204_create_role_permissions.exs
@@ -0,0 +1,14 @@
+defmodule Auth.Repo.Migrations.CreateRolePermissions do
+  use Ecto.Migration
+
+  def change do
+    create table(:role_permissions) do
+      add :role_id, references(:roles)
+      add :permission_id, references(:permissions)
+  
+      timestamps()
+    end
+  
+    create unique_index(:role_permissionss, [:role_id, :permission_id])
+  end
+end
diff --git a/role-based-access-control.md b/role-based-access-control.md
index a064e4e9..c8b9d50c 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -65,9 +65,10 @@ including both "enterprise" (closed source) and popular open source CRM/CMS apps
 | `7` | banned | Can login and see their past content. Cannot create any new content. Can see the _reason_ for their banning (_which the Admin has to write when performing the "ban user" action. usually linked to a specific action the person performed like a particularly unacceptable comment._) | 1 | 
 
 The first 3 roles closely matches WordPress: 
-https://wordpress.org/support/article/roles-and-capabilities
-We have renamed "author" to "creator" to emphasize the creative part
-and the fact that we will allow for various types of content not just "posts".
+https://wordpress.org/support/article/roles-and-capabilities <br />
+We have renamed "author" to "creator" to emphasize that creating content 
+is more than just "authoring" text. 
+There will be various types of content not just "posts".
 We have added a "**commenter** role as an "upgrade" to **subscriber**,
 to indicate that the person has the ability to _comment_ on content.
 Finally, we have added the concept of a "**banned**" role
@@ -75,11 +76,10 @@ that still allows the person to login and view their _own_ content,
 but they have no other privileges.
 
 
-
-
 ## Who?
 
-Anyone who is interested in developing secure multi-user applications
+Anyone who is interested in developing and _maintaining_ 
+secure multi-person applications
 should learn about RBAC.
 
 
@@ -108,11 +108,14 @@ Next create the permissions schema:
 mix phx.gen.html Ctx Permission permissions name:string desc:string person_id:references:people
 ```
 
-We placed the roles and permissions resources in an **`auth`** pipeline
+We placed the roles and permissions resources in an **`:auth`** pipeline
 because we only want people with **`superadmin`** role to access them.
+See: 
+[`/lib/auth_web/router.ex#L41-L43`](https://github.com/dwyl/auth/blob/2a3c361e87cbe4fadbd6beda2eef989299c48a53/lib/auth_web/router.ex#L41-L42)
 
 
-### Create Associations
+
+### Create Roles<->Permissions Associations
 
 Next create the **`many-to-many`** relationship 
 between roles and permissions.
@@ -121,8 +124,31 @@ between roles and permissions.
 mix ecto.gen.migration create_role_permissions
 ```
 
+Open the file that was just created, e.g: 
+[`priv/repo/migrations/20200723143204_create_role_permissions.exs`]()
+
+And replace the contents with:
+```elixir
+defmodule Auth.Repo.Migrations.CreateRolePermissions do
+  use Ecto.Migration
+
+  def change do
+    create table(:role_permissions) do
+      add :role_id, references(:roles)
+      add :permission_id, references(:permissions)
+  
+      timestamps()
+    end
+  
+    create unique_index(:role_permissionss, [:role_id, :permission_id])
+  end
+end
+```
+
+
 
-Now create the **`many-to-many`** relationship between people and roles:
+Now create the **`many-to-many`** relationship 
+between **`people`** and **`roles`**:
 
 ```
 mix ecto.gen.migration create_people_roles
@@ -130,10 +156,9 @@ mix ecto.gen.migration create_people_roles
 
 
 
-
-
 ## Recommended Reading
 
 + https://en.wikipedia.org/wiki/Role-based_access_control
 + https://www.sumologic.com/glossary/role-based-access-control
 + https://medium.com/@adriennedomingus/role-based-access-control-rbac-permissions-vs-roles-55f1f0051468
++ https://digitalguardian.com/blog/what-role-based-access-control-rbac-examples-benefits-and-more
\ No newline at end of file

From b6e4a5fa74b14298de3920ea0ae4832844691328 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 23 Jul 2020 16:55:34 +0100
Subject: [PATCH 018/166] mix ecto.gen.migration create_people_roles for rbac
 #27 / #31

---
 ...20200723143204_create_role_permissions.exs |  6 +--
 .../20200723154847_create_people_roles.exs    | 14 ++++++
 role-based-access-control.md                  | 46 ++++++++++++++-----
 3 files changed, 52 insertions(+), 14 deletions(-)
 create mode 100644 priv/repo/migrations/20200723154847_create_people_roles.exs

diff --git a/priv/repo/migrations/20200723143204_create_role_permissions.exs b/priv/repo/migrations/20200723143204_create_role_permissions.exs
index 30e23849..8068670c 100644
--- a/priv/repo/migrations/20200723143204_create_role_permissions.exs
+++ b/priv/repo/migrations/20200723143204_create_role_permissions.exs
@@ -3,12 +3,12 @@ defmodule Auth.Repo.Migrations.CreateRolePermissions do
 
   def change do
     create table(:role_permissions) do
-      add :role_id, references(:roles)
-      add :permission_id, references(:permissions)
+      add :role_id, references(:roles, on_delete: :nothing)
+      add :permission_id, references(:permissions, on_delete: :nothing)
   
       timestamps()
     end
   
-    create unique_index(:role_permissionss, [:role_id, :permission_id])
+    create unique_index(:role_permissions, [:role_id, :permission_id])
   end
 end
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
new file mode 100644
index 00000000..df56d4a9
--- /dev/null
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -0,0 +1,14 @@
+defmodule Auth.Repo.Migrations.CreatePeopleRoles do
+  use Ecto.Migration
+
+  def change do
+    create table(:people_roles) do
+      add :person_id, references(:people, on_delete: :nothing)
+      add :role_id, references(:roles, on_delete: :nothing)
+  
+      timestamps()
+    end
+  
+    create unique_index(:people_roles, [:person_id, :role_id])
+  end
+end
diff --git a/role-based-access-control.md b/role-based-access-control.md
index c8b9d50c..8ad6000d 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -12,6 +12,13 @@ Access Control List (ACL) based permissions systems
 and helps everyone building and maintaining the app
 to focus on security.
 
+## _Who_?
+
+This document is relevant to anyone 
+that is interested in developing and _maintaining_ 
+secure multi-person applications
+should learn about RBAC.
+
 
 ## What?
 
@@ -76,13 +83,6 @@ that still allows the person to login and view their _own_ content,
 but they have no other privileges.
 
 
-## Who?
-
-Anyone who is interested in developing and _maintaining_ 
-secure multi-person applications
-should learn about RBAC.
-
-
 ## _How_?
 
 _Before_ creating any roles,
@@ -134,18 +134,18 @@ defmodule Auth.Repo.Migrations.CreateRolePermissions do
 
   def change do
     create table(:role_permissions) do
-      add :role_id, references(:roles)
-      add :permission_id, references(:permissions)
+      add :role_id, references(:roles, on_delete: :nothing)
+      add :permission_id, references(:permissions, on_delete: :nothing)
   
       timestamps()
     end
   
-    create unique_index(:role_permissionss, [:role_id, :permission_id])
+    create unique_index(:role_permissions, [:role_id, :permission_id])
   end
 end
 ```
 
-
+### Create People<->Roles Associations
 
 Now create the **`many-to-many`** relationship 
 between **`people`** and **`roles`**:
@@ -154,6 +154,30 @@ between **`people`** and **`roles`**:
 mix ecto.gen.migration create_people_roles
 ```
 
+Open the migration file that was just created, e.g: 
+[`/Users/n/code/auth/priv/repo/migrations/20200723154847_create_people_roles.exs`]()
+
+
+Replace the contents of the file with the following code:
+
+```elixir
+defmodule Auth.Repo.Migrations.CreatePeopleRoles do
+  use Ecto.Migration
+
+  def change do
+    create table(:people_roles) do
+      add :person_id, references(:people, on_delete: :nothing)
+      add :role_id, references(:roles, on_delete: :nothing)
+  
+      timestamps()
+    end
+  
+    create unique_index(:people_roles, [:person_id, :role_id])
+  end
+end
+```
+
+
 
 
 ## Recommended Reading

From eab02919fe95c337c751f55f3048e72c126bc4f6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 24 Jul 2020 16:12:52 +0100
Subject: [PATCH 019/166] add "granter" (person who grants a permission/role)
 to association tables #31

---
 .../migrations/20200723143204_create_role_permissions.exs     | 1 +
 priv/repo/migrations/20200723154847_create_people_roles.exs   | 1 +
 role-based-access-control.md                                  | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/priv/repo/migrations/20200723143204_create_role_permissions.exs b/priv/repo/migrations/20200723143204_create_role_permissions.exs
index 8068670c..2651ee17 100644
--- a/priv/repo/migrations/20200723143204_create_role_permissions.exs
+++ b/priv/repo/migrations/20200723143204_create_role_permissions.exs
@@ -5,6 +5,7 @@ defmodule Auth.Repo.Migrations.CreateRolePermissions do
     create table(:role_permissions) do
       add :role_id, references(:roles, on_delete: :nothing)
       add :permission_id, references(:permissions, on_delete: :nothing)
+      add :granter, references(:people, on_delete: :nothing)
   
       timestamps()
     end
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
index df56d4a9..8d69b222 100644
--- a/priv/repo/migrations/20200723154847_create_people_roles.exs
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -5,6 +5,7 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
     create table(:people_roles) do
       add :person_id, references(:people, on_delete: :nothing)
       add :role_id, references(:roles, on_delete: :nothing)
+      add :granter, references(:people, on_delete: :nothing)
   
       timestamps()
     end
diff --git a/role-based-access-control.md b/role-based-access-control.md
index 8ad6000d..0e846215 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -136,6 +136,7 @@ defmodule Auth.Repo.Migrations.CreateRolePermissions do
     create table(:role_permissions) do
       add :role_id, references(:roles, on_delete: :nothing)
       add :permission_id, references(:permissions, on_delete: :nothing)
+      add :granter, references(:people, on_delete: :nothing)
   
       timestamps()
     end
@@ -168,6 +169,7 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
     create table(:people_roles) do
       add :person_id, references(:people, on_delete: :nothing)
       add :role_id, references(:roles, on_delete: :nothing)
+      add :granter, references(:people, on_delete: :nothing)
   
       timestamps()
     end
@@ -177,6 +179,8 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
 end
 ```
 
+This 
+
 
 
 

From f03c050b798fa942ddc44ce072e52ab8a3db89e6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 24 Jul 2020 22:59:39 +0100
Subject: [PATCH 020/166] write AUTH_API_KEY to .env file during setup
 (seeds.exs) fixes #87

---
 priv/repo/seeds.exs | 39 +++++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index d2c05421..dabc37ff 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -40,7 +40,6 @@ defmodule Auth.Seeds do
       %{
         "name" => "system admin key",
         "description" => "Created by /priv/repo/seeds.exs during setup.",
-        # the default host in %Plug.Conn
         "url" => "localhost:4000"
       }
       |> AuthWeb.ApikeyController.make_apikey(person.id)
@@ -48,18 +47,38 @@ defmodule Auth.Seeds do
 
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY during test run:
-    System.put_env("AUTH_API_KEY", api_key)
+    write_env("AUTH_API_KEY", api_key)
+  end
 
-    if(Mix.env() == :test) do
-      # don't print noise during tests
-    else
-      IO.puts("Remember to set the AUTH_API_KEY environment variable:")
-      IO.puts("export AUTH_API_KEY=#{api_key}")
-      IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
-    end
-    key
+  # write the key:value pair to project .env file
+  def write_env(key, value) do
+    path = File.cwd! <> "/.env"
+    {:ok, data} = File.read(path)
+
+    lines = String.split(data, "\n") 
+    |> Enum.filter(fn line -> 
+      not String.contains?(line, key)  
+    end)
+    str = "export #{key}=#{value}" # |> IO.inspect
+    vars = lines ++ [str]
+    content = Enum.join(vars, "\n")
+    File.write!(path, content) |> File.close()
+    env(vars)
+  end
+
+  # export all the environment variables during app excution/tests
+  def env(vars) do
+    Enum.map(vars, fn line ->
+      parts = line
+      |> String.replace("export ", "")
+      |> String.replace("'", "")
+      |> String.split("=")
+
+      System.put_env(List.first(parts), List.last(parts))
+    end)
   end
 end
 
+
 Auth.Seeds.create_admin()
 |> Auth.Seeds.create_apikey_for_admin()

From b60522a15b76dda172eb3cd4e35527c31c1bc2fd Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 24 Jul 2020 23:08:42 +0100
Subject: [PATCH 021/166] add debug IO.inspect in write_env/2 #87
 https://travis-ci.org/github/dwyl/auth/builds/711606595#L391

---
 priv/repo/seeds.exs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index dabc37ff..0ba4218a 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -52,7 +52,9 @@ defmodule Auth.Seeds do
 
   # write the key:value pair to project .env file
   def write_env(key, value) do
+    IO.inspect(File.cwd!)
     path = File.cwd! <> "/.env"
+    IO.inspect(path, label: "path")
     {:ok, data} = File.read(path)
 
     lines = String.split(data, "\n") 

From 1762d43ad2ce4fcc55914dc66aaab13f44c1d706 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 24 Jul 2020 23:12:22 +0100
Subject: [PATCH 022/166] obviously the .env file doesnt exist on Travis-CI #87
 https://travis-ci.org/github/dwyl/auth/builds/711608673#L386

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 4170a96a..ef74634f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,6 +8,7 @@ services:
 env:
   - MIX_ENV=test
 before_script:
+  - echo "export MIX_ENV=test" > .env
   - mix ecto.setup
 script:
   - mix do deps.get, coveralls.json

From 5ec8568edd50c2d3398caa4c6f5e86276eeea687 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 24 Jul 2020 23:35:35 +0100
Subject: [PATCH 023/166] debugging why tests are failing #87
 https://travis-ci.org/github/dwyl/auth/builds/711609239#L458

---
 priv/repo/seeds.exs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 0ba4218a..d442c433 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -56,6 +56,7 @@ defmodule Auth.Seeds do
     path = File.cwd! <> "/.env"
     IO.inspect(path, label: "path")
     {:ok, data} = File.read(path)
+    # IO.inspect(data)
 
     lines = String.split(data, "\n") 
     |> Enum.filter(fn line -> 
@@ -76,6 +77,7 @@ defmodule Auth.Seeds do
       |> String.replace("'", "")
       |> String.split("=")
 
+      IO.inspect(List.last(parts), label: List.first(parts))
       System.put_env(List.first(parts), List.last(parts))
     end)
   end

From 8f192b12f4efa92872d388d908862c6ebcb678c9 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 25 Jul 2020 11:35:08 +0100
Subject: [PATCH 024/166] move Role related helper functions out of Ctx #86

---
 .travis.yml                                   |   1 +
 lib/auth/ctx.ex                               |  96 --------------
 lib/auth/ctx/role.ex                          |  19 ---
 lib/auth/role.ex                              | 119 ++++++++++++++++++
 lib/auth_web/controllers/role_controller.ex   |  23 ++--
 priv/repo/create_default_roles.exs            |   4 +
 priv/repo/seeds.exs                           |   4 +-
 .../controllers/role_controller_test.exs      |   4 +-
 8 files changed, 139 insertions(+), 131 deletions(-)
 delete mode 100644 lib/auth/ctx/role.ex
 create mode 100644 lib/auth/role.ex
 create mode 100644 priv/repo/create_default_roles.exs

diff --git a/.travis.yml b/.travis.yml
index ef74634f..48d8f989 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,6 +8,7 @@ services:
 env:
   - MIX_ENV=test
 before_script:
+  # create .env file on Travis-CI:
   - echo "export MIX_ENV=test" > .env
   - mix ecto.setup
 script:
diff --git a/lib/auth/ctx.ex b/lib/auth/ctx.ex
index d914f3db..e69adb00 100644
--- a/lib/auth/ctx.ex
+++ b/lib/auth/ctx.ex
@@ -6,102 +6,6 @@ defmodule Auth.Ctx do
   import Ecto.Query, warn: false
   alias Auth.Repo
 
-  alias Auth.Ctx.Role
-
-  @doc """
-  Returns the list of roles.
-
-  ## Examples
-
-      iex> list_roles()
-      [%Role{}, ...]
-
-  """
-  def list_roles do
-    Repo.all(Role)
-  end
-
-  @doc """
-  Gets a single role.
-
-  Raises `Ecto.NoResultsError` if the Role does not exist.
-
-  ## Examples
-
-      iex> get_role!(123)
-      %Role{}
-
-      iex> get_role!(456)
-      ** (Ecto.NoResultsError)
-
-  """
-  def get_role!(id), do: Repo.get!(Role, id)
-
-  @doc """
-  Creates a role.
-
-  ## Examples
-
-      iex> create_role(%{field: value})
-      {:ok, %Role{}}
-
-      iex> create_role(%{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def create_role(attrs \\ %{}) do
-    %Role{}
-    |> Role.changeset(attrs)
-    |> Repo.insert()
-  end
-
-  @doc """
-  Updates a role.
-
-  ## Examples
-
-      iex> update_role(role, %{field: new_value})
-      {:ok, %Role{}}
-
-      iex> update_role(role, %{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def update_role(%Role{} = role, attrs) do
-    role
-    |> Role.changeset(attrs)
-    |> Repo.update()
-  end
-
-  @doc """
-  Deletes a role.
-
-  ## Examples
-
-      iex> delete_role(role)
-      {:ok, %Role{}}
-
-      iex> delete_role(role)
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def delete_role(%Role{} = role) do
-    Repo.delete(role)
-  end
-
-  @doc """
-  Returns an `%Ecto.Changeset{}` for tracking role changes.
-
-  ## Examples
-
-      iex> change_role(role)
-      %Ecto.Changeset{data: %Role{}}
-
-  """
-  def change_role(%Role{} = role, attrs \\ %{}) do
-    Role.changeset(role, attrs)
-  end
-
   alias Auth.Ctx.Permission
 
   @doc """
diff --git a/lib/auth/ctx/role.ex b/lib/auth/ctx/role.ex
deleted file mode 100644
index e6cd02b0..00000000
--- a/lib/auth/ctx/role.ex
+++ /dev/null
@@ -1,19 +0,0 @@
-defmodule Auth.Ctx.Role do
-  use Ecto.Schema
-  import Ecto.Changeset
-
-  schema "roles" do
-    field :desc, :string
-    field :name, :string
-    field :person_id, :id
-
-    timestamps()
-  end
-
-  @doc false
-  def changeset(role, attrs) do
-    role
-    |> cast(attrs, [:name, :desc])
-    |> validate_required([:name, :desc])
-  end
-end
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
new file mode 100644
index 00000000..f2661a2c
--- /dev/null
+++ b/lib/auth/role.ex
@@ -0,0 +1,119 @@
+defmodule Auth.Role do
+  use Ecto.Schema
+  import Ecto.Changeset
+  import Ecto.Query, warn: false
+  alias Auth.Repo
+  # https://stackoverflow.com/a/47501059/1148249
+  alias __MODULE__
+
+  schema "roles" do
+    field :desc, :string
+    field :name, :string
+    field :person_id, :id
+
+    timestamps()
+  end
+
+  @doc false
+  def changeset(role, attrs) do
+    role
+    |> cast(attrs, [:name, :desc])
+    |> validate_required([:name, :desc])
+  end
+
+
+@doc """
+  Returns the list of roles.
+
+  ## Examples
+
+      iex> list_roles()
+      [%Role{}, ...]
+
+  """
+  def list_roles do
+    Repo.all(__MODULE__)
+  end
+
+  @doc """
+  Gets a single role.
+
+  Raises `Ecto.NoResultsError` if the Role does not exist.
+
+  ## Examples
+
+      iex> get_role!(123)
+      %Role{}
+
+      iex> get_role!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_role!(id), do: Repo.get!(__MODULE__, id)
+
+  @doc """
+  Creates a role.
+
+  ## Examples
+
+      iex> create_role(%{field: value})
+      {:ok, %Role{}}
+
+      iex> create_role(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_role(attrs \\ %{}) do
+    %Role{}
+    |> Role.changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a role.
+
+  ## Examples
+
+      iex> update_role(role, %{field: new_value})
+      {:ok, %Role{}}
+
+      iex> update_role(role, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_role(%Role{} = role, attrs) do
+    role
+    |> Role.changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a role.
+
+  ## Examples
+
+      iex> delete_role(role)
+      {:ok, %Role{}}
+
+      iex> delete_role(role)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_role(%Role{} = role) do
+    Repo.delete(role)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking role changes.
+
+  ## Examples
+
+      iex> change_role(role)
+      %Ecto.Changeset{data: %Role{}}
+
+  """
+  def change_role(%Role{} = role, attrs \\ %{}) do
+    Role.changeset(role, attrs)
+  end
+
+end
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index e25c3394..3ce9ec11 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -1,21 +1,20 @@
 defmodule AuthWeb.RoleController do
   use AuthWeb, :controller
 
-  alias Auth.Ctx
-  alias Auth.Ctx.Role
+  alias Auth.Role
 
   def index(conn, _params) do
-    roles = Ctx.list_roles()
+    roles = Role.list_roles()
     render(conn, "index.html", roles: roles)
   end
 
   def new(conn, _params) do
-    changeset = Ctx.change_role(%Role{})
+    changeset = Role.change_role(%Role{})
     render(conn, "new.html", changeset: changeset)
   end
 
   def create(conn, %{"role" => role_params}) do
-    case Ctx.create_role(role_params) do
+    case Role.create_role(role_params) do
       {:ok, role} ->
         conn
         |> put_flash(:info, "Role created successfully.")
@@ -27,20 +26,20 @@ defmodule AuthWeb.RoleController do
   end
 
   def show(conn, %{"id" => id}) do
-    role = Ctx.get_role!(id)
+    role = Role.get_role!(id)
     render(conn, "show.html", role: role)
   end
 
   def edit(conn, %{"id" => id}) do
-    role = Ctx.get_role!(id)
-    changeset = Ctx.change_role(role)
+    role = Role.get_role!(id)
+    changeset = Role.change_role(role)
     render(conn, "edit.html", role: role, changeset: changeset)
   end
 
   def update(conn, %{"id" => id, "role" => role_params}) do
-    role = Ctx.get_role!(id)
+    role = Role.get_role!(id)
 
-    case Ctx.update_role(role, role_params) do
+    case Role.update_role(role, role_params) do
       {:ok, role} ->
         conn
         |> put_flash(:info, "Role updated successfully.")
@@ -52,8 +51,8 @@ defmodule AuthWeb.RoleController do
   end
 
   def delete(conn, %{"id" => id}) do
-    role = Ctx.get_role!(id)
-    {:ok, _role} = Ctx.delete_role(role)
+    role = Role.get_role!(id)
+    {:ok, _role} = Role.delete_role(role)
 
     conn
     |> put_flash(:info, "Role deleted successfully.")
diff --git a/priv/repo/create_default_roles.exs b/priv/repo/create_default_roles.exs
new file mode 100644
index 00000000..3c4e11cd
--- /dev/null
+++ b/priv/repo/create_default_roles.exs
@@ -0,0 +1,4 @@
+# scripts for creating default roles and permissions
+defmodule Setup.CreateDefaultRoles do
+  
+end
\ No newline at end of file
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index d442c433..55898e91 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -46,13 +46,13 @@ defmodule Auth.Seeds do
       |> Auth.Apikey.create_apikey()
 
     api_key = key.client_id <> "/" <> key.client_secret
-    # set the AUTH_API_KEY during test run:
+    # set the AUTH_API_KEY environment variable during test run:
     write_env("AUTH_API_KEY", api_key)
   end
 
   # write the key:value pair to project .env file
   def write_env(key, value) do
-    IO.inspect(File.cwd!)
+    IO.inspect(File.cwd!, label: "CWD")
     path = File.cwd! <> "/.env"
     IO.inspect(path, label: "path")
     {:ok, data} = File.read(path)
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index f18c9b56..f7562279 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -1,14 +1,14 @@
 defmodule AuthWeb.RoleControllerTest do
   use AuthWeb.ConnCase
 
-  alias Auth.Ctx
+  alias Auth.Role
 
   @create_attrs %{desc: "some desc", name: "some name"}
   @update_attrs %{desc: "some updated desc", name: "some updated name"}
   @invalid_attrs %{desc: nil, name: nil}
 
   def fixture(:role) do
-    {:ok, role} = Ctx.create_role(@create_attrs)
+    {:ok, role} = Role.create_role(@create_attrs)
     role
   end
 

From 73770272256df054d3819901e644b2ea0873ccf5 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 25 Jul 2020 13:10:19 +0100
Subject: [PATCH 025/166] rename auth/ctx_test.exs to auth/roles_test.exs for
 #87

---
 test/auth/{ctx_test.exs => role_test.exs} | 27 ++++++++++++-----------
 1 file changed, 14 insertions(+), 13 deletions(-)
 rename test/auth/{ctx_test.exs => role_test.exs} (83%)

diff --git a/test/auth/ctx_test.exs b/test/auth/role_test.exs
similarity index 83%
rename from test/auth/ctx_test.exs
rename to test/auth/role_test.exs
index ef89d285..dc7c344c 100644
--- a/test/auth/ctx_test.exs
+++ b/test/auth/role_test.exs
@@ -1,10 +1,10 @@
-defmodule Auth.CtxTest do
+defmodule Auth.RoleTest do
   use Auth.DataCase
 
   alias Auth.Ctx
 
   describe "roles" do
-    alias Auth.Ctx.Role
+    alias Auth.Role
 
     @valid_attrs %{desc: "some desc", name: "some name"}
     @update_attrs %{desc: "some updated desc", name: "some updated name"}
@@ -14,53 +14,54 @@ defmodule Auth.CtxTest do
       {:ok, role} =
         attrs
         |> Enum.into(@valid_attrs)
-        |> Ctx.create_role()
+        |> Role.create_role()
 
       role
     end
 
     test "list_roles/0 returns all roles" do
       role = role_fixture()
-      assert Ctx.list_roles() == [role]
+      assert Role.list_roles() == [role]
     end
 
     test "get_role!/1 returns the role with given id" do
       role = role_fixture()
-      assert Ctx.get_role!(role.id) == role
+      assert Role.get_role!(role.id) == role
     end
 
     test "create_role/1 with valid data creates a role" do
-      assert {:ok, %Role{} = role} = Ctx.create_role(@valid_attrs)
+      assert {:ok, %Role{} = role} = Role.create_role(@valid_attrs)
       assert role.desc == "some desc"
       assert role.name == "some name"
     end
 
     test "create_role/1 with invalid data returns error changeset" do
-      assert {:error, %Ecto.Changeset{}} = Ctx.create_role(@invalid_attrs)
+      assert {:error, %Ecto.Changeset{}} = Role.create_role(@invalid_attrs)
     end
 
     test "update_role/2 with valid data updates the role" do
       role = role_fixture()
-      assert {:ok, %Role{} = role} = Ctx.update_role(role, @update_attrs)
+      assert {:ok, %Role{} = role} = Role.update_role(role, @update_attrs)
       assert role.desc == "some updated desc"
       assert role.name == "some updated name"
     end
 
     test "update_role/2 with invalid data returns error changeset" do
       role = role_fixture()
-      assert {:error, %Ecto.Changeset{}} = Ctx.update_role(role, @invalid_attrs)
-      assert role == Ctx.get_role!(role.id)
+      assert {:error, %Ecto.Changeset{}} = 
+        Role.update_role(role, @invalid_attrs)
+      assert role == Role.get_role!(role.id)
     end
 
     test "delete_role/1 deletes the role" do
       role = role_fixture()
-      assert {:ok, %Role{}} = Ctx.delete_role(role)
-      assert_raise Ecto.NoResultsError, fn -> Ctx.get_role!(role.id) end
+      assert {:ok, %Role{}} = Role.delete_role(role)
+      assert_raise Ecto.NoResultsError, fn -> Role.get_role!(role.id) end
     end
 
     test "change_role/1 returns a role changeset" do
       role = role_fixture()
-      assert %Ecto.Changeset{} = Ctx.change_role(role)
+      assert %Ecto.Changeset{} = Role.change_role(role)
     end
   end
 

From ef4261d09a702c4003cd84f30dabe630b47922d2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 25 Jul 2020 13:27:48 +0100
Subject: [PATCH 026/166] remove ctx from project #87

---
 lib/auth/ctx/permission.ex                    | 19 -----------
 lib/auth/{ctx.ex => permission.ex}            | 30 ++++++++++++-----
 .../controllers/permission_controller.ex      | 23 +++++++------
 test/auth/role_test.exs                       | 32 +++++++++++--------
 .../permission_controller_test.exs            |  4 +--
 5 files changed, 53 insertions(+), 55 deletions(-)
 delete mode 100644 lib/auth/ctx/permission.ex
 rename lib/auth/{ctx.ex => permission.ex} (78%)

diff --git a/lib/auth/ctx/permission.ex b/lib/auth/ctx/permission.ex
deleted file mode 100644
index c321e880..00000000
--- a/lib/auth/ctx/permission.ex
+++ /dev/null
@@ -1,19 +0,0 @@
-defmodule Auth.Ctx.Permission do
-  use Ecto.Schema
-  import Ecto.Changeset
-
-  schema "permissions" do
-    field :desc, :string
-    field :name, :string
-    field :person_id, :id
-
-    timestamps()
-  end
-
-  @doc false
-  def changeset(permission, attrs) do
-    permission
-    |> cast(attrs, [:name, :desc])
-    |> validate_required([:name, :desc])
-  end
-end
diff --git a/lib/auth/ctx.ex b/lib/auth/permission.ex
similarity index 78%
rename from lib/auth/ctx.ex
rename to lib/auth/permission.ex
index e69adb00..6af06870 100644
--- a/lib/auth/ctx.ex
+++ b/lib/auth/permission.ex
@@ -1,12 +1,25 @@
-defmodule Auth.Ctx do
-  @moduledoc """
-  The Ctx context.
-  """
-
+defmodule Auth.Permission do
+  use Ecto.Schema
+  import Ecto.Changeset
   import Ecto.Query, warn: false
   alias Auth.Repo
+  # alias the Struct so we can use it below
+  alias Auth.Permission
+
+  schema "permissions" do
+    field :desc, :string
+    field :name, :string
+    field :person_id, :id
+
+    timestamps()
+  end
 
-  alias Auth.Ctx.Permission
+  @doc false
+  def changeset(permission, attrs) do
+    permission
+    |> cast(attrs, [:name, :desc])
+    |> validate_required([:name, :desc])
+  end
 
   @doc """
   Returns the list of permissions.
@@ -18,7 +31,7 @@ defmodule Auth.Ctx do
 
   """
   def list_permissions do
-    Repo.all(Permission)
+    Repo.all(__MODULE__)
   end
 
   @doc """
@@ -35,7 +48,7 @@ defmodule Auth.Ctx do
       ** (Ecto.NoResultsError)
 
   """
-  def get_permission!(id), do: Repo.get!(Permission, id)
+  def get_permission!(id), do: Repo.get!(__MODULE__, id)
 
   @doc """
   Creates a permission.
@@ -101,4 +114,5 @@ defmodule Auth.Ctx do
   def change_permission(%Permission{} = permission, attrs \\ %{}) do
     Permission.changeset(permission, attrs)
   end
+
 end
diff --git a/lib/auth_web/controllers/permission_controller.ex b/lib/auth_web/controllers/permission_controller.ex
index 2bc52e54..5b10f276 100644
--- a/lib/auth_web/controllers/permission_controller.ex
+++ b/lib/auth_web/controllers/permission_controller.ex
@@ -1,21 +1,20 @@
 defmodule AuthWeb.PermissionController do
   use AuthWeb, :controller
 
-  alias Auth.Ctx
-  alias Auth.Ctx.Permission
+  alias Auth.Permission
 
   def index(conn, _params) do
-    permissions = Ctx.list_permissions()
+    permissions = Permission.list_permissions()
     render(conn, "index.html", permissions: permissions)
   end
 
   def new(conn, _params) do
-    changeset = Ctx.change_permission(%Permission{})
+    changeset = Permission.change_permission(%Permission{})
     render(conn, "new.html", changeset: changeset)
   end
 
   def create(conn, %{"permission" => permission_params}) do
-    case Ctx.create_permission(permission_params) do
+    case Permission.create_permission(permission_params) do
       {:ok, permission} ->
         conn
         |> put_flash(:info, "Permission created successfully.")
@@ -27,20 +26,20 @@ defmodule AuthWeb.PermissionController do
   end
 
   def show(conn, %{"id" => id}) do
-    permission = Ctx.get_permission!(id)
+    permission = Permission.get_permission!(id)
     render(conn, "show.html", permission: permission)
   end
 
   def edit(conn, %{"id" => id}) do
-    permission = Ctx.get_permission!(id)
-    changeset = Ctx.change_permission(permission)
+    permission = Permission.get_permission!(id)
+    changeset = Permission.change_permission(permission)
     render(conn, "edit.html", permission: permission, changeset: changeset)
   end
 
   def update(conn, %{"id" => id, "permission" => permission_params}) do
-    permission = Ctx.get_permission!(id)
+    permission = Permission.get_permission!(id)
 
-    case Ctx.update_permission(permission, permission_params) do
+    case Permission.update_permission(permission, permission_params) do
       {:ok, permission} ->
         conn
         |> put_flash(:info, "Permission updated successfully.")
@@ -52,8 +51,8 @@ defmodule AuthWeb.PermissionController do
   end
 
   def delete(conn, %{"id" => id}) do
-    permission = Ctx.get_permission!(id)
-    {:ok, _permission} = Ctx.delete_permission(permission)
+    permission = Permission.get_permission!(id)
+    {:ok, _permission} = Permission.delete_permission(permission)
 
     conn
     |> put_flash(:info, "Permission deleted successfully.")
diff --git a/test/auth/role_test.exs b/test/auth/role_test.exs
index dc7c344c..54b7fca4 100644
--- a/test/auth/role_test.exs
+++ b/test/auth/role_test.exs
@@ -1,8 +1,6 @@
 defmodule Auth.RoleTest do
   use Auth.DataCase
 
-  alias Auth.Ctx
-
   describe "roles" do
     alias Auth.Role
 
@@ -66,7 +64,7 @@ defmodule Auth.RoleTest do
   end
 
   describe "permissions" do
-    alias Auth.Ctx.Permission
+    alias Auth.Permission
 
     @valid_attrs %{desc: "some desc", name: "some name"}
     @update_attrs %{desc: "some updated desc", name: "some updated name"}
@@ -76,53 +74,59 @@ defmodule Auth.RoleTest do
       {:ok, permission} =
         attrs
         |> Enum.into(@valid_attrs)
-        |> Ctx.create_permission()
+        |> Permission.create_permission()
 
       permission
     end
 
     test "list_permissions/0 returns all permissions" do
       permission = permission_fixture()
-      assert Ctx.list_permissions() == [permission]
+      assert Permission.list_permissions() == [permission]
     end
 
     test "get_permission!/1 returns the permission with given id" do
       permission = permission_fixture()
-      assert Ctx.get_permission!(permission.id) == permission
+      assert Permission.get_permission!(permission.id) == permission
     end
 
     test "create_permission/1 with valid data creates a permission" do
-      assert {:ok, %Permission{} = permission} = Ctx.create_permission(@valid_attrs)
+      assert {:ok, %Permission{} = permission} = 
+        Permission.create_permission(@valid_attrs)
       assert permission.desc == "some desc"
       assert permission.name == "some name"
     end
 
     test "create_permission/1 with invalid data returns error changeset" do
-      assert {:error, %Ecto.Changeset{}} = Ctx.create_permission(@invalid_attrs)
+      assert {:error, %Ecto.Changeset{}} = 
+        Permission.create_permission(@invalid_attrs)
     end
 
     test "update_permission/2 with valid data updates the permission" do
       permission = permission_fixture()
-      assert {:ok, %Permission{} = permission} = Ctx.update_permission(permission, @update_attrs)
+      assert {:ok, %Permission{} = permission} = 
+        Permission.update_permission(permission, @update_attrs)
       assert permission.desc == "some updated desc"
       assert permission.name == "some updated name"
     end
 
     test "update_permission/2 with invalid data returns error changeset" do
       permission = permission_fixture()
-      assert {:error, %Ecto.Changeset{}} = Ctx.update_permission(permission, @invalid_attrs)
-      assert permission == Ctx.get_permission!(permission.id)
+      assert {:error, %Ecto.Changeset{}} = 
+        Permission.update_permission(permission, @invalid_attrs)
+      assert permission == Permission.get_permission!(permission.id)
     end
 
     test "delete_permission/1 deletes the permission" do
       permission = permission_fixture()
-      assert {:ok, %Permission{}} = Ctx.delete_permission(permission)
-      assert_raise Ecto.NoResultsError, fn -> Ctx.get_permission!(permission.id) end
+      assert {:ok, %Permission{}} = Permission.delete_permission(permission)
+      assert_raise Ecto.NoResultsError, fn -> 
+        Permission.get_permission!(permission.id) 
+      end
     end
 
     test "change_permission/1 returns a permission changeset" do
       permission = permission_fixture()
-      assert %Ecto.Changeset{} = Ctx.change_permission(permission)
+      assert %Ecto.Changeset{} = Permission.change_permission(permission)
     end
   end
 end
diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
index 47e00bb9..2971e785 100644
--- a/test/auth_web/controllers/permission_controller_test.exs
+++ b/test/auth_web/controllers/permission_controller_test.exs
@@ -1,14 +1,14 @@
 defmodule AuthWeb.PermissionControllerTest do
   use AuthWeb.ConnCase
 
-  alias Auth.Ctx
+  alias Auth.Permission
 
   @create_attrs %{desc: "some desc", name: "some name"}
   @update_attrs %{desc: "some updated desc", name: "some updated name"}
   @invalid_attrs %{desc: nil, name: nil}
 
   def fixture(:permission) do
-    {:ok, permission} = Ctx.create_permission(@create_attrs)
+    {:ok, permission} = Permission.create_permission(@create_attrs)
     permission
   end
 

From 723ae8337388e174faa13bf5d95e438c04877a95 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 25 Jul 2020 15:53:54 +0100
Subject: [PATCH 027/166] create script and default_roles.json (version
 controllable data file) for #86

---
 lib/auth/role.ex                   |  2 +-
 priv/repo/create_default_roles.exs |  4 ----
 priv/repo/default_roles.json       | 12 +++++++++++
 priv/repo/seeds.exs                | 32 ++++++++++++++++++++++++++----
 role-based-access-control.md       | 26 +++++++++++++++++++++---
 5 files changed, 64 insertions(+), 12 deletions(-)
 delete mode 100644 priv/repo/create_default_roles.exs
 create mode 100644 priv/repo/default_roles.json

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index f2661a2c..8508c657 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -17,7 +17,7 @@ defmodule Auth.Role do
   @doc false
   def changeset(role, attrs) do
     role
-    |> cast(attrs, [:name, :desc])
+    |> cast(attrs, [:name, :desc, :person_id])
     |> validate_required([:name, :desc])
   end
 
diff --git a/priv/repo/create_default_roles.exs b/priv/repo/create_default_roles.exs
deleted file mode 100644
index 3c4e11cd..00000000
--- a/priv/repo/create_default_roles.exs
+++ /dev/null
@@ -1,4 +0,0 @@
-# scripts for creating default roles and permissions
-defmodule Setup.CreateDefaultRoles do
-  
-end
\ No newline at end of file
diff --git a/priv/repo/default_roles.json b/priv/repo/default_roles.json
new file mode 100644
index 00000000..1216f98e
--- /dev/null
+++ b/priv/repo/default_roles.json
@@ -0,0 +1,12 @@
+[
+  {
+    "name": "superadmin", 
+    "desc": "With great power comes great responsibility", 
+    "person_id": "1"
+  },
+  {
+    "name": "admin", 
+    "desc": "Can perform all system administration tasks", 
+    "person_id": "1"
+  }
+]
\ No newline at end of file
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 55898e91..c71744b0 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -52,9 +52,9 @@ defmodule Auth.Seeds do
 
   # write the key:value pair to project .env file
   def write_env(key, value) do
-    IO.inspect(File.cwd!, label: "CWD")
+    # IO.inspect(File.cwd!, label: "cwd")
     path = File.cwd! <> "/.env"
-    IO.inspect(path, label: "path")
+    IO.inspect(path, label: ".env file path")
     {:ok, data} = File.read(path)
     # IO.inspect(data)
 
@@ -77,12 +77,36 @@ defmodule Auth.Seeds do
       |> String.replace("'", "")
       |> String.split("=")
 
-      IO.inspect(List.last(parts), label: List.first(parts))
+      # IO.inspect(List.last(parts), label: List.first(parts))
       System.put_env(List.first(parts), List.last(parts))
     end)
   end
 end
 
-
 Auth.Seeds.create_admin()
 |> Auth.Seeds.create_apikey_for_admin()
+
+
+# scripts for creating default roles and permissions
+defmodule SetupRoles do
+  alias Auth.Role
+
+  def get_json(filepath) do
+    # IO.inspect(filepath, label: "filepath")
+    path = File.cwd! <> filepath
+    # IO.inspect(path, label: "path")
+    {:ok, data} = File.read(path)
+    json = Jason.decode!(data)
+    # IO.inspect(json)
+    json
+  end
+
+  def create_default_roles() do
+    json = get_json("/priv/repo/default_roles.json")
+    Enum.each(json, fn role -> 
+      Role.create_role(role)
+    end)
+  end
+end
+
+SetupRoles.create_default_roles()
\ No newline at end of file
diff --git a/role-based-access-control.md b/role-based-access-control.md
index 0e846215..e883efcf 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -93,6 +93,7 @@ If you don't already have these schemas/tables,
 see: https://github.com/dwyl/app-mvp-phoenix#create-schemas
 
 
+
 ### Create `Roles` and `Permissions` Schemas
 
 Let's create the Database Schemas (Tables) 
@@ -125,7 +126,7 @@ mix ecto.gen.migration create_role_permissions
 ```
 
 Open the file that was just created, e.g: 
-[`priv/repo/migrations/20200723143204_create_role_permissions.exs`]()
+[`priv/repo/migrations/20200723143204_create_role_permissions.exs`](https://github.com/dwyl/auth/blob/ef4261d09a702c4003cd84f30dabe630b47922d2/priv/repo/migrations/20200723143204_create_role_permissions.exs)
 
 And replace the contents with:
 ```elixir
@@ -156,7 +157,7 @@ mix ecto.gen.migration create_people_roles
 ```
 
 Open the migration file that was just created, e.g: 
-[`/Users/n/code/auth/priv/repo/migrations/20200723154847_create_people_roles.exs`]()
+[`/Users/n/code/auth/priv/repo/migrations/20200723154847_create_people_roles.exs`](https://github.com/dwyl/auth/blob/ef4261d09a702c4003cd84f30dabe630b47922d2/priv/repo/migrations/20200723154847_create_people_roles.exs)
 
 
 Replace the contents of the file with the following code:
@@ -179,7 +180,26 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
 end
 ```
 
-This 
+This is all we need in terms of database tables for now.
+Run:
+```
+mix ecto.migrate
+```
+To create the tables.
+
+The Entity Relationship Diagram (ERD) should now look like this:
+
+[![auth-erd-with-roles-permissions](https://user-images.githubusercontent.com/194400/88439166-5c2e0e00-ce02-11ea-93ce-11c3a721cb18.png "Schema Diagram - Click to Enlarge")](https://user-images.githubusercontent.com/194400/88439166-5c2e0e00-ce02-11ea-93ce-11c3a721cb18.png)
+
+Next we need to create a script 
+that inserts the default roles and permissions
+during the setup of the Auth App. 
+
+### Setup Default Roles & Permissions
+
+
+
+
 
 
 

From 7a8d967000174f813e4f978ba6d57f89342affe1 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 25 Jul 2020 19:16:38 +0100
Subject: [PATCH 028/166] add all default roles to default_roles.json #86

---
 priv/repo/default_roles.json | 25 +++++++++++++++++++++++++
 role-based-access-control.md | 21 ++++++++++++++++++---
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/priv/repo/default_roles.json b/priv/repo/default_roles.json
index 1216f98e..71d36bd4 100644
--- a/priv/repo/default_roles.json
+++ b/priv/repo/default_roles.json
@@ -8,5 +8,30 @@
     "name": "admin", 
     "desc": "Can perform all system administration tasks", 
     "person_id": "1"
+  },
+  {
+    "name": "moderator", 
+    "desc": "Can view and neutrally moderate any content. Can ban rule-breakers. Cannot delete.", 
+    "person_id": "1"
+  },
+  {
+    "name": "creator", 
+    "desc": "Can create any content. Can edit and delete their own content.", 
+    "person_id": "1"
+  },
+  {
+    "name": "commenter", 
+    "desc": "Can comment on content where commenting is available.", 
+    "person_id": "1"
+  },
+  {
+    "name": "subscriber", 
+    "desc": "Subscribes for updates e.g. newsletter or content from a specific person. Cannot comment until verified.", 
+    "person_id": "1"
+  },
+  {
+    "name": "banned", 
+    "desc": "Can still login to see their content but cannot perform any other action.", 
+    "person_id": "1"
   }
 ]
\ No newline at end of file
diff --git a/role-based-access-control.md b/role-based-access-control.md
index e883efcf..9772c77a 100644
--- a/role-based-access-control.md
+++ b/role-based-access-control.md
@@ -65,15 +65,30 @@ including both "enterprise" (closed source) and popular open source CRM/CMS apps
 | -------- | ---------- | ---------- | ----------- |
 | `1` | superadmin | Can **`CREATE`** new roles. Can **`CREATE`**, **`UPDATE`** and **`DELETE`** Any content. Can **`PURGE`** deleted items. Can "ban" any user including people with "Admin" Role. | 1 |
 | `2` | admin | Can **create** new roles and **assign** existing roles. Can **`CREATE`**, **`UPDATE`** and **`DELETE`** any content. Can "ban" any user except people with "admin" Role. Can see deleted content and un-delete it. Cannot _purge_ deleted. This guarantees audit-trail. | 1 | 
-| `3` | editor | Can **`CREATE`** and **`UPDATE`** _Any_ content. Can **"`DELETE`"** content. Cannot _see_ deleted content. | 1 |
+| `3` | moderator | Can neutrally moderate _any_ content. Can _ban_ rule-breaking `people`. Cannot **"`DELETE`"** content. | 1 |
 | `4` | creator | Can **`CREATE`** content. Can **`UPDATE`** their _own_ content. Can **`DELETE`** their _own_ content. | 1 |
 | `5` | commenter | Can **`COMMENT`** on content that has commenting enabled. | 1 |
 | `6` | subscriber | Can **`SUBSCRIBE`** to receive updates (e.g: newsletter), but has either not verified their account or has made negative comments and is therefore _not_ allowed to comment. | 1 |
 | `7` | banned | Can login and see their past content. Cannot create any new content. Can see the _reason_ for their banning (_which the Admin has to write when performing the "ban user" action. usually linked to a specific action the person performed like a particularly unacceptable comment._) | 1 | 
 
-The first 3 roles closely matches WordPress: 
+These roles are loosely inspired by WordPress: 
 https://wordpress.org/support/article/roles-and-capabilities <br />
-We have renamed "author" to "creator" to emphasize that creating content 
+The **`superadmin`** and **`admin`** roles make sense:
+The person who can perform "system administration" tasks like updating the schemas/code,
+this is the **`superadmin`** or "**owner**" of the application. 
+Typically there is only ***one*** **`superadmin`**,
+this person is ultimately responsible for _everything_. 
+The people who are responsible for _maintaining_ the site/app 
+including the `content` and `people`
+are given the **`admin`** role; 
+they can see everything that is going on.
+
+The **`admin`** role should 
+We have renamed "editor" to "moderator"
+because we feel this role is more _relevant_ in a multi-content setting
+see: https://en.wikipedia.org/wiki/Moderator
+We have also renamed "author" to "creator" 
+to emphasize that creating content 
 is more than just "authoring" text. 
 There will be various types of content not just "posts".
 We have added a "**commenter** role as an "upgrade" to **subscriber**,

From 3c1c7204aa84148846ec2ea8716f1cabf20846e0 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 25 Jul 2020 21:13:02 +0100
Subject: [PATCH 029/166] update Role.list_roles() to reflect that we have more
 roles (default roles) #86

---
 test/auth/role_test.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/auth/role_test.exs b/test/auth/role_test.exs
index 54b7fca4..6764f9db 100644
--- a/test/auth/role_test.exs
+++ b/test/auth/role_test.exs
@@ -19,7 +19,7 @@ defmodule Auth.RoleTest do
 
     test "list_roles/0 returns all roles" do
       role = role_fixture()
-      assert Role.list_roles() == [role]
+      assert Role.list_roles() |> List.last() == role
     end
 
     test "get_role!/1 returns the role with given id" do

From 510489c581fd621ec45d4af1d20336556689694c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 26 Jul 2020 09:46:44 +0100
Subject: [PATCH 030/166] add basic permissions to default_roles.json #86

---
 priv/repo/default_roles.json | 28 +++++++++++++++++++++-------
 priv/repo/seeds.exs          |  2 ++
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/priv/repo/default_roles.json b/priv/repo/default_roles.json
index 71d36bd4..e5f3b8ad 100644
--- a/priv/repo/default_roles.json
+++ b/priv/repo/default_roles.json
@@ -2,36 +2,50 @@
   {
     "name": "superadmin", 
     "desc": "With great power comes great responsibility", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "1",
+    "permissions": "grant_admin_role"
   },
   {
     "name": "admin", 
     "desc": "Can perform all system administration tasks", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "2",
+    "permissions": "manage_people, grant_non_admin_role"
   },
   {
     "name": "moderator", 
     "desc": "Can view and neutrally moderate any content. Can ban rule-breakers. Cannot delete.", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "3",
+    "permissions": "edit_any_content, lock_content, ban_rule_breaking_people, view_deleted"
   },
   {
     "name": "creator", 
     "desc": "Can create any content. Can edit and delete their own content.", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "4",
+    "permissions": "create_content, edit_own_content, delete_own_content"
   },
   {
     "name": "commenter", 
     "desc": "Can comment on content where commenting is available.", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "5",
+    "permissions": "comment"
   },
   {
     "name": "subscriber", 
     "desc": "Subscribes for updates e.g. newsletter or content from a specific person. Cannot comment until verified.", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "6",
+    "permissions": "subscribe, give_feedback"
   },
   {
     "name": "banned", 
     "desc": "Can still login to see their content but cannot perform any other action.", 
-    "person_id": "1"
+    "person_id": "1",
+    "id": "7",
+    "permissions": "view_content, view_profile, delete_own_content, delete_own_profile"
   }
 ]
\ No newline at end of file
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index c71744b0..72259d8d 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -107,6 +107,8 @@ defmodule SetupRoles do
       Role.create_role(role)
     end)
   end
+
+  
 end
 
 SetupRoles.create_default_roles()
\ No newline at end of file

From c1f9d3b0e102c04d1e82b509a9550f237232bbc1 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 27 Jul 2020 15:31:13 +0100
Subject: [PATCH 031/166] refine basic permissions in default_roles.json #86

---
 priv/repo/default_roles.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/priv/repo/default_roles.json b/priv/repo/default_roles.json
index e5f3b8ad..0bbcadae 100644
--- a/priv/repo/default_roles.json
+++ b/priv/repo/default_roles.json
@@ -18,21 +18,21 @@
     "desc": "Can view and neutrally moderate any content. Can ban rule-breakers. Cannot delete.", 
     "person_id": "1",
     "id": "3",
-    "permissions": "edit_any_content, lock_content, ban_rule_breaking_people, view_deleted"
+    "permissions": "edit_any_content, lock_content, unpublish_content, ban_rule_breaking_people, view_deleted"
   },
   {
     "name": "creator", 
     "desc": "Can create any content. Can edit and delete their own content.", 
     "person_id": "1",
     "id": "4",
-    "permissions": "create_content, edit_own_content, delete_own_content"
+    "permissions": "create_content, upload_images, edit_own_content, delete_own_content, invite_people"
   },
   {
     "name": "commenter", 
     "desc": "Can comment on content where commenting is available.", 
     "person_id": "1",
     "id": "5",
-    "permissions": "comment"
+    "permissions": "comment, flag_comments, flag_content"
   },
   {
     "name": "subscriber", 

From b27a21abca63499173636e2528feacf7ee979b02 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 14 Aug 2020 09:20:16 +0100
Subject: [PATCH 032/166] fix failing tests by adding ecto associations to
 Auth.Person functions #89

---
 lib/auth/person.ex |  6 +++++-
 lib/auth/role.ex   | 16 ++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 04878b54..4db327f8 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -20,6 +20,7 @@ defmodule Auth.Person do
     field :status, :id
     field :tag, :id
     field :key_id, :integer
+    many_to_many :roles, Auth.Role, join_through: "people_roles"
 
     has_many :statuses, Auth.Status
     # has_many :sessions, Auth.Session, on_delete: :delete_all
@@ -29,7 +30,7 @@ defmodule Auth.Person do
   @doc """
   Default attributes validation for Person
   """
-  def changeset(person, attrs) do
+  def changeset(person, attrs, roles \\ []) do
     person
     |> cast(attrs, [
       :id,
@@ -49,6 +50,7 @@ defmodule Auth.Person do
     |> validate_required([:email])
     |> put_email_hash()
     |> put_pass_hash()
+    |> put_assoc(:roles, roles)
   end
 
   def create_person(person) do
@@ -196,6 +198,7 @@ defmodule Auth.Person do
   def get_person_by_id(id) do
     __MODULE__
     |> Repo.get_by(id: id)
+    |> Repo.preload(:roles)
   end
 
   defp put_pass_hash(changeset) do
@@ -214,6 +217,7 @@ defmodule Auth.Person do
   def get_person_by_email(email) do
     __MODULE__
     |> Repo.get_by(email_hash: email)
+    |> Repo.preload(:roles)
   end
 
   @doc """
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 8508c657..6c564c99 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -10,6 +10,7 @@ defmodule Auth.Role do
     field :desc, :string
     field :name, :string
     field :person_id, :id
+    many_to_many :people, Auth.Person, join_through: "people_roles"
 
     timestamps()
   end
@@ -116,4 +117,19 @@ defmodule Auth.Role do
     Role.changeset(role, attrs)
   end
 
+
+  @doc """
+  grants the default "subscriber" (6) role to the person
+  """
+  # def set_default_role(person) do
+    
+  # end
+
+  @doc """
+  grants a role to the given person
+  """
+  # def grant_role(person, role, granter) do
+    
+  # end
+
 end

From 259e23954dc4c0eb84f159c5e78924c01579171c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 10:53:13 +0100
Subject: [PATCH 033/166] create lib/auth/people_roles.ex Auth.PeopleRoles
 schema + functions for #90

---
 lib/auth/people_roles.ex | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 lib/auth/people_roles.ex

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
new file mode 100644
index 00000000..49ee05cc
--- /dev/null
+++ b/lib/auth/people_roles.ex
@@ -0,0 +1,39 @@
+defmodule Auth.PeopleRoles do
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias Auth.Repo
+  alias __MODULE__
+
+  schema "people_roles" do
+    belongs_to :person, Auth.Person
+    belongs_to :role, Auth.Role
+    field :granter_id, :integer
+
+    timestamps()
+  end
+
+
+  @doc """
+  grant_role/3 grants a role to the given person
+  the conn must have conn.assigns.person to check for admin in order to grant the role.
+  """
+  def grant_role(conn, grantee_id, role_id) do
+    granter = conn.assigns.person
+    # IO.inspect(granter, label: "granter")
+    # confirm that the granter is either superadmin (conn.assigns.person.id == 1) 
+    # or has an "admin" role (1 || 2)
+    if granter.id == 1 do
+      %PeopleRoles{}
+      |> cast(%{granter_id: granter.id}, [:granter_id])
+      |> put_assoc(:person, Auth.Person.get_person_by_id(grantee_id))
+      |> put_assoc(:role, Auth.Role.get_role!(role_id))
+      |> Repo.insert()
+
+      conn
+    else
+      AuthWeb.AuthController.unauthorized(conn)
+    end
+
+  end
+
+end
\ No newline at end of file

From 506d365c490ac25d855059fe12d9ebaec4feb9a2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 11:11:24 +0100
Subject: [PATCH 034/166] add grant_role/3 function + test to grant roles to
 people #90 |> #27 #31 #82

---
 lib/auth/people_roles.ex                        |  1 +
 lib/auth/person.ex                              |  9 ++++++++-
 lib/auth/role.ex                                | 15 ++++-----------
 .../20200723143204_create_role_permissions.exs  |  2 +-
 .../20200723154847_create_people_roles.exs      |  2 +-
 priv/repo/seeds.exs                             | 13 ++++++++++++-
 test/auth/role_test.exs                         | 17 +++++++++++++++++
 .../controllers/role_controller_test.exs        | 14 ++++++++++++++
 8 files changed, 58 insertions(+), 15 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 49ee05cc..bffd49d4 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -2,6 +2,7 @@ defmodule Auth.PeopleRoles do
   use Ecto.Schema
   import Ecto.Changeset
   alias Auth.Repo
+  # https://stackoverflow.com/a/47501059/1148249
   alias __MODULE__
 
   schema "people_roles" do
diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 4db327f8..b4dedcdd 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -20,7 +20,9 @@ defmodule Auth.Person do
     field :status, :id
     field :tag, :id
     field :key_id, :integer
-    many_to_many :roles, Auth.Role, join_through: "people_roles"
+    # many_to_many :roles, Auth.Role, join_through: "people_roles"
+    # has_many :roles, through: [:people_roles, :role]
+    many_to_many :roles, Auth.Role, join_through: Auth.PeopleRoles
 
     has_many :statuses, Auth.Status
     # has_many :sessions, Auth.Session, on_delete: :delete_all
@@ -31,6 +33,9 @@ defmodule Auth.Person do
   Default attributes validation for Person
   """
   def changeset(person, attrs, roles \\ []) do
+    # IO.inspect(person, label: "changeset > person")
+    # IO.inspect(attrs, label: "changeset > attrs")
+    # IO.inspect(roles, label: "changeset > roles")
     person
     |> cast(attrs, [
       :id,
@@ -199,6 +204,7 @@ defmodule Auth.Person do
     __MODULE__
     |> Repo.get_by(id: id)
     |> Repo.preload(:roles)
+    |> Repo.preload(:statuses)
   end
 
   defp put_pass_hash(changeset) do
@@ -218,6 +224,7 @@ defmodule Auth.Person do
     __MODULE__
     |> Repo.get_by(email_hash: email)
     |> Repo.preload(:roles)
+    |> Repo.preload(:statuses)
   end
 
   @doc """
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 6c564c99..fbac1f8c 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -10,7 +10,7 @@ defmodule Auth.Role do
     field :desc, :string
     field :name, :string
     field :person_id, :id
-    many_to_many :people, Auth.Person, join_through: "people_roles"
+    # many_to_many :roles, Auth.Role, join_through: Auth.PeopleRoles
 
     timestamps()
   end
@@ -118,18 +118,11 @@ defmodule Auth.Role do
   end
 
 
-  @doc """
-  grants the default "subscriber" (6) role to the person
-  """
+  # @doc """
+  # grants the default "subscriber" (6) role to the person
+  # """ 
   # def set_default_role(person) do
     
   # end
 
-  @doc """
-  grants a role to the given person
-  """
-  # def grant_role(person, role, granter) do
-    
-  # end
-
 end
diff --git a/priv/repo/migrations/20200723143204_create_role_permissions.exs b/priv/repo/migrations/20200723143204_create_role_permissions.exs
index 2651ee17..e607b969 100644
--- a/priv/repo/migrations/20200723143204_create_role_permissions.exs
+++ b/priv/repo/migrations/20200723143204_create_role_permissions.exs
@@ -5,7 +5,7 @@ defmodule Auth.Repo.Migrations.CreateRolePermissions do
     create table(:role_permissions) do
       add :role_id, references(:roles, on_delete: :nothing)
       add :permission_id, references(:permissions, on_delete: :nothing)
-      add :granter, references(:people, on_delete: :nothing)
+      add :granter_id, references(:people, on_delete: :nothing)
   
       timestamps()
     end
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
index 8d69b222..f5938f41 100644
--- a/priv/repo/migrations/20200723154847_create_people_roles.exs
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -5,7 +5,7 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
     create table(:people_roles) do
       add :person_id, references(:people, on_delete: :nothing)
       add :role_id, references(:roles, on_delete: :nothing)
-      add :granter, references(:people, on_delete: :nothing)
+      add :granter_id, references(:people, on_delete: :nothing)
   
       timestamps()
     end
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 72259d8d..fd72ccf0 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -32,6 +32,7 @@ defmodule Auth.Seeds do
       IO.inspect(person.id, label: "seeds.exs person.id")
       IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
     end
+    
     person
   end
 
@@ -47,7 +48,12 @@ defmodule Auth.Seeds do
 
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
-    write_env("AUTH_API_KEY", api_key)
+    if(Mix.env() == :test) do
+      System.put_env("AUTH_API_KEY", api_key)
+    else
+      # update the AUTH_API_KEY in the .env file:
+      write_env("AUTH_API_KEY", api_key)
+    end
   end
 
   # write the key:value pair to project .env file
@@ -105,9 +111,14 @@ defmodule SetupRoles do
     json = get_json("/priv/repo/default_roles.json")
     Enum.each(json, fn role -> 
       Role.create_role(role)
+      # |> IO.inspect()
     end)
   end
 
+  def assign_superadmin_role() do
+    
+  end
+
   
 end
 
diff --git a/test/auth/role_test.exs b/test/auth/role_test.exs
index 6764f9db..9a425a3d 100644
--- a/test/auth/role_test.exs
+++ b/test/auth/role_test.exs
@@ -1,5 +1,6 @@
 defmodule Auth.RoleTest do
   use Auth.DataCase
+  # use AuthWeb.ConnCase
 
   describe "roles" do
     alias Auth.Role
@@ -129,4 +130,20 @@ defmodule Auth.RoleTest do
       assert %Ecto.Changeset{} = Permission.change_permission(permission)
     end
   end
+
+  
+  # create a new person and confirm they were asigned a default role of "subscriber"
+    
+
+
+  # describe "grant role" do
+
+
+
+
+  #   # test "change_permission/1 returns a permission changeset" do
+  #   #   permission = permission_fixture()
+  #   #   assert %Ecto.Changeset{} = Permission.change_permission(permission)
+  #   # end
+  # end
 end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index f7562279..35fe8147 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -91,4 +91,18 @@ defmodule AuthWeb.RoleControllerTest do
     role = fixture(:role)
     %{role: role}
   end
+
+
+  test "grant_role/3 happy path", %{conn: conn} do
+    # login as superadmin
+    conn = AuthTest.admin_login(conn)
+    # create a new person 
+    alex = %{email: "alex_grant_role@gmail.com", auth_provider: "email"}
+    grantee = Auth.Person.create_person(alex)
+    role_id = 4
+    Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
+    person_with_role = Auth.Person.get_person_by_id(grantee.id)
+    role = List.first(person_with_role.roles)
+    assert role_id == role.id
+  end
 end

From 1d6a2592b884671bb3583345de1d6d5560825486 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 11:47:20 +0100
Subject: [PATCH 035/166] create test/auth/people_roles_test.exs to test both
 happy path and 401 for #90 & #27 #31 #82

---
 test/auth/people_roles_test.exs               | 27 +++++++++++++++++++
 .../controllers/role_controller_test.exs      | 15 +----------
 2 files changed, 28 insertions(+), 14 deletions(-)
 create mode 100644 test/auth/people_roles_test.exs

diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
new file mode 100644
index 00000000..b47b713d
--- /dev/null
+++ b/test/auth/people_roles_test.exs
@@ -0,0 +1,27 @@
+defmodule AuthWeb.PeopleRolesTest do
+  use AuthWeb.ConnCase
+
+  test "grant_role/3 happy path", %{conn: conn} do
+    # login as superadmin
+    conn = AuthTest.admin_login(conn)
+    # create a new person 
+    alex = %{email: "alex_grant_role@gmail.com", auth_provider: "email"}
+    grantee = Auth.Person.create_person(alex)
+    role_id = 4
+    Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
+    person_with_role = Auth.Person.get_person_by_id(grantee.id)
+    role = List.first(person_with_role.roles)
+    assert role_id == role.id
+  end
+
+  test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
+    alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
+    grantee = Auth.Person.create_person(alex)
+    conn = assign(conn, :person, grantee) # 
+    role_id = 4
+    conn = Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
+
+    assert conn.status == 401
+  end
+
+end
\ No newline at end of file
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 35fe8147..c6ad8b30 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -91,18 +91,5 @@ defmodule AuthWeb.RoleControllerTest do
     role = fixture(:role)
     %{role: role}
   end
-
-
-  test "grant_role/3 happy path", %{conn: conn} do
-    # login as superadmin
-    conn = AuthTest.admin_login(conn)
-    # create a new person 
-    alex = %{email: "alex_grant_role@gmail.com", auth_provider: "email"}
-    grantee = Auth.Person.create_person(alex)
-    role_id = 4
-    Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id)
-    role = List.first(person_with_role.roles)
-    assert role_id == role.id
-  end
+  
 end

From 812e1926e83a82eed50a3e639d8815d7cbeca20d Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 11:49:00 +0100
Subject: [PATCH 036/166] run "mix format" to keep SourceLevel happy
 https://github.com/dwyl/auth/pull/85#issuecomment-677507944

---
 lib/auth/people_roles.ex                      |  5 +--
 lib/auth/permission.ex                        |  1 -
 lib/auth/role.ex                              |  7 +---
 lib/auth_web/controllers/auth_controller.ex   |  2 +-
 lib/auth_web/controllers/ping_controller.ex   |  2 +-
 mix.exs                                       |  2 +-
 ...20200723143204_create_role_permissions.exs |  4 +-
 .../20200723154847_create_people_roles.exs    |  4 +-
 priv/repo/seeds.exs                           | 38 ++++++++++---------
 test/auth/people_roles_test.exs               |  5 +--
 test/auth/role_test.exs                       | 32 +++++++---------
 .../controllers/apikey_controller_test.exs    | 17 +++++----
 .../controllers/auth_controller_test.exs      | 30 ++++++++-------
 .../permission_controller_test.exs            | 37 +++++++++++-------
 .../controllers/ping_controller_test.exs      |  2 +-
 .../controllers/role_controller_test.exs      | 37 +++++++++++-------
 test/support/conn_case.ex                     |  8 ++--
 test/test_helper.exs                          |  3 +-
 18 files changed, 128 insertions(+), 108 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index bffd49d4..2bacfd38 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -13,7 +13,6 @@ defmodule Auth.PeopleRoles do
     timestamps()
   end
 
-
   @doc """
   grant_role/3 grants a role to the given person
   the conn must have conn.assigns.person to check for admin in order to grant the role.
@@ -34,7 +33,5 @@ defmodule Auth.PeopleRoles do
     else
       AuthWeb.AuthController.unauthorized(conn)
     end
-
   end
-
-end
\ No newline at end of file
+end
diff --git a/lib/auth/permission.ex b/lib/auth/permission.ex
index 6af06870..a26b031d 100644
--- a/lib/auth/permission.ex
+++ b/lib/auth/permission.ex
@@ -114,5 +114,4 @@ defmodule Auth.Permission do
   def change_permission(%Permission{} = permission, attrs \\ %{}) do
     Permission.changeset(permission, attrs)
   end
-
 end
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index fbac1f8c..887577dc 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -22,8 +22,7 @@ defmodule Auth.Role do
     |> validate_required([:name, :desc])
   end
 
-
-@doc """
+  @doc """
   Returns the list of roles.
 
   ## Examples
@@ -117,12 +116,10 @@ defmodule Auth.Role do
     Role.changeset(role, attrs)
   end
 
-
   # @doc """
   # grants the default "subscriber" (6) role to the person
   # """ 
   # def set_default_role(person) do
-    
-  # end
 
+  # end
 end
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 3c5b3248..be83887e 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -426,7 +426,7 @@ defmodule AuthWeb.AuthController do
       Enum.filter(apikeys, fn k ->
         # if the API Key belongs to Super Admin, don't check URL as it's the "setup key":
         if person_id == 1 do
-          k.client_id == client_id 
+          k.client_id == client_id
         else
           # check url matches the state for all other keys:
           k.client_id == client_id and state =~ k.url
diff --git a/lib/auth_web/controllers/ping_controller.ex b/lib/auth_web/controllers/ping_controller.ex
index b3f59710..dc6a207f 100644
--- a/lib/auth_web/controllers/ping_controller.ex
+++ b/lib/auth_web/controllers/ping_controller.ex
@@ -5,4 +5,4 @@ defmodule AuthWeb.PingController do
   def ping(conn, params) do
     Ping.render_pixel(conn, params)
   end
-end
\ No newline at end of file
+end
diff --git a/mix.exs b/mix.exs
index 8ca755aa..3e32b768 100644
--- a/mix.exs
+++ b/mix.exs
@@ -73,7 +73,7 @@ defmodule Auth.Mixfile do
       {:ping, "~> 1.0.1"},
 
       # Check test coverage
-      {:excoveralls, "~> 0.12.3", only: :test}, 
+      {:excoveralls, "~> 0.12.3", only: :test},
 
       #  Property based tests: github.com/dwyl/learn-property-based-testing
       {:stream_data, "~> 0.4.3", only: :test},
diff --git a/priv/repo/migrations/20200723143204_create_role_permissions.exs b/priv/repo/migrations/20200723143204_create_role_permissions.exs
index e607b969..55bde3af 100644
--- a/priv/repo/migrations/20200723143204_create_role_permissions.exs
+++ b/priv/repo/migrations/20200723143204_create_role_permissions.exs
@@ -6,10 +6,10 @@ defmodule Auth.Repo.Migrations.CreateRolePermissions do
       add :role_id, references(:roles, on_delete: :nothing)
       add :permission_id, references(:permissions, on_delete: :nothing)
       add :granter_id, references(:people, on_delete: :nothing)
-  
+
       timestamps()
     end
-  
+
     create unique_index(:role_permissions, [:role_id, :permission_id])
   end
 end
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
index f5938f41..eb7cd985 100644
--- a/priv/repo/migrations/20200723154847_create_people_roles.exs
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -6,10 +6,10 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
       add :person_id, references(:people, on_delete: :nothing)
       add :role_id, references(:roles, on_delete: :nothing)
       add :granter_id, references(:people, on_delete: :nothing)
-  
+
       timestamps()
     end
-  
+
     create unique_index(:people_roles, [:person_id, :role_id])
   end
 end
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index fd72ccf0..862adb00 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -26,13 +26,14 @@ defmodule Auth.Seeds do
         person ->
           person
       end
+
     if(Mix.env() == :test) do
       # don't print noise during tests
     else
       IO.inspect(person.id, label: "seeds.exs person.id")
       IO.puts("- - - - - - - - - - - - - - - - - - - - - - ")
     end
-    
+
     person
   end
 
@@ -59,16 +60,19 @@ defmodule Auth.Seeds do
   # write the key:value pair to project .env file
   def write_env(key, value) do
     # IO.inspect(File.cwd!, label: "cwd")
-    path = File.cwd! <> "/.env"
+    path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
     {:ok, data} = File.read(path)
     # IO.inspect(data)
 
-    lines = String.split(data, "\n") 
-    |> Enum.filter(fn line -> 
-      not String.contains?(line, key)  
-    end)
-    str = "export #{key}=#{value}" # |> IO.inspect
+    lines =
+      String.split(data, "\n")
+      |> Enum.filter(fn line ->
+        not String.contains?(line, key)
+      end)
+
+    # |> IO.inspect
+    str = "export #{key}=#{value}"
     vars = lines ++ [str]
     content = Enum.join(vars, "\n")
     File.write!(path, content) |> File.close()
@@ -78,10 +82,11 @@ defmodule Auth.Seeds do
   # export all the environment variables during app excution/tests
   def env(vars) do
     Enum.map(vars, fn line ->
-      parts = line
-      |> String.replace("export ", "")
-      |> String.replace("'", "")
-      |> String.split("=")
+      parts =
+        line
+        |> String.replace("export ", "")
+        |> String.replace("'", "")
+        |> String.split("=")
 
       # IO.inspect(List.last(parts), label: List.first(parts))
       System.put_env(List.first(parts), List.last(parts))
@@ -92,14 +97,13 @@ end
 Auth.Seeds.create_admin()
 |> Auth.Seeds.create_apikey_for_admin()
 
-
 # scripts for creating default roles and permissions
 defmodule SetupRoles do
   alias Auth.Role
 
   def get_json(filepath) do
     # IO.inspect(filepath, label: "filepath")
-    path = File.cwd! <> filepath
+    path = File.cwd!() <> filepath
     # IO.inspect(path, label: "path")
     {:ok, data} = File.read(path)
     json = Jason.decode!(data)
@@ -109,17 +113,15 @@ defmodule SetupRoles do
 
   def create_default_roles() do
     json = get_json("/priv/repo/default_roles.json")
-    Enum.each(json, fn role -> 
+
+    Enum.each(json, fn role ->
       Role.create_role(role)
       # |> IO.inspect()
     end)
   end
 
   def assign_superadmin_role() do
-    
   end
-
-  
 end
 
-SetupRoles.create_default_roles()
\ No newline at end of file
+SetupRoles.create_default_roles()
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index b47b713d..461217a1 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -17,11 +17,10 @@ defmodule AuthWeb.PeopleRolesTest do
   test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
     alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
-    conn = assign(conn, :person, grantee) # 
+    conn = assign(conn, :person, grantee)
     role_id = 4
     conn = Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
 
     assert conn.status == 401
   end
-
-end
\ No newline at end of file
+end
diff --git a/test/auth/role_test.exs b/test/auth/role_test.exs
index 9a425a3d..9769d67a 100644
--- a/test/auth/role_test.exs
+++ b/test/auth/role_test.exs
@@ -47,8 +47,7 @@ defmodule Auth.RoleTest do
 
     test "update_role/2 with invalid data returns error changeset" do
       role = role_fixture()
-      assert {:error, %Ecto.Changeset{}} = 
-        Role.update_role(role, @invalid_attrs)
+      assert {:error, %Ecto.Changeset{}} = Role.update_role(role, @invalid_attrs)
       assert role == Role.get_role!(role.id)
     end
 
@@ -91,37 +90,40 @@ defmodule Auth.RoleTest do
     end
 
     test "create_permission/1 with valid data creates a permission" do
-      assert {:ok, %Permission{} = permission} = 
-        Permission.create_permission(@valid_attrs)
+      assert {:ok, %Permission{} = permission} = Permission.create_permission(@valid_attrs)
       assert permission.desc == "some desc"
       assert permission.name == "some name"
     end
 
     test "create_permission/1 with invalid data returns error changeset" do
-      assert {:error, %Ecto.Changeset{}} = 
-        Permission.create_permission(@invalid_attrs)
+      assert {:error, %Ecto.Changeset{}} = Permission.create_permission(@invalid_attrs)
     end
 
     test "update_permission/2 with valid data updates the permission" do
       permission = permission_fixture()
-      assert {:ok, %Permission{} = permission} = 
-        Permission.update_permission(permission, @update_attrs)
+
+      assert {:ok, %Permission{} = permission} =
+               Permission.update_permission(permission, @update_attrs)
+
       assert permission.desc == "some updated desc"
       assert permission.name == "some updated name"
     end
 
     test "update_permission/2 with invalid data returns error changeset" do
       permission = permission_fixture()
-      assert {:error, %Ecto.Changeset{}} = 
-        Permission.update_permission(permission, @invalid_attrs)
+
+      assert {:error, %Ecto.Changeset{}} =
+               Permission.update_permission(permission, @invalid_attrs)
+
       assert permission == Permission.get_permission!(permission.id)
     end
 
     test "delete_permission/1 deletes the permission" do
       permission = permission_fixture()
       assert {:ok, %Permission{}} = Permission.delete_permission(permission)
-      assert_raise Ecto.NoResultsError, fn -> 
-        Permission.get_permission!(permission.id) 
+
+      assert_raise Ecto.NoResultsError, fn ->
+        Permission.get_permission!(permission.id)
       end
     end
 
@@ -131,16 +133,10 @@ defmodule Auth.RoleTest do
     end
   end
 
-  
   # create a new person and confirm they were asigned a default role of "subscriber"
-    
-
 
   # describe "grant role" do
 
-
-
-
   #   # test "change_permission/1 returns a permission changeset" do
   #   #   permission = permission_fixture()
   #   #   assert %Ecto.Changeset{} = Permission.change_permission(permission)
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 38c73115..5e19411d 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -74,8 +74,9 @@ defmodule AuthWeb.ApikeyControllerTest do
   #
   describe "index" do
     test "lists all apikeys", %{conn: conn} do
-      conn = admin_login(conn)
-      |> get(Routes.apikey_path(conn, :index))
+      conn =
+        admin_login(conn)
+        |> get(Routes.apikey_path(conn, :index))
 
       assert html_response(conn, 200) =~ "Auth API Keys"
     end
@@ -83,8 +84,9 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "new apikey" do
     test "renders form", %{conn: conn} do
-      conn = admin_login(conn)
-      |> get(Routes.apikey_path(conn, :new))
+      conn =
+        admin_login(conn)
+        |> get(Routes.apikey_path(conn, :new))
 
       assert html_response(conn, 200) =~ "New Apikey"
     end
@@ -92,8 +94,9 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "create apikey" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn = admin_login(conn)
-      |> post(Routes.apikey_path(conn, :create), apikey: @create_attrs)
+      conn =
+        admin_login(conn)
+        |> post(Routes.apikey_path(conn, :create), apikey: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.apikey_path(conn, :show, id)
@@ -134,7 +137,7 @@ defmodule AuthWeb.ApikeyControllerTest do
           auth_provider: "email"
         })
 
-        conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index c3de1577..74ff3c82 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -22,8 +22,10 @@ defmodule AuthWeb.AuthControllerTest do
     }
 
     person = Auth.Person.create_person(data)
-    conn = AuthPlug.create_jwt_session(conn, Map.merge(data, %{id: person.id}))
-    |> get("/profile", %{})
+
+    conn =
+      AuthPlug.create_jwt_session(conn, Map.merge(data, %{id: person.id}))
+      |> get("/profile", %{})
 
     assert html_response(conn, 200) =~ "Google account"
   end
@@ -50,19 +52,20 @@ defmodule AuthWeb.AuthControllerTest do
   end
 
   test "get_client_secret(client_id, state) gets the secret for the given client_id" do
+    person =
+      Auth.Person.create_person(%{
+        email: "alex@gmail.com",
+        auth_provider: "email"
+      })
 
-    person = Auth.Person.create_person(%{
-      email: "alex@gmail.com",
-      auth_provider: "email"
-    })
-
-    {:ok, key} = %{"name" => "test key", "url" => "example.com"}
-    |> AuthWeb.ApikeyController.make_apikey(person.id)
-    |> Auth.Apikey.create_apikey()
+    {:ok, key} =
+      %{"name" => "test key", "url" => "example.com"}
+      |> AuthWeb.ApikeyController.make_apikey(person.id)
+      |> Auth.Apikey.create_apikey()
 
     state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
     secret = AuthWeb.AuthController.get_client_secret(key.client_id, state)
-    
+
     assert secret == key.client_secret
   end
 
@@ -126,8 +129,9 @@ defmodule AuthWeb.AuthControllerTest do
 
     person = Auth.Person.upsert_person(data)
 
-    conn = AuthPlug.create_jwt_session(conn, person)
-    |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
+    conn =
+      AuthPlug.create_jwt_session(conn, person)
+      |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
 
     assert html_response(conn, 200) =~ "Google account"
   end
diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
index 2971e785..0c5d1fb5 100644
--- a/test/auth_web/controllers/permission_controller_test.exs
+++ b/test/auth_web/controllers/permission_controller_test.exs
@@ -28,9 +28,9 @@ defmodule AuthWeb.PermissionControllerTest do
 
   describe "create permission" do
     test "redirects to show when data is valid", %{conn: conn} do
-
-      conn = admin_login(conn) 
-      |> post(Routes.permission_path(conn, :create), permission: @create_attrs)
+      conn =
+        admin_login(conn)
+        |> post(Routes.permission_path(conn, :create), permission: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.permission_path(conn, :show, id)
@@ -40,8 +40,10 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn =  admin_login(conn) 
-      |> post(Routes.permission_path(conn, :create), permission: @invalid_attrs)
+      conn =
+        admin_login(conn)
+        |> post(Routes.permission_path(conn, :create), permission: @invalid_attrs)
+
       assert html_response(conn, 200) =~ "New Permission"
     end
   end
@@ -50,8 +52,10 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "renders form for editing chosen permission", %{conn: conn, permission: permission} do
-      conn =  admin_login(conn) 
-      |> get(Routes.permission_path(conn, :edit, permission))
+      conn =
+        admin_login(conn)
+        |> get(Routes.permission_path(conn, :edit, permission))
+
       assert html_response(conn, 200) =~ "Edit Permission"
     end
   end
@@ -60,8 +64,10 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "redirects when data is valid", %{conn: conn, permission: permission} do
-      conn =  admin_login(conn) 
-      |> put(Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+      conn =
+        admin_login(conn)
+        |> put(Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+
       assert redirected_to(conn) == Routes.permission_path(conn, :show, permission)
 
       conn = get(conn, Routes.permission_path(conn, :show, permission))
@@ -69,8 +75,10 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, permission: permission} do
-      conn =  admin_login(conn) 
-      |> put(Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+      conn =
+        admin_login(conn)
+        |> put(Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+
       assert html_response(conn, 200) =~ "Edit Permission"
     end
   end
@@ -79,9 +87,12 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "deletes chosen permission", %{conn: conn, permission: permission} do
-      conn = admin_login(conn) 
-      |> delete(Routes.permission_path(conn, :delete, permission))
+      conn =
+        admin_login(conn)
+        |> delete(Routes.permission_path(conn, :delete, permission))
+
       assert redirected_to(conn) == Routes.permission_path(conn, :index)
+
       assert_error_sent 404, fn ->
         get(conn, Routes.permission_path(conn, :show, permission))
       end
diff --git a/test/auth_web/controllers/ping_controller_test.exs b/test/auth_web/controllers/ping_controller_test.exs
index d6e3192a..cc536c58 100644
--- a/test/auth_web/controllers/ping_controller_test.exs
+++ b/test/auth_web/controllers/ping_controller_test.exs
@@ -7,4 +7,4 @@ defmodule AuthWeb.PingControllerTest do
     assert conn.state == :sent
     assert conn.resp_body =~ <<71, 73, 70, 56, 57>>
   end
-end
\ No newline at end of file
+end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index c6ad8b30..5bb16972 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -28,8 +28,9 @@ defmodule AuthWeb.RoleControllerTest do
 
   describe "create role" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn = admin_login(conn) 
-      |> post(Routes.role_path(conn, :create), role: @create_attrs)
+      conn =
+        admin_login(conn)
+        |> post(Routes.role_path(conn, :create), role: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.role_path(conn, :show, id)
@@ -39,8 +40,10 @@ defmodule AuthWeb.RoleControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn = admin_login(conn) 
-      |> post(Routes.role_path(conn, :create), role: @invalid_attrs)
+      conn =
+        admin_login(conn)
+        |> post(Routes.role_path(conn, :create), role: @invalid_attrs)
+
       assert html_response(conn, 200) =~ "New Role"
     end
   end
@@ -49,8 +52,10 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "renders form for editing chosen role", %{conn: conn, role: role} do
-      conn = admin_login(conn) 
-      |> get(Routes.role_path(conn, :edit, role))
+      conn =
+        admin_login(conn)
+        |> get(Routes.role_path(conn, :edit, role))
+
       assert html_response(conn, 200) =~ "Edit Role"
     end
   end
@@ -59,8 +64,10 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "redirects when data is valid", %{conn: conn, role: role} do
-      conn = admin_login(conn) 
-      |> put(Routes.role_path(conn, :update, role), role: @update_attrs)
+      conn =
+        admin_login(conn)
+        |> put(Routes.role_path(conn, :update, role), role: @update_attrs)
+
       assert redirected_to(conn) == Routes.role_path(conn, :show, role)
 
       conn = get(conn, Routes.role_path(conn, :show, role))
@@ -68,8 +75,10 @@ defmodule AuthWeb.RoleControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, role: role} do
-      conn = admin_login(conn) 
-      |> put(Routes.role_path(conn, :update, role), role: @invalid_attrs)
+      conn =
+        admin_login(conn)
+        |> put(Routes.role_path(conn, :update, role), role: @invalid_attrs)
+
       assert html_response(conn, 200) =~ "Edit Role"
     end
   end
@@ -78,9 +87,12 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "deletes chosen role", %{conn: conn, role: role} do
-      conn = admin_login(conn) 
-      |> delete(Routes.role_path(conn, :delete, role))
+      conn =
+        admin_login(conn)
+        |> delete(Routes.role_path(conn, :delete, role))
+
       assert redirected_to(conn) == Routes.role_path(conn, :index)
+
       assert_error_sent 404, fn ->
         get(conn, Routes.role_path(conn, :show, role))
       end
@@ -91,5 +103,4 @@ defmodule AuthWeb.RoleControllerTest do
     role = fixture(:role)
     %{role: role}
   end
-  
 end
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index 07e74d03..24e3bc1f 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -24,7 +24,7 @@ defmodule AuthWeb.ConnCase do
       import Phoenix.ConnTest
       # AuthTest is defined in test_helpers.exs
       # as per https://stackoverflow.com/a/58902158/1148249
-      import AuthTest 
+      import AuthTest
       alias AuthWeb.Router.Helpers, as: Routes
 
       # The default endpoint for testing
@@ -39,8 +39,10 @@ defmodule AuthWeb.ConnCase do
       Ecto.Adapters.SQL.Sandbox.mode(Auth.Repo, {:shared, self()})
     end
 
-    conn = Phoenix.ConnTest.build_conn()
-    |> Phoenix.ConnTest.init_test_session(%{})
+    conn =
+      Phoenix.ConnTest.build_conn()
+      |> Phoenix.ConnTest.init_test_session(%{})
+
     # invoke Plug.Test.init_test_session/2 to setup the test session
     # before attempting to set a JWT. see:
     # https://github.com/dwyl/auth/issues/83#issuecomment-660052222
diff --git a/test/test_helper.exs b/test/test_helper.exs
index c4d0d2a0..f0a5fa15 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -1,7 +1,6 @@
 ExUnit.start()
 Ecto.Adapters.SQL.Sandbox.mode(Auth.Repo, :manual)
 
-
 defmodule AuthTest do
   @moduledoc """
   Test helper functions :-)
@@ -14,4 +13,4 @@ defmodule AuthTest do
     person = Auth.Person.get_person_by_email(@admin_email)
     AuthPlug.create_jwt_session(conn, person)
   end
-end
\ No newline at end of file
+end

From 5a0d8bfa88ecd7b9548ad48aa3298b3de1b8a22e Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 12:01:30 +0100
Subject: [PATCH 037/166] add @moduledoc tag comment to all newly created files
 and some old ones for https://github.com/dwyl/auth/pull/85/files#r473848716

---
 lib/auth/apikey.ex                            | 3 +++
 lib/auth/login_log.ex                         | 3 +++
 lib/auth/people_roles.ex                      | 3 +++
 lib/auth/permission.ex                        | 3 +++
 lib/auth/person.ex                            | 3 +++
 lib/auth/role.ex                              | 3 +++
 lib/auth_web/controllers/apikey_controller.ex | 3 +++
 lib/auth_web/controllers/auth_controller.ex   | 3 +++
 lib/auth_web/router.ex                        | 3 +++
 mix.exs                                       | 3 +++
 10 files changed, 30 insertions(+)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index c45d6c6d..4c087636 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -1,4 +1,7 @@
 defmodule Auth.Apikey do
+  @moduledoc """
+  Defines apikeys schema and CRUD functions
+  """
   use Ecto.Schema
   import Ecto.Query, warn: false
   import Ecto.Changeset
diff --git a/lib/auth/login_log.ex b/lib/auth/login_log.ex
index cf9eca1a..bc13bb13 100644
--- a/lib/auth/login_log.ex
+++ b/lib/auth/login_log.ex
@@ -1,4 +1,7 @@
 defmodule Auth.LoginLog do
+  @moduledoc """
+  Defines login_logs schema and CRUD functions
+  """
   use Ecto.Schema
   import Ecto.Changeset
   alias Auth.Repo
diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 2bacfd38..ef1141e3 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -1,4 +1,7 @@
 defmodule Auth.PeopleRoles do
+  @moduledoc """
+  Defines people_roles schema and fuction to grant roles to a person.
+  """
   use Ecto.Schema
   import Ecto.Changeset
   alias Auth.Repo
diff --git a/lib/auth/permission.ex b/lib/auth/permission.ex
index a26b031d..9ef99ef7 100644
--- a/lib/auth/permission.ex
+++ b/lib/auth/permission.ex
@@ -1,4 +1,7 @@
 defmodule Auth.Permission do
+  @moduledoc """
+  Defines Rermission schema and CRUD functions
+  """
   use Ecto.Schema
   import Ecto.Changeset
   import Ecto.Query, warn: false
diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index b4dedcdd..002f5bba 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -1,4 +1,7 @@
 defmodule Auth.Person do
+  @moduledoc """
+  Defines Person schema and CRUD functions
+  """
   use Ecto.Schema
   import Ecto.Changeset
   alias Auth.Repo
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 887577dc..5f08b82a 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -1,4 +1,7 @@
 defmodule Auth.Role do
+  @moduledoc """
+  Defines Role schema and CRUD functions
+  """
   use Ecto.Schema
   import Ecto.Changeset
   import Ecto.Query, warn: false
diff --git a/lib/auth_web/controllers/apikey_controller.ex b/lib/auth_web/controllers/apikey_controller.ex
index efb9eeb0..dc3972fb 100644
--- a/lib/auth_web/controllers/apikey_controller.ex
+++ b/lib/auth_web/controllers/apikey_controller.ex
@@ -1,4 +1,7 @@
 defmodule AuthWeb.ApikeyController do
+  @moduledoc """
+  Defines API Key controller functions
+  """
   use AuthWeb, :controller
   alias Auth.Apikey
 
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index be83887e..50eedbd1 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -1,4 +1,7 @@
 defmodule AuthWeb.AuthController do
+  @moduledoc """
+  Defines AuthController and all functions for authenticaiton
+  """
   use AuthWeb, :controller
   alias Auth.Person
 
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index e16949c8..7e798df6 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -1,4 +1,7 @@
 defmodule AuthWeb.Router do
+  @moduledoc """
+  Defines Web Application Router pipelines and routes
+  """
   use AuthWeb, :router
 
   pipeline :browser do
diff --git a/mix.exs b/mix.exs
index 3e32b768..aef11f5c 100644
--- a/mix.exs
+++ b/mix.exs
@@ -1,4 +1,7 @@
 defmodule Auth.Mixfile do
+  @moduledoc """
+  Defines the Mix Project, Dependencies and Scripts
+  """
   use Mix.Project
 
   def project do

From 3ce9bab87ad4fad01209625a477b19364c0500bc Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 19:33:21 +0100
Subject: [PATCH 038/166] create and use Auth.PeopleRoles.list_people_roles/0
 function to list all people_roles data #27 #31 #82 #90

---
 lib/auth/people_roles.ex        | 12 +++++++++++-
 lib/auth/permission.ex          |  2 +-
 lib/auth/role.ex                |  4 ++--
 test/auth/people_roles_test.exs | 11 ++++++++---
 test/support/conn_case.ex       |  4 +---
 5 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index ef1141e3..95529893 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -4,6 +4,7 @@ defmodule Auth.PeopleRoles do
   """
   use Ecto.Schema
   import Ecto.Changeset
+  import Ecto.Query
   alias Auth.Repo
   # https://stackoverflow.com/a/47501059/1148249
   alias __MODULE__
@@ -16,6 +17,15 @@ defmodule Auth.PeopleRoles do
     timestamps()
   end
 
+  @doc """
+  Returns the list of people_roles.
+  """
+  def list_people_roles do
+    Repo.all(from pr in __MODULE__, preload: [:person, :role])
+  end
+
+
+
   @doc """
   grant_role/3 grants a role to the given person
   the conn must have conn.assigns.person to check for admin in order to grant the role.
@@ -23,7 +33,7 @@ defmodule Auth.PeopleRoles do
   def grant_role(conn, grantee_id, role_id) do
     granter = conn.assigns.person
     # IO.inspect(granter, label: "granter")
-    # confirm that the granter is either superadmin (conn.assigns.person.id == 1) 
+    # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     if granter.id == 1 do
       %PeopleRoles{}
diff --git a/lib/auth/permission.ex b/lib/auth/permission.ex
index 9ef99ef7..0b01d219 100644
--- a/lib/auth/permission.ex
+++ b/lib/auth/permission.ex
@@ -1,6 +1,6 @@
 defmodule Auth.Permission do
   @moduledoc """
-  Defines Rermission schema and CRUD functions
+  Defines permissions schema and CRUD functions
   """
   use Ecto.Schema
   import Ecto.Changeset
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 5f08b82a..228eaad4 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -1,13 +1,13 @@
 defmodule Auth.Role do
   @moduledoc """
-  Defines Role schema and CRUD functions
+  Defines roles schema and CRUD functions
   """
   use Ecto.Schema
   import Ecto.Changeset
   import Ecto.Query, warn: false
   alias Auth.Repo
   # https://stackoverflow.com/a/47501059/1148249
-  alias __MODULE__
+  alias __MODULE__ 
 
   schema "roles" do
     field :desc, :string
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 461217a1..06dc1e48 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -4,14 +4,20 @@ defmodule AuthWeb.PeopleRolesTest do
   test "grant_role/3 happy path", %{conn: conn} do
     # login as superadmin
     conn = AuthTest.admin_login(conn)
-    # create a new person 
+    # create a new person
     alex = %{email: "alex_grant_role@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
     role_id = 4
     Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id)
+    person_with_role = Auth.Person.get_person_by_id(grantee.id) # |> IO.inspect()
     role = List.first(person_with_role.roles)
     assert role_id == role.id
+
+    # check the latest people_roles record:
+    pr = List.last(Auth.PeopleRoles.list_people_roles())
+    assert pr.granter_id == 1
+    assert pr.person_id == grantee.id
+
   end
 
   test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
@@ -20,7 +26,6 @@ defmodule AuthWeb.PeopleRolesTest do
     conn = assign(conn, :person, grantee)
     role_id = 4
     conn = Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
-
     assert conn.status == 401
   end
 end
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index 24e3bc1f..83f42d82 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -39,9 +39,7 @@ defmodule AuthWeb.ConnCase do
       Ecto.Adapters.SQL.Sandbox.mode(Auth.Repo, {:shared, self()})
     end
 
-    conn =
-      Phoenix.ConnTest.build_conn()
-      |> Phoenix.ConnTest.init_test_session(%{})
+    conn = Phoenix.ConnTest.init_test_session(Phoenix.ConnTest.build_conn, %{})
 
     # invoke Plug.Test.init_test_session/2 to setup the test session
     # before attempting to set a JWT. see:

From 198b3fb7c912259cc5c2077fe66860477f8beb16 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 20 Aug 2020 19:50:46 +0100
Subject: [PATCH 039/166] simplify Auth.PeopleRoles.insert/3 to not use conn as
 discussed with @th0mas in
 https://github.com/dwyl/auth/pull/85#discussion_r473914644

---
 lib/auth/people_roles.ex                    | 27 ++++++-------------
 lib/auth/role.ex                            |  2 +-
 lib/auth_web/controllers/role_controller.ex | 16 +++++++++++
 test/auth/people_roles_test.exs             | 30 ++++++++++-----------
 test/support/conn_case.ex                   |  2 +-
 5 files changed, 40 insertions(+), 37 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 95529893..e7f0d989 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -18,33 +18,22 @@ defmodule Auth.PeopleRoles do
   end
 
   @doc """
-  Returns the list of people_roles.
+  Returns the list of people_roles with all people data.
+  This is useful for displaying the data in a admin overview table.
   """
   def list_people_roles do
     Repo.all(from pr in __MODULE__, preload: [:person, :role])
   end
 
-
-
   @doc """
   grant_role/3 grants a role to the given person
   the conn must have conn.assigns.person to check for admin in order to grant the role.
   """
-  def grant_role(conn, grantee_id, role_id) do
-    granter = conn.assigns.person
-    # IO.inspect(granter, label: "granter")
-    # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
-    # or has an "admin" role (1 || 2)
-    if granter.id == 1 do
-      %PeopleRoles{}
-      |> cast(%{granter_id: granter.id}, [:granter_id])
-      |> put_assoc(:person, Auth.Person.get_person_by_id(grantee_id))
-      |> put_assoc(:role, Auth.Role.get_role!(role_id))
-      |> Repo.insert()
-
-      conn
-    else
-      AuthWeb.AuthController.unauthorized(conn)
-    end
+  def insert(granter_id, grantee_id, role_id) do
+    %PeopleRoles{}
+    |> cast(%{granter_id: granter_id}, [:granter_id])
+    |> put_assoc(:person, Auth.Person.get_person_by_id(grantee_id))
+    |> put_assoc(:role, Auth.Role.get_role!(role_id))
+    |> Repo.insert()
   end
 end
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 228eaad4..2e1fba9a 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -7,7 +7,7 @@ defmodule Auth.Role do
   import Ecto.Query, warn: false
   alias Auth.Repo
   # https://stackoverflow.com/a/47501059/1148249
-  alias __MODULE__ 
+  alias __MODULE__
 
   schema "roles" do
     field :desc, :string
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 3ce9ec11..b42f27b4 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -58,4 +58,20 @@ defmodule AuthWeb.RoleController do
     |> put_flash(:info, "Role deleted successfully.")
     |> redirect(to: Routes.role_path(conn, :index))
   end
+
+  @doc """
+  grant_role/3 grants a role to the given person
+  the conn must have conn.assigns.person to check for admin in order to grant the role.
+  grantee_id should be a valid person.id (the person you want to grant the role to) and
+  role_id a valid role.id
+  """
+  # def grant_role(conn, grantee_id, role_id) do
+  #   # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
+  #   # or has an "admin" role (1 || 2)
+  #   if granter.id == 1 do
+  #     conn
+  #   else
+  #     AuthWeb.AuthController.unauthorized(conn)
+  #   end
+  # end
 end
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 06dc1e48..bd5e54eb 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -1,15 +1,14 @@
 defmodule AuthWeb.PeopleRolesTest do
-  use AuthWeb.ConnCase
+  use Auth.DataCase
 
-  test "grant_role/3 happy path", %{conn: conn} do
-    # login as superadmin
-    conn = AuthTest.admin_login(conn)
-    # create a new person
+  test "Auth.PeopleRoles.insert/3 happy path" do
+    # create a new person:
     alex = %{email: "alex_grant_role@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
     role_id = 4
-    Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id) # |> IO.inspect()
+    # grant the "creator" role (id: 4) to the new person:
+    Auth.PeopleRoles.insert(1, grantee.id, role_id)
+    person_with_role = Auth.Person.get_person_by_id(grantee.id)
     role = List.first(person_with_role.roles)
     assert role_id == role.id
 
@@ -17,15 +16,14 @@ defmodule AuthWeb.PeopleRolesTest do
     pr = List.last(Auth.PeopleRoles.list_people_roles())
     assert pr.granter_id == 1
     assert pr.person_id == grantee.id
-
   end
 
-  test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
-    alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
-    grantee = Auth.Person.create_person(alex)
-    conn = assign(conn, :person, grantee)
-    role_id = 4
-    conn = Auth.PeopleRoles.grant_role(conn, grantee.id, role_id)
-    assert conn.status == 401
-  end
+  # test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
+  #   alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
+  #   grantee = Auth.Person.create_person(alex)
+  #   conn = assign(conn, :person, grantee)
+  #   role_id = 4
+  #   conn = Auth.PeopleRoles.insert(conn, grantee.id, role_id)
+  #   assert conn.status == 401
+  # end
 end
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index 83f42d82..63bf95df 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -39,7 +39,7 @@ defmodule AuthWeb.ConnCase do
       Ecto.Adapters.SQL.Sandbox.mode(Auth.Repo, {:shared, self()})
     end
 
-    conn = Phoenix.ConnTest.init_test_session(Phoenix.ConnTest.build_conn, %{})
+    conn = Phoenix.ConnTest.init_test_session(Phoenix.ConnTest.build_conn(), %{})
 
     # invoke Plug.Test.init_test_session/2 to setup the test session
     # before attempting to set a JWT. see:

From d3fa7de6e93a82d077b2e959b31f52ac95f42950 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 21 Aug 2020 09:14:47 +0100
Subject: [PATCH 040/166] update @doc comment for PeopleRoles.insert/3
 https://github.com/dwyl/auth/pull/85#discussion_r473914644

---
 lib/auth/people_roles.ex                    | 8 +++++---
 lib/auth_web/controllers/role_controller.ex | 5 +++++
 test/auth/people_roles_test.exs             | 2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index e7f0d989..8bd083aa 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -18,7 +18,7 @@ defmodule Auth.PeopleRoles do
   end
 
   @doc """
-  Returns the list of people_roles with all people data.
+  list_people_roles/0 returns the list of people_roles with all people data.
   This is useful for displaying the data in a admin overview table.
   """
   def list_people_roles do
@@ -26,8 +26,10 @@ defmodule Auth.PeopleRoles do
   end
 
   @doc """
-  grant_role/3 grants a role to the given person
-  the conn must have conn.assigns.person to check for admin in order to grant the role.
+  insert/3 grants a role to the given person
+  granter_id is the id of the person (admin) granting the role
+  grantee_id is the person.id of the person being granted the role
+  role_id is the role.id (int, e.g: 4) of th role being granted.
   """
   def insert(granter_id, grantee_id, role_id) do
     %PeopleRoles{}
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index b42f27b4..7e99f2d8 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -5,6 +5,7 @@ defmodule AuthWeb.RoleController do
 
   def index(conn, _params) do
     roles = Role.list_roles()
+    IO.inspect(conn.assigns.person, label: "conn.assigns.person")
     render(conn, "index.html", roles: roles)
   end
 
@@ -68,10 +69,14 @@ defmodule AuthWeb.RoleController do
   # def grant_role(conn, grantee_id, role_id) do
   #   # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
   #   # or has an "admin" role (1 || 2)
+  #   granter = conn.assigns.person
+
   #   if granter.id == 1 do
   #     conn
   #   else
   #     AuthWeb.AuthController.unauthorized(conn)
   #   end
   # end
+
+
 end
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index bd5e54eb..9149f8fe 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -8,7 +8,7 @@ defmodule AuthWeb.PeopleRolesTest do
     role_id = 4
     # grant the "creator" role (id: 4) to the new person:
     Auth.PeopleRoles.insert(1, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id)
+    person_with_role = Auth.Person.get_person_by_id(grantee.id) |> IO.inspect()
     role = List.first(person_with_role.roles)
     assert role_id == role.id
 

From 9dfc9decc825a65be509e1a973076110fc87cdfc Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 21 Aug 2020 22:30:37 +0100
Subject: [PATCH 041/166] use RBAC v0.2.0 to transform roles from List of
 Maps/Structs to String for #91

---
 lib/auth/person.ex                            | 15 ++++--
 lib/auth_web/controllers/auth_controller.ex   |  6 ++-
 mix.exs                                       |  5 +-
 mix.lock                                      |  1 +
 priv/repo/seeds.exs                           |  4 +-
 test/auth/people_roles_test.exs               | 13 +++--
 .../controllers/apikey_controller_test.exs    | 47 ++++++++++---------
 .../controllers/auth_controller_test.exs      |  7 +--
 test/test_helper.exs                          |  8 +++-
 9 files changed, 63 insertions(+), 43 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 002f5bba..c2dce850 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -35,7 +35,7 @@ defmodule Auth.Person do
   @doc """
   Default attributes validation for Person
   """
-  def changeset(person, attrs, roles \\ []) do
+  def changeset(person, attrs) do
     # IO.inspect(person, label: "changeset > person")
     # IO.inspect(attrs, label: "changeset > attrs")
     # IO.inspect(roles, label: "changeset > roles")
@@ -58,7 +58,6 @@ defmodule Auth.Person do
     |> validate_required([:email])
     |> put_email_hash()
     |> put_pass_hash()
-    |> put_assoc(:roles, roles)
   end
 
   def create_person(person) do
@@ -66,6 +65,7 @@ defmodule Auth.Person do
       %Person{}
       |> changeset(person)
       |> put_email_status_verified()
+      |> put_assoc(:roles, [ Auth.Role.get_role!(6) ])
 
     case get_person_by_email(person.changes.email) do
       nil ->
@@ -164,8 +164,10 @@ defmodule Auth.Person do
   end
 
   def create_google_person(profile) do
-    transform_google_profile_data_to_person(profile)
+    person = transform_google_profile_data_to_person(profile)
     |> upsert_person()
+
+    Map.replace!(person, :roles, RBAC.transform_role_list_to_string(person.roles))
   end
 
   # @doc """
@@ -200,7 +202,9 @@ defmodule Auth.Person do
 
   def verify_person_by_id(id) do
     person = get_person_by_id(id)
-    %{email: person.email, status: get_status_verified()} |> upsert_person()
+    %{email: person.email, status: get_status_verified()}
+    |> upsert_person()
+
   end
 
   def get_person_by_id(id) do
@@ -246,7 +250,8 @@ defmodule Auth.Person do
           changeset(%Person{id: ep.id}, merged)
           |> Repo.update()
 
-        person
+        # ensure that the preloads are returned:
+        get_person_by_email(person.email)
     end
   end
 
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 50eedbd1..b0c288b5 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -340,6 +340,9 @@ defmodule AuthWeb.AuthController do
 
     if changeset.valid? do
       person = Auth.Person.upsert_person(%{email: email, password: p["password"]})
+      # replace %Auth.Role{} struct with string  github.com/dwyl/rbac/issues/4
+      person = Map.replace!(person, :roles,
+        RBAC.transform_role_list_to_string(person.roles))
       redirect_or_render(conn, person, p["state"])
     else
       conn
@@ -447,7 +450,8 @@ defmodule AuthWeb.AuthController do
       id: person.id,
       picture: person.picture,
       status: person.status,
-      email: person.email
+      email: person.email,
+      roles: RBAC.transform_role_list_to_string(person.roles)
     }
 
     jwt = AuthPlug.Token.generate_jwt!(data, client_secret)
diff --git a/mix.exs b/mix.exs
index aef11f5c..bfeb7cf2 100644
--- a/mix.exs
+++ b/mix.exs
@@ -1,7 +1,4 @@
 defmodule Auth.Mixfile do
-  @moduledoc """
-  Defines the Mix Project, Dependencies and Scripts
-  """
   use Mix.Project
 
   def project do
@@ -66,6 +63,8 @@ defmodule Auth.Mixfile do
       {:elixir_auth_google, "~> 1.3.0"},
       # https://github.com/dwyl/auth_plug
       {:auth_plug, "1.2.0"},
+      # https://github.com/dwyl/rbac
+      {:rbac, "~> 0.2.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
       {:fields, "~> 2.6.0"},
diff --git a/mix.lock b/mix.lock
index 737d4801..3d5f2dd0 100644
--- a/mix.lock
+++ b/mix.lock
@@ -52,6 +52,7 @@
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"},
   "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
+  "rbac": {:hex, :rbac, "0.2.0", "ed77a2bcad9e8bc4879d887a288a216be85641f06cecd0d2a84eaadc97c2ade8", [:mix], [], "hexpm", "78f37cffcff1675957c2c510d2052e5e9a99053ec205e3c695609dcc9cd306bd"},
   "sobelow": {:hex, :sobelow, "0.10.2", "00e91208046d3b434f9f08779fe0ca7c6d6595b7fa33b289e792dffa6dde8081", [:mix], [], "hexpm", "e30fc994330cf6f485c1c4f2fb7c4b2d403557d0e101c6e5329fd17a58e55a7e"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "stream_data": {:hex, :stream_data, "0.4.3", "62aafd870caff0849a5057a7ec270fad0eb86889f4d433b937d996de99e3db25", [:mix], [], "hexpm", "7dafd5a801f0bc897f74fcd414651632b77ca367a7ae4568778191fc3bf3a19a"},
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 862adb00..a8c39ebd 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -119,9 +119,7 @@ defmodule SetupRoles do
       # |> IO.inspect()
     end)
   end
-
-  def assign_superadmin_role() do
-  end
 end
 
 SetupRoles.create_default_roles()
+Auth.PeopleRoles.insert(1, 1, 1)
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 9149f8fe..e1f110f7 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -8,12 +8,14 @@ defmodule AuthWeb.PeopleRolesTest do
     role_id = 4
     # grant the "creator" role (id: 4) to the new person:
     Auth.PeopleRoles.insert(1, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id) |> IO.inspect()
-    role = List.first(person_with_role.roles)
-    assert role_id == role.id
+    person_with_role = Auth.Person.get_person_by_id(grantee.id) # |> IO.inspect()
+    roles = RBAC.transform_role_list_to_string(person_with_role.roles)
+    assert roles =~ Integer.to_string(role_id)
 
     # check the latest people_roles record:
-    pr = List.last(Auth.PeopleRoles.list_people_roles())
+    list = Auth.PeopleRoles.list_people_roles()
+    # IO.inspect(list, label: "list")
+    pr = List.last(list)
     assert pr.granter_id == 1
     assert pr.person_id == grantee.id
   end
@@ -26,4 +28,7 @@ defmodule AuthWeb.PeopleRolesTest do
   #   conn = Auth.PeopleRoles.insert(conn, grantee.id, role_id)
   #   assert conn.status == 401
   # end
+  # test "get list of roles" do
+  #   Auth.Role.list_roles() |> IO.inspect()
+  # end
 end
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 5e19411d..6005a1f4 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -131,13 +131,13 @@ defmodule AuthWeb.ApikeyControllerTest do
     test "attempt to edit a key I don't own > should 404", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
 
-      wrong_person =
-        Auth.Person.create_person(%{
-          email: "wrong@gmail.com",
-          auth_provider: "email"
-        })
-
-      conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      wrong_person_data = %{
+        email: "wronger@gmail.com",
+        auth_provider: "email",
+        id: 42
+      }
+      Auth.Person.create_person(wrong_person_data)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -152,7 +152,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   describe "update apikey" do
     test "redirects when data is valid", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = AuthPlug.create_jwt_session(conn, %{id: person.id})
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -168,7 +168,7 @@ defmodule AuthWeb.ApikeyControllerTest do
 
     test "renders errors when data is invalid", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -182,13 +182,13 @@ defmodule AuthWeb.ApikeyControllerTest do
     test "attempt to UPDATE a key I don't own > should 404", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
       # create session with wrong person:
-      wrong_person =
-        Auth.Person.create_person(%{
-          email: "wronger@gmail.com",
-          auth_provider: "email"
-        })
-
-      conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      wrong_person_data = %{
+        email: "wronger@gmail.com",
+        auth_provider: "email",
+        id: 42
+      }
+      Auth.Person.create_person(wrong_person_data)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000", "person_id" => person.id}
@@ -203,7 +203,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   describe "delete apikey" do
     test "deletes chosen apikey", %{conn: conn} do
       person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, person)
+      conn = admin_login(conn)
 
       {:ok, key} =
         %{"name" => "test key", "url" => "http://localhost:4000"}
@@ -219,13 +219,14 @@ defmodule AuthWeb.ApikeyControllerTest do
     end
 
     test "cannot delete a key belonging to someone else! 404", %{conn: conn} do
-      wrong_person =
-        Auth.Person.create_person(%{
-          email: "wrongin@gmail.com",
-          auth_provider: "email"
-        })
 
-      conn = AuthPlug.create_jwt_session(conn, wrong_person)
+      wrong_person_data = %{
+        email: "wronger@gmail.com",
+        auth_provider: "email",
+        id: 42
+      }
+      Auth.Person.create_person(wrong_person_data)
+      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
       person = Auth.Person.get_person_by_email(@email)
 
       {:ok, key} =
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 74ff3c82..73effbcb 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -127,11 +127,11 @@ defmodule AuthWeb.AuthControllerTest do
       auth_provider: "google"
     }
 
-    person = Auth.Person.upsert_person(data)
+    Auth.Person.upsert_person(data)
 
     conn =
-      AuthPlug.create_jwt_session(conn, person)
-      |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
+    AuthPlug.create_jwt_session(conn, data)
+    |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
 
     assert html_response(conn, 200) =~ "Google account"
   end
@@ -320,6 +320,7 @@ defmodule AuthWeb.AuthControllerTest do
 
     link = AuthWeb.AuthController.make_verify_link(conn, person, state)
     link = "/auth/verify" <> List.last(String.split(link, "/auth/verify"))
+
     conn = get(conn, link, %{})
     assert html_response(conn, 302) =~ "redirected"
   end
diff --git a/test/test_helper.exs b/test/test_helper.exs
index f0a5fa15..57aeb927 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -11,6 +11,12 @@ defmodule AuthTest do
   """
   def admin_login(conn) do
     person = Auth.Person.get_person_by_email(@admin_email)
-    AuthPlug.create_jwt_session(conn, person)
+    data = %{
+      id: person.id,
+      email: person.email,
+      auth_provider: person.auth_provider
+    }
+    # IO.inspect(person, label: "person")
+    AuthPlug.create_jwt_session(conn, data)
   end
 end

From aed44b8b8a1a372f5b6a468420bc2366be87d555 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 21 Aug 2020 22:34:52 +0100
Subject: [PATCH 042/166] mix format

---
 lib/auth/person.ex                                   | 9 +++++----
 lib/auth_web/controllers/auth_controller.ex          | 3 +--
 lib/auth_web/controllers/role_controller.ex          | 4 +---
 test/auth/people_roles_test.exs                      | 3 ++-
 test/auth_web/controllers/apikey_controller_test.exs | 4 +++-
 test/auth_web/controllers/auth_controller_test.exs   | 4 ++--
 test/test_helper.exs                                 | 2 ++
 7 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index c2dce850..d0a11036 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -65,7 +65,7 @@ defmodule Auth.Person do
       %Person{}
       |> changeset(person)
       |> put_email_status_verified()
-      |> put_assoc(:roles, [ Auth.Role.get_role!(6) ])
+      |> put_assoc(:roles, [Auth.Role.get_role!(6)])
 
     case get_person_by_email(person.changes.email) do
       nil ->
@@ -164,8 +164,9 @@ defmodule Auth.Person do
   end
 
   def create_google_person(profile) do
-    person = transform_google_profile_data_to_person(profile)
-    |> upsert_person()
+    person =
+      transform_google_profile_data_to_person(profile)
+      |> upsert_person()
 
     Map.replace!(person, :roles, RBAC.transform_role_list_to_string(person.roles))
   end
@@ -202,9 +203,9 @@ defmodule Auth.Person do
 
   def verify_person_by_id(id) do
     person = get_person_by_id(id)
+
     %{email: person.email, status: get_status_verified()}
     |> upsert_person()
-
   end
 
   def get_person_by_id(id) do
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index b0c288b5..30b605d8 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -341,8 +341,7 @@ defmodule AuthWeb.AuthController do
     if changeset.valid? do
       person = Auth.Person.upsert_person(%{email: email, password: p["password"]})
       # replace %Auth.Role{} struct with string  github.com/dwyl/rbac/issues/4
-      person = Map.replace!(person, :roles,
-        RBAC.transform_role_list_to_string(person.roles))
+      person = Map.replace!(person, :roles, RBAC.transform_role_list_to_string(person.roles))
       redirect_or_render(conn, person, p["state"])
     else
       conn
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 7e99f2d8..1e0b8399 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -5,7 +5,7 @@ defmodule AuthWeb.RoleController do
 
   def index(conn, _params) do
     roles = Role.list_roles()
-    IO.inspect(conn.assigns.person, label: "conn.assigns.person")
+    # IO.inspect(conn.assigns.person, label: "conn.assigns.person")
     render(conn, "index.html", roles: roles)
   end
 
@@ -77,6 +77,4 @@ defmodule AuthWeb.RoleController do
   #     AuthWeb.AuthController.unauthorized(conn)
   #   end
   # end
-
-
 end
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index e1f110f7..1f07557d 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -8,7 +8,8 @@ defmodule AuthWeb.PeopleRolesTest do
     role_id = 4
     # grant the "creator" role (id: 4) to the new person:
     Auth.PeopleRoles.insert(1, grantee.id, role_id)
-    person_with_role = Auth.Person.get_person_by_id(grantee.id) # |> IO.inspect()
+    # |> IO.inspect()
+    person_with_role = Auth.Person.get_person_by_id(grantee.id)
     roles = RBAC.transform_role_list_to_string(person_with_role.roles)
     assert roles =~ Integer.to_string(role_id)
 
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 6005a1f4..1d717704 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -136,6 +136,7 @@ defmodule AuthWeb.ApikeyControllerTest do
         auth_provider: "email",
         id: 42
       }
+
       Auth.Person.create_person(wrong_person_data)
       conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
@@ -187,6 +188,7 @@ defmodule AuthWeb.ApikeyControllerTest do
         auth_provider: "email",
         id: 42
       }
+
       Auth.Person.create_person(wrong_person_data)
       conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
@@ -219,12 +221,12 @@ defmodule AuthWeb.ApikeyControllerTest do
     end
 
     test "cannot delete a key belonging to someone else! 404", %{conn: conn} do
-
       wrong_person_data = %{
         email: "wronger@gmail.com",
         auth_provider: "email",
         id: 42
       }
+
       Auth.Person.create_person(wrong_person_data)
       conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
       person = Auth.Person.get_person_by_email(@email)
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 73effbcb..592410e8 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -130,8 +130,8 @@ defmodule AuthWeb.AuthControllerTest do
     Auth.Person.upsert_person(data)
 
     conn =
-    AuthPlug.create_jwt_session(conn, data)
-    |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
+      AuthPlug.create_jwt_session(conn, data)
+      |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
 
     assert html_response(conn, 200) =~ "Google account"
   end
diff --git a/test/test_helper.exs b/test/test_helper.exs
index 57aeb927..368e8cf5 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -11,11 +11,13 @@ defmodule AuthTest do
   """
   def admin_login(conn) do
     person = Auth.Person.get_person_by_email(@admin_email)
+
     data = %{
       id: person.id,
       email: person.email,
       auth_provider: person.auth_provider
     }
+
     # IO.inspect(person, label: "person")
     AuthPlug.create_jwt_session(conn, data)
   end

From 89acf448be3afb3d8f1071d3e190d616b558a252 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 21 Aug 2020 23:03:07 +0100
Subject: [PATCH 043/166] apply credo fixes

---
 lib/auth/person.ex              | 4 +---
 test/auth/people_roles_test.exs | 1 -
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index d0a11036..d5838468 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -203,9 +203,7 @@ defmodule Auth.Person do
 
   def verify_person_by_id(id) do
     person = get_person_by_id(id)
-
-    %{email: person.email, status: get_status_verified()}
-    |> upsert_person()
+    upsert_person(%{email: person.email, status: get_status_verified()})
   end
 
   def get_person_by_id(id) do
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 1f07557d..07844470 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -8,7 +8,6 @@ defmodule AuthWeb.PeopleRolesTest do
     role_id = 4
     # grant the "creator" role (id: 4) to the new person:
     Auth.PeopleRoles.insert(1, grantee.id, role_id)
-    # |> IO.inspect()
     person_with_role = Auth.Person.get_person_by_id(grantee.id)
     roles = RBAC.transform_role_list_to_string(person_with_role.roles)
     assert roles =~ Integer.to_string(role_id)

From f0a7782d2778ec2d7382d959569d6fc3074e94a6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 00:31:25 +0100
Subject: [PATCH 044/166] add :revoked field to people_roles migration and
 schema for #92

---
 lib/auth/people_roles.ex                                    | 1 +
 lib/auth/person.ex                                          | 2 ++
 priv/repo/migrations/20200723154847_create_people_roles.exs | 1 +
 3 files changed, 4 insertions(+)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 8bd083aa..ab7f4ee2 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -13,6 +13,7 @@ defmodule Auth.PeopleRoles do
     belongs_to :person, Auth.Person
     belongs_to :role, Auth.Role
     field :granter_id, :integer
+    field :revoked, :naive_datetime
 
     timestamps()
   end
diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index d5838468..bc3a3e2f 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -65,7 +65,9 @@ defmodule Auth.Person do
       %Person{}
       |> changeset(person)
       |> put_email_status_verified()
+      # assign default role of "subscriber":
       |> put_assoc(:roles, [Auth.Role.get_role!(6)])
+      # other roles can be assigned in the UI
 
     case get_person_by_email(person.changes.email) do
       nil ->
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
index eb7cd985..df5abe8c 100644
--- a/priv/repo/migrations/20200723154847_create_people_roles.exs
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -6,6 +6,7 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
       add :person_id, references(:people, on_delete: :nothing)
       add :role_id, references(:roles, on_delete: :nothing)
       add :granter_id, references(:people, on_delete: :nothing)
+      add :revoked, :naive_datetime
 
       timestamps()
     end

From 3218d5c3f68ca29333834d51a0698d7dfe138ac7 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 01:25:31 +0100
Subject: [PATCH 045/166] use RBAC v.0.3.0 containing check for :revoked roles
 #92

---
 lib/auth/people_roles.ex                         | 16 ++++++++++++++++
 lib/auth/person.ex                               |  6 +-----
 mix.exs                                          |  2 +-
 mix.lock                                         |  2 +-
 .../20200723154847_create_people_roles.exs       |  1 +
 test/auth/people_roles_test.exs                  | 14 ++------------
 .../controllers/role_controller_test.exs         | 12 ++++++++++++
 7 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index ab7f4ee2..f7fdf229 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -14,6 +14,7 @@ defmodule Auth.PeopleRoles do
     belongs_to :role, Auth.Role
     field :granter_id, :integer
     field :revoked, :naive_datetime
+    field :revoker_id, :integer
 
     timestamps()
   end
@@ -39,4 +40,19 @@ defmodule Auth.PeopleRoles do
     |> put_assoc(:role, Auth.Role.get_role!(role_id))
     |> Repo.insert()
   end
+
+  @doc """
+  revoke/3 grants a role to the given person
+  granter_id is the id of the person (admin) granting the role
+  grantee_id is the person.id of the person being granted the role
+  role_id is the role.id (int, e.g: 4) of th role being granted.
+  """
+  def revoke(granter_id, grantee_id, role_id) do
+    %PeopleRoles{}
+    |> cast(%{granter_id: granter_id}, [:granter_id])
+    |> put_assoc(:person, Auth.Person.get_person_by_id(grantee_id))
+    |> put_assoc(:role, Auth.Role.get_role!(role_id))
+    |> Repo.insert()
+  end
+
 end
diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index bc3a3e2f..f86bb341 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -246,11 +246,7 @@ defmodule Auth.Person do
       # existing person
       ep ->
         merged = Map.merge(AuthPlug.Helpers.strip_struct_metadata(ep), person)
-
-        {:ok, person} =
-          changeset(%Person{id: ep.id}, merged)
-          |> Repo.update()
-
+        {:ok, person} = Repo.update(changeset(%Person{id: ep.id}, merged))
         # ensure that the preloads are returned:
         get_person_by_email(person.email)
     end
diff --git a/mix.exs b/mix.exs
index bfeb7cf2..b771494c 100644
--- a/mix.exs
+++ b/mix.exs
@@ -64,7 +64,7 @@ defmodule Auth.Mixfile do
       # https://github.com/dwyl/auth_plug
       {:auth_plug, "1.2.0"},
       # https://github.com/dwyl/rbac
-      {:rbac, "~> 0.2.0"},
+      {:rbac, "~> 0.3.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
       {:fields, "~> 2.6.0"},
diff --git a/mix.lock b/mix.lock
index 3d5f2dd0..e000f255 100644
--- a/mix.lock
+++ b/mix.lock
@@ -52,7 +52,7 @@
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"},
   "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
-  "rbac": {:hex, :rbac, "0.2.0", "ed77a2bcad9e8bc4879d887a288a216be85641f06cecd0d2a84eaadc97c2ade8", [:mix], [], "hexpm", "78f37cffcff1675957c2c510d2052e5e9a99053ec205e3c695609dcc9cd306bd"},
+  "rbac": {:hex, :rbac, "0.3.0", "81ef1f898da2da61ed3b054822b98915005b1b07ed1b7d32071d41cd3ce93d84", [:mix], [], "hexpm", "ccba5f1bd58c351e58596ca3fbfd1e49391e4e6aedfac0ae08f54baea43a66dc"},
   "sobelow": {:hex, :sobelow, "0.10.2", "00e91208046d3b434f9f08779fe0ca7c6d6595b7fa33b289e792dffa6dde8081", [:mix], [], "hexpm", "e30fc994330cf6f485c1c4f2fb7c4b2d403557d0e101c6e5329fd17a58e55a7e"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "stream_data": {:hex, :stream_data, "0.4.3", "62aafd870caff0849a5057a7ec270fad0eb86889f4d433b937d996de99e3db25", [:mix], [], "hexpm", "7dafd5a801f0bc897f74fcd414651632b77ca367a7ae4568778191fc3bf3a19a"},
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
index df5abe8c..ea14dc14 100644
--- a/priv/repo/migrations/20200723154847_create_people_roles.exs
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -7,6 +7,7 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
       add :role_id, references(:roles, on_delete: :nothing)
       add :granter_id, references(:people, on_delete: :nothing)
       add :revoked, :naive_datetime
+      add :revoker_id, references(:people, on_delete: :nothing)
 
       timestamps()
     end
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 07844470..2eefdb6f 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -13,22 +13,12 @@ defmodule AuthWeb.PeopleRolesTest do
     assert roles =~ Integer.to_string(role_id)
 
     # check the latest people_roles record:
-    list = Auth.PeopleRoles.list_people_roles()
+    list = Auth.PeopleRoles.list_people_roles() |> IO.inspect()
     # IO.inspect(list, label: "list")
     pr = List.last(list)
     assert pr.granter_id == 1
     assert pr.person_id == grantee.id
   end
 
-  # test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
-  #   alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
-  #   grantee = Auth.Person.create_person(alex)
-  #   conn = assign(conn, :person, grantee)
-  #   role_id = 4
-  #   conn = Auth.PeopleRoles.insert(conn, grantee.id, role_id)
-  #   assert conn.status == 401
-  # end
-  # test "get list of roles" do
-  #   Auth.Role.list_roles() |> IO.inspect()
-  # end
+  # test "Auth.PeopleRoles.revoke/3 "
 end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 5bb16972..2541416b 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -103,4 +103,16 @@ defmodule AuthWeb.RoleControllerTest do
     role = fixture(:role)
     %{role: role}
   end
+
+  # test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
+  #   alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
+  #   grantee = Auth.Person.create_person(alex)
+  #   conn = assign(conn, :person, grantee)
+  #   role_id = 4
+  #   conn = Auth.PeopleRoles.insert(conn, grantee.id, role_id)
+  #   assert conn.status == 401
+  # end
+  # test "get list of roles" do
+  #   Auth.Role.list_roles() |> IO.inspect()
+  # end
 end

From 361648db54359ee72a0cd771dc8fe851f0c41919 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 01:54:18 +0100
Subject: [PATCH 046/166] create Auth.PeopleRoles.revoke/3 + tests for #92

---
 lib/auth/people_roles.ex                      | 36 ++++++++++++++-----
 .../20200723154847_create_people_roles.exs    |  3 +-
 priv/repo/seeds.exs                           |  1 +
 test/auth/people_roles_test.exs               | 34 ++++++++++++++++--
 4 files changed, 62 insertions(+), 12 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index f7fdf229..a4f0f032 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -13,7 +13,7 @@ defmodule Auth.PeopleRoles do
     belongs_to :person, Auth.Person
     belongs_to :role, Auth.Role
     field :granter_id, :integer
-    field :revoked, :naive_datetime
+    field :revoked, :utc_datetime
     field :revoker_id, :integer
 
     timestamps()
@@ -27,6 +27,19 @@ defmodule Auth.PeopleRoles do
     Repo.all(from pr in __MODULE__, preload: [:person, :role])
   end
 
+  @doc """
+  get_record/0 returns the record where the person was granted a role.
+  """
+  def get_record(person_id, role_id) do
+    # Repo.all(from pr in __MODULE__, preload: [:person, :role])
+    from(pr in __MODULE__,
+      where: pr.person_id == ^person_id
+      and pr.role_id == ^role_id,
+      preload: [:person, :role]
+      )
+    |> Repo.one()
+  end
+
   @doc """
   insert/3 grants a role to the given person
   granter_id is the id of the person (admin) granting the role
@@ -43,16 +56,23 @@ defmodule Auth.PeopleRoles do
 
   @doc """
   revoke/3 grants a role to the given person
-  granter_id is the id of the person (admin) granting the role
+  revoker_id is the id of the person (admin) granting the role
   grantee_id is the person.id of the person being granted the role
   role_id is the role.id (int, e.g: 4) of th role being granted.
   """
-  def revoke(granter_id, grantee_id, role_id) do
-    %PeopleRoles{}
-    |> cast(%{granter_id: granter_id}, [:granter_id])
-    |> put_assoc(:person, Auth.Person.get_person_by_id(grantee_id))
-    |> put_assoc(:role, Auth.Role.get_role!(role_id))
-    |> Repo.insert()
+  def revoke(revoker_id, person_id, role_id) do
+    # get the people_role record that needs to be updated (revoked)
+    record = get_record(person_id, role_id)
+
+    record
+    # |> Map.delete(:__meta__)
+    |> cast(
+      %{revoker_id: revoker_id, revoked: DateTime.utc_now},
+      [:revoker_id, :revoked]
+    )
+    # |> put_assoc(:person, Auth.Person.get_person_by_id(person_id))
+    # |> put_assoc(:role, Auth.Role.get_role!(role_id))
+    |> Repo.update()
   end
 
 end
diff --git a/priv/repo/migrations/20200723154847_create_people_roles.exs b/priv/repo/migrations/20200723154847_create_people_roles.exs
index ea14dc14..f71062b8 100644
--- a/priv/repo/migrations/20200723154847_create_people_roles.exs
+++ b/priv/repo/migrations/20200723154847_create_people_roles.exs
@@ -6,7 +6,8 @@ defmodule Auth.Repo.Migrations.CreatePeopleRoles do
       add :person_id, references(:people, on_delete: :nothing)
       add :role_id, references(:roles, on_delete: :nothing)
       add :granter_id, references(:people, on_delete: :nothing)
-      add :revoked, :naive_datetime
+      # elixirforum.com/t/difference-between-utc-datetime-and-naive-datetime/12551
+      add :revoked, :utc_datetime
       add :revoker_id, references(:people, on_delete: :nothing)
 
       timestamps()
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index a8c39ebd..41152667 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -122,4 +122,5 @@ defmodule SetupRoles do
 end
 
 SetupRoles.create_default_roles()
+# grant superadmin role to app owner:
 Auth.PeopleRoles.insert(1, 1, 1)
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 2eefdb6f..7fc7c15c 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -8,17 +8,45 @@ defmodule AuthWeb.PeopleRolesTest do
     role_id = 4
     # grant the "creator" role (id: 4) to the new person:
     Auth.PeopleRoles.insert(1, grantee.id, role_id)
+
+    # confirm people_roles record exists:
+    record = Auth.PeopleRoles.get_record(grantee.id, role_id)
+    assert record.person_id == grantee.id
+    assert record.role_id == role_id
+    assert record.granter_id == 1
+
+    # confirm person record has roles preloaded:
     person_with_role = Auth.Person.get_person_by_id(grantee.id)
     roles = RBAC.transform_role_list_to_string(person_with_role.roles)
     assert roles =~ Integer.to_string(role_id)
 
     # check the latest people_roles record:
-    list = Auth.PeopleRoles.list_people_roles() |> IO.inspect()
-    # IO.inspect(list, label: "list")
+    list = Auth.PeopleRoles.list_people_roles()
     pr = List.last(list)
     assert pr.granter_id == 1
     assert pr.person_id == grantee.id
   end
 
-  # test "Auth.PeopleRoles.revoke/3 "
+  test "Auth.PeopleRoles.revoke/3 revokes a role" do
+    # create a new person:
+    alex = %{email: "alex_revoke@gmail.com", auth_provider: "email"}
+    grantee = Auth.Person.create_person(alex)
+    role_id = 3
+    # grant the role to the new person:
+    Auth.PeopleRoles.insert(1, grantee.id, role_id)
+
+    # confirm people_roles record exists:
+    record = Auth.PeopleRoles.get_record(grantee.id, role_id)
+    assert record.person_id == grantee.id
+    assert record.role_id == role_id
+    assert record.granter_id == 1
+
+    # revoke the role!
+    Auth.PeopleRoles.revoke(1, grantee.id, role_id)
+
+    # confirm people_roles record was updated:
+    record = Auth.PeopleRoles.get_record(grantee.id, role_id)
+    assert record.revoker_id == 1
+    assert not is_nil(record.revoked)
+  end
 end

From d27444ba16cbd79bdf878d114bead6d8c34ca6f1 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 01:54:53 +0100
Subject: [PATCH 047/166] mix format

---
 lib/auth/people_roles.ex | 12 ++++++------
 lib/auth/person.ex       |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index a4f0f032..72ec8c33 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -33,10 +33,11 @@ defmodule Auth.PeopleRoles do
   def get_record(person_id, role_id) do
     # Repo.all(from pr in __MODULE__, preload: [:person, :role])
     from(pr in __MODULE__,
-      where: pr.person_id == ^person_id
-      and pr.role_id == ^role_id,
+      where:
+        pr.person_id == ^person_id and
+          pr.role_id == ^role_id,
       preload: [:person, :role]
-      )
+    )
     |> Repo.one()
   end
 
@@ -57,7 +58,7 @@ defmodule Auth.PeopleRoles do
   @doc """
   revoke/3 grants a role to the given person
   revoker_id is the id of the person (admin) granting the role
-  grantee_id is the person.id of the person being granted the role
+  person_id is the person.id of the person being granted the role
   role_id is the role.id (int, e.g: 4) of th role being granted.
   """
   def revoke(revoker_id, person_id, role_id) do
@@ -67,12 +68,11 @@ defmodule Auth.PeopleRoles do
     record
     # |> Map.delete(:__meta__)
     |> cast(
-      %{revoker_id: revoker_id, revoked: DateTime.utc_now},
+      %{revoker_id: revoker_id, revoked: DateTime.utc_now()},
       [:revoker_id, :revoked]
     )
     # |> put_assoc(:person, Auth.Person.get_person_by_id(person_id))
     # |> put_assoc(:role, Auth.Role.get_role!(role_id))
     |> Repo.update()
   end
-
 end
diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index f86bb341..95d1ac32 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -67,7 +67,8 @@ defmodule Auth.Person do
       |> put_email_status_verified()
       # assign default role of "subscriber":
       |> put_assoc(:roles, [Auth.Role.get_role!(6)])
-      # other roles can be assigned in the UI
+
+    # other roles can be assigned in the UI
 
     case get_person_by_email(person.changes.email) do
       nil ->

From b652d34a23251c26b44b0c5653157579019d2d0b Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 01:59:15 +0100
Subject: [PATCH 048/166] tidy up revoke/3 function for #92

---
 lib/auth/people_roles.ex | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 72ec8c33..8f57a261 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -31,14 +31,12 @@ defmodule Auth.PeopleRoles do
   get_record/0 returns the record where the person was granted a role.
   """
   def get_record(person_id, role_id) do
-    # Repo.all(from pr in __MODULE__, preload: [:person, :role])
-    from(pr in __MODULE__,
-      where:
-        pr.person_id == ^person_id and
-          pr.role_id == ^role_id,
-      preload: [:person, :role]
+    Repo.one(
+      from(pr in __MODULE__,
+        where: pr.person_id == ^person_id and pr.role_id == ^role_id,
+        preload: [:person, :role]
+      )
     )
-    |> Repo.one()
   end
 
   @doc """
@@ -63,16 +61,11 @@ defmodule Auth.PeopleRoles do
   """
   def revoke(revoker_id, person_id, role_id) do
     # get the people_role record that needs to be updated (revoked)
-    record = get_record(person_id, role_id)
-
-    record
-    # |> Map.delete(:__meta__)
+    get_record(person_id, role_id)
     |> cast(
       %{revoker_id: revoker_id, revoked: DateTime.utc_now()},
       [:revoker_id, :revoked]
     )
-    # |> put_assoc(:person, Auth.Person.get_person_by_id(person_id))
-    # |> put_assoc(:role, Auth.Role.get_role!(role_id))
     |> Repo.update()
   end
 end

From 0f4596675e23664e57d0bc354ed14162945a4e1f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 02:01:14 +0100
Subject: [PATCH 049/166] inline function calls to keep @sourcelevel-bot happy
 https://github.com/dwyl/auth/pull/85#pullrequestreview-472831613

---
 lib/auth/person.ex | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 95d1ac32..647fde2e 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -124,7 +124,7 @@ defmodule Auth.Person do
   end
 
   def create_github_person(profile) do
-    transform_github_profile_data_to_person(profile) |> upsert_person()
+    upsert_person(transform_github_profile_data_to_person(profile))
   end
 
   @doc """
@@ -167,10 +167,7 @@ defmodule Auth.Person do
   end
 
   def create_google_person(profile) do
-    person =
-      transform_google_profile_data_to_person(profile)
-      |> upsert_person()
-
+    person = upsert_person(transform_google_profile_data_to_person(profile))
     Map.replace!(person, :roles, RBAC.transform_role_list_to_string(person.roles))
   end
 

From 7310d6088e5f20c3ab7d04fe46f60cf10acc53fb Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 23:56:29 +0100
Subject: [PATCH 050/166] create list_people/0 function for #93

---
 lib/auth/person.ex | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 647fde2e..e60470ea 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -4,6 +4,7 @@ defmodule Auth.Person do
   """
   use Ecto.Schema
   import Ecto.Changeset
+  import Ecto.Query
   alias Auth.Repo
   # https://stackoverflow.com/a/47501059/1148249
   alias __MODULE__
@@ -262,4 +263,45 @@ defmodule Auth.Person do
         0
     end
   end
+
+
+  @doc """
+  `list_people/0` lists all people in the system.
+  Used for displaying the table of authenticated people.
+  """
+  def list_people do
+
+    Repo.all(
+      from(pr in __MODULE__, preload: [:roles, :statuses]
+      )
+    )
+
+    # query = """
+    # SELECT DISTINCT ON (s.status_id, s.person_id) s.id, s.message_id,
+    # s.updated_at, s.template, st.text as status, s.person_id
+    # FROM sent s
+    # JOIN status as st on s.status_id = st.id
+    # WHERE s.message_id IS NOT NULL
+    # """
+    # {:ok, result} = Repo.query(query)
+
+    # # create List of Maps from the result.rows:
+    # Enum.map(result.rows, fn([id, mid, iat, t, s, pid]) ->
+    #   # e = Fields.AES.decrypt(e)
+    #   # e = case e !== :error and e =~ "@" do
+    #   #   true -> e |> String.split("@") |> List.first
+    #   #   false -> e
+    #   # end
+    #   %{
+    #     id: id,
+    #     message_id: mid,
+    #     updated_at: NaiveDateTime.truncate(iat, :second),
+    #     template: t,
+    #     status: s,
+    #     person_id: pid,
+    #     email: ""
+    #   }
+    # end)
+    # |> Enum.sort(&(&1.id > &2.id))
+  end
 end

From ffca1fa4a34e1040c3e40a862d5a27143877219f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 22 Aug 2020 23:57:15 +0100
Subject: [PATCH 051/166] create /people controller, view and templtes for #93

---
 lib/auth_web/controllers/people_controller.ex | 14 ++++++++++++++
 lib/auth_web/router.ex                        |  1 +
 lib/auth_web/templates/people/index.html.eex  | 16 ++++++++++++++++
 lib/auth_web/views/people_view.ex             |  3 +++
 4 files changed, 34 insertions(+)
 create mode 100644 lib/auth_web/controllers/people_controller.ex
 create mode 100644 lib/auth_web/templates/people/index.html.eex
 create mode 100644 lib/auth_web/views/people_view.ex

diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
new file mode 100644
index 00000000..2db8abb4
--- /dev/null
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -0,0 +1,14 @@
+defmodule AuthWeb.PeopleController do
+  @moduledoc """
+  Defines People controller functions
+  """
+  use AuthWeb, :controller
+
+  @doc """
+  `index/2` lists all the people who have authenticated with the auth app.
+  """
+  def index(conn, _params) do
+    conn
+    |> render(:index)
+  end
+end
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 7e798df6..d14f728f 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -40,6 +40,7 @@ defmodule AuthWeb.Router do
     pipe_through :browser
     pipe_through :auth
 
+    get "/people", PeopleController, :index
     get "/profile", AuthController, :admin
     resources "/roles", RoleController
     resources "/permissions", PermissionController
diff --git a/lib/auth_web/templates/people/index.html.eex b/lib/auth_web/templates/people/index.html.eex
new file mode 100644
index 00000000..3b055518
--- /dev/null
+++ b/lib/auth_web/templates/people/index.html.eex
@@ -0,0 +1,16 @@
+<section class="w-100 center ph3 tc">
+  <h1> Welcome <%= @conn.assigns.person.givenName %>!
+  </h1>
+  <img width="128px" src="<%= @conn.assigns.person.picture %>"
+    class="center db br2"/>
+  <p class="f3"> You are <strong>signed in</strong>
+    with your <strong><%= String.capitalize(@conn.assigns.person.auth_provider) %> account</strong>.
+  <p/>
+
+  <br />
+  <a href="/settings/apikeys"
+  class="pointer ba border-box dwyl-bg-mint white pa3 ml1 mv1 f3
+  shadow-hover bg-animate hover-dwyl-teal-darkest no-underline">
+  Manage API Keys
+  </a>
+</section>
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
new file mode 100644
index 00000000..d6cc6d72
--- /dev/null
+++ b/lib/auth_web/views/people_view.ex
@@ -0,0 +1,3 @@
+defmodule AuthWeb.PeopleView do
+  use AuthWeb, :view
+end

From f4aeb673abda6ff614ba3393cad8fcd41c68419d Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 23 Aug 2020 22:13:39 +0100
Subject: [PATCH 052/166] add status_string to /people table for #93

---
 lib/auth/person.ex                            |  9 +--
 lib/auth/status.ex                            |  4 ++
 lib/auth_web/controllers/people_controller.ex | 12 +++-
 lib/auth_web/templates/people/index.html.eex  | 62 +++++++++++++++----
 lib/auth_web/views/people_view.ex             | 22 +++++++
 5 files changed, 88 insertions(+), 21 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index e60470ea..b4944b7b 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -163,7 +163,8 @@ defmodule Auth.Person do
     Map.merge(profile, %{
       familyName: profile.family_name,
       givenName: profile.given_name,
-      auth_provider: "google"
+      auth_provider: "google",
+      status: 1
     })
   end
 
@@ -270,11 +271,7 @@ defmodule Auth.Person do
   Used for displaying the table of authenticated people.
   """
   def list_people do
-
-    Repo.all(
-      from(pr in __MODULE__, preload: [:roles, :statuses]
-      )
-    )
+    Repo.all(from(pr in __MODULE__, preload: [:roles, :statuses]))
 
     # query = """
     # SELECT DISTINCT ON (s.status_id, s.person_id) s.id, s.message_id,
diff --git a/lib/auth/status.ex b/lib/auth/status.ex
index 9228d4dd..fe3f4ceb 100644
--- a/lib/auth/status.ex
+++ b/lib/auth/status.ex
@@ -38,4 +38,8 @@ defmodule Auth.Status do
         status
     end
   end
+
+  def list_statuses do
+    Repo.all(__MODULE__)
+  end
 end
diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index 2db8abb4..7eabcaf0 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -8,7 +8,15 @@ defmodule AuthWeb.PeopleController do
   `index/2` lists all the people who have authenticated with the auth app.
   """
   def index(conn, _params) do
-    conn
-    |> render(:index)
+    if conn.assigns.person.id == 1 do
+      render(conn, :index,
+        people: Auth.Person.list_people(),
+        roles: Auth.Role.list_roles(),
+        statuses: Auth.Status.list_statuses()
+      )
+      # Note: this can easily be refactored to save on DB queries. #HelpWanted
+    else
+      AuthWeb.AuthController.unauthorized(conn)
+    end
   end
 end
diff --git a/lib/auth_web/templates/people/index.html.eex b/lib/auth_web/templates/people/index.html.eex
index 3b055518..b9de221a 100644
--- a/lib/auth_web/templates/people/index.html.eex
+++ b/lib/auth_web/templates/people/index.html.eex
@@ -1,16 +1,52 @@
 <section class="w-100 center ph3 tc">
-  <h1> Welcome <%= @conn.assigns.person.givenName %>!
-  </h1>
-  <img width="128px" src="<%= @conn.assigns.person.picture %>"
-    class="center db br2"/>
-  <p class="f3"> You are <strong>signed in</strong>
-    with your <strong><%= String.capitalize(@conn.assigns.person.auth_provider) %> account</strong>.
-  <p/>
+  <h1> People Authenticated with Auth</h1>
 
-  <br />
-  <a href="/settings/apikeys"
-  class="pointer ba border-box dwyl-bg-mint white pa3 ml1 mv1 f3
-  shadow-hover bg-animate hover-dwyl-teal-darkest no-underline">
-  Manage API Keys
-  </a>
+  <table class="w-100 center ph3 tc" id="table">
+    <thead>
+      <tr class="tl">
+        <th>ID</th>
+        <th>Pic</th>
+        <th>Name</th>
+        <th>Status</th>
+        <th>Time</th>
+        
+        <th>Email</th>
+        <th>Auth Provider</th>
+      </tr>
+    </thead>
+    <tbody>
+  <%= for {p, idx} <- Enum.with_index(@people) do %>
+      <tr class="hover-bg-light-gray
+        <%= if rem(idx,2) == 0 do %> bb b--moon-gray bg-light-gray <% end %>">
+        <td><%= p.id %></td>
+        <td><img width="64px" src="<%= p.picture %>" class="center db br2"/></td>
+        <td><%= p.givenName %></td>
+        <td class="<%= status_string(p.status, @statuses) %>"><%= status_string(p.status, @statuses) %></td>
+        <td><%= p.updated_at %></td>
+        <td><%= p.email %></td>
+        <td><%= String.capitalize(p.auth_provider) %></td>
+      </tr>
+  <% end %>
+    </tbody>
+  </table>
 </section>
+
+<style>
+  .verified { background-color: #7bed9f;}
+</style>
+
+<!-- DataTables is an *optional* progressive enhancement 
+  that allows sorting and filtering data in-browser -->
+<script src="https://code.jquery.com/jquery-2.2.4.min.js" 
+integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" 
+crossorigin="anonymous"></script>
+<link rel="stylesheet" type="text/css" 
+href="https://cdn.datatables.net/1.10.21/css/jquery.dataTables.css">
+<script type="text/javascript" charset="utf8" 
+src="https://cdn.datatables.net/1.10.21/js/jquery.dataTables.js"></script>
+
+<script>
+  $(document).ready(function () {
+      $('#table').DataTable();
+  });
+</script>
\ No newline at end of file
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index d6cc6d72..0267e55e 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -1,3 +1,25 @@
 defmodule AuthWeb.PeopleView do
   use AuthWeb, :view
+
+  def status_string(status_id, statuses)  do
+    if status_id != nil do
+      status = Enum.filter(statuses, fn s ->
+        s.id == status_id
+      end) |> Enum.at(0)
+      status.text
+    else
+      "none"
+    end
+  end
+
+  def role_string(role_id, roles)  do
+    if role_id != nil do
+      role = Enum.filter(roles, fn r ->
+        r.id == role_id
+      end) |> Enum.at(0)
+      role.name
+    else
+      "none"
+    end
+  end
 end

From 0b1848d1f29fb19aaa3e3a7576b89b9a3a812736 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 23 Aug 2020 23:16:19 +0100
Subject: [PATCH 053/166] display roles in /people table #93

---
 lib/auth_web/templates/people/index.html.eex |  5 +++++
 lib/auth_web/views/people_view.ex            | 23 ++++++++++++--------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/lib/auth_web/templates/people/index.html.eex b/lib/auth_web/templates/people/index.html.eex
index b9de221a..5d391c48 100644
--- a/lib/auth_web/templates/people/index.html.eex
+++ b/lib/auth_web/templates/people/index.html.eex
@@ -12,6 +12,7 @@
         
         <th>Email</th>
         <th>Auth Provider</th>
+        <th>Roles</th>
       </tr>
     </thead>
     <tbody>
@@ -25,6 +26,9 @@
         <td><%= p.updated_at %></td>
         <td><%= p.email %></td>
         <td><%= String.capitalize(p.auth_provider) %></td>
+        <td class="<%= role_string(p.roles) %>"><%= role_string(p.roles) %></td>
+
+        
       </tr>
   <% end %>
     </tbody>
@@ -33,6 +37,7 @@
 
 <style>
   .verified { background-color: #7bed9f;}
+  .superadmin { background-color: #ffa502; }
 </style>
 
 <!-- DataTables is an *optional* progressive enhancement 
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index 0267e55e..2c38a202 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -12,14 +12,19 @@ defmodule AuthWeb.PeopleView do
     end
   end
 
-  def role_string(role_id, roles)  do
-    if role_id != nil do
-      role = Enum.filter(roles, fn r ->
-        r.id == role_id
-      end) |> Enum.at(0)
-      role.name
-    else
-      "none"
-    end
+  def role_string(person_roles)  do
+    IO.inspect(person_roles, label: "person_roles")
+    roles = Enum.map_join(person_roles, " ", fn r ->
+      r.name
+    end)
+
+    # if role_id != nil do
+    #   role = Enum.filter(roles, fn r ->
+    #     r.id == role_id
+    #   end) |> Enum.at(0)
+    #   role.name
+    # else
+    #   "none"
+    # end
   end
 end

From 7f2286a755007fad6fab7a26219154ecdcf3f3b6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 23 Aug 2020 23:17:35 +0100
Subject: [PATCH 054/166] remove unused code

---
 lib/auth/person.ex                |  3 +--
 lib/auth_web/views/people_view.ex | 12 +-----------
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index b4944b7b..505a7c05 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -163,8 +163,7 @@ defmodule Auth.Person do
     Map.merge(profile, %{
       familyName: profile.family_name,
       givenName: profile.given_name,
-      auth_provider: "google",
-      status: 1
+      auth_provider: "google"
     })
   end
 
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index 2c38a202..ae56b018 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -13,18 +13,8 @@ defmodule AuthWeb.PeopleView do
   end
 
   def role_string(person_roles)  do
-    IO.inspect(person_roles, label: "person_roles")
-    roles = Enum.map_join(person_roles, " ", fn r ->
+    Enum.map_join(person_roles, " ", fn r ->
       r.name
     end)
-
-    # if role_id != nil do
-    #   role = Enum.filter(roles, fn r ->
-    #     r.id == role_id
-    #   end) |> Enum.at(0)
-    #   role.name
-    # else
-    #   "none"
-    # end
   end
 end

From d6ccfa5751a443d0dac4bda2119d5a3a2794faeb Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 23 Aug 2020 23:56:27 +0100
Subject: [PATCH 055/166] add tests for /people table #93

---
 lib/auth_web/router.ex                        |  1 +
 lib/auth_web/templates/people/index.html.eex  |  3 +-
 .../controllers/people_controller_test.exs    | 40 +++++++++++++++++++
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 test/auth_web/controllers/people_controller_test.exs

diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index d14f728f..3a5a16ee 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -41,6 +41,7 @@ defmodule AuthWeb.Router do
     pipe_through :auth
 
     get "/people", PeopleController, :index
+
     get "/profile", AuthController, :admin
     resources "/roles", RoleController
     resources "/permissions", PermissionController
diff --git a/lib/auth_web/templates/people/index.html.eex b/lib/auth_web/templates/people/index.html.eex
index 5d391c48..1264a4d1 100644
--- a/lib/auth_web/templates/people/index.html.eex
+++ b/lib/auth_web/templates/people/index.html.eex
@@ -25,7 +25,7 @@
         <td class="<%= status_string(p.status, @statuses) %>"><%= status_string(p.status, @statuses) %></td>
         <td><%= p.updated_at %></td>
         <td><%= p.email %></td>
-        <td><%= String.capitalize(p.auth_provider) %></td>
+        <td><%= p.auth_provider %></td>
         <td class="<%= role_string(p.roles) %>"><%= role_string(p.roles) %></td>
 
         
@@ -38,6 +38,7 @@
 <style>
   .verified { background-color: #7bed9f;}
   .superadmin { background-color: #ffa502; }
+  .subscriber { background-color: #00d2d3; }
 </style>
 
 <!-- DataTables is an *optional* progressive enhancement 
diff --git a/test/auth_web/controllers/people_controller_test.exs b/test/auth_web/controllers/people_controller_test.exs
new file mode 100644
index 00000000..53bac00c
--- /dev/null
+++ b/test/auth_web/controllers/people_controller_test.exs
@@ -0,0 +1,40 @@
+defmodule AuthWeb.PeopleControllerTest do
+  use AuthWeb.ConnCase
+  # @email System.get_env("ADMIN_EMAIL")
+
+  test "GET /people displays list of people", %{conn: conn} do
+    conn = admin_login(conn)
+    |> get("/people")
+
+    assert html_response(conn, 200) =~ "People Authenticated"
+  end
+
+  test "Attempt to GET /people not unathenticated", %{conn: conn} do
+    conn = get(conn, "/people")
+    assert conn.status == 302
+  end
+
+
+  test "Attempt to GET /people without admin role should 401", %{conn: conn} do
+    wrong_person_data = %{
+      email: "not_admin@gmail.com",
+      auth_provider: "email",
+      id: 42
+    }
+
+    Auth.Person.create_person(wrong_person_data)
+    conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
+
+    conn = get(conn, "/people")
+    assert conn.status == 401
+  end
+
+  test "AuthWeb.PeopleView.status_string/2" do
+    statuses = [%{text: "verified", id: 1}]
+    assert AuthWeb.PeopleView.status_string(1, statuses) == "verified"
+  end
+
+  test "AuthWeb.PeopleView.status_string/2 if status_id is nil" do
+    assert AuthWeb.PeopleView.status_string(nil, []) == "none"
+  end
+end

From b9c2cd89fd158693129e1a20a2bcd3ce9f7fb39f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 24 Aug 2020 18:08:10 +0100
Subject: [PATCH 056/166] [WiP] create profile page and revoke functions for
 people #94

---
 lib/auth/people_roles.ex                      | 13 ++++
 lib/auth_web/controllers/people_controller.ex | 22 +++++++
 lib/auth_web/controllers/role_controller.ex   | 23 ++++++++
 lib/auth_web/router.ex                        |  3 +-
 .../templates/people/profile.html.eex         | 59 +++++++++++++++++++
 lib/auth_web/templates/role/revoke.html.eex   | 50 ++++++++++++++++
 lib/auth_web/views/people_view.ex             |  6 ++
 7 files changed, 175 insertions(+), 1 deletion(-)
 create mode 100644 lib/auth_web/templates/people/profile.html.eex
 create mode 100644 lib/auth_web/templates/role/revoke.html.eex

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 8f57a261..19edb1b4 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -39,6 +39,19 @@ defmodule Auth.PeopleRoles do
     )
   end
 
+  @doc """
+  get_roles_for_person/1 returns the list of roles for a given person.id
+  """
+  def get_roles_for_person(person_id) do
+    IO.inspect(person_id, label: "person_id")
+    Repo.all(
+      from(pr in __MODULE__,
+        where: pr.person_id == ^person_id,
+        preload: [:role]
+      )
+    )
+  end
+
   @doc """
   insert/3 grants a role to the given person
   granter_id is the id of the person (admin) granting the role
diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index 7eabcaf0..e0513578 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -8,6 +8,7 @@ defmodule AuthWeb.PeopleController do
   `index/2` lists all the people who have authenticated with the auth app.
   """
   def index(conn, _params) do
+    # should be visible to superadmin and people with "admin" role
     if conn.assigns.person.id == 1 do
       render(conn, :index,
         people: Auth.Person.list_people(),
@@ -19,4 +20,25 @@ defmodule AuthWeb.PeopleController do
       AuthWeb.AuthController.unauthorized(conn)
     end
   end
+
+  @doc """
+  `show/2` shows the profile of a person with all relevant info.
+  """
+  def show(conn, params) do
+    IO.inspect(params, label: "params")
+    # should be visible to superadmin and people with "admin" role
+    if conn.assigns.person.id == 1 do
+      person = Auth.Person.get_person_by_id(Map.get(params, "person_id"))
+      IO.inspect(person, label: "person")
+      roles = Auth.PeopleRoles.get_roles_for_person(person.id) |> IO.inspect(label: "roles")
+      render(conn, :profile,
+        person: person,
+        roles: roles,
+        statuses: Auth.Status.list_statuses()
+      )
+      # Note: this can easily be refactored to save on DB queries. #HelpWanted
+    else
+      AuthWeb.AuthController.unauthorized(conn)
+    end
+  end
 end
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 1e0b8399..d7ccbb61 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -77,4 +77,27 @@ defmodule AuthWeb.RoleController do
   #     AuthWeb.AuthController.unauthorized(conn)
   #   end
   # end
+
+  @doc """
+  revoke/2 revokes a role
+  """
+  def revoke(conn, params) do
+    IO.inspect(conn.method, label: "conn.method")
+    IO.inspect(params)
+    # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
+    # or has an "admin" role (1 || 2)
+    if conn.assigns.person.id == 1 do
+      pr = Auth.PeopleRoles.get_record(
+        Map.get(params, "person_id"), Map.get(params, "role_id")
+      )
+      IO.inspect(pr, label: "pr")
+      if conn.method == "GET" do
+        render(conn, "revoke.html", role: pr)
+      else
+
+      end
+    else
+      AuthWeb.AuthController.unauthorized(conn)
+    end
+  end
 end
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 3a5a16ee..bad3fc22 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -41,9 +41,10 @@ defmodule AuthWeb.Router do
     pipe_through :auth
 
     get "/people", PeopleController, :index
-
+    get "/people/:person_id", PeopleController, :show
     get "/profile", AuthController, :admin
     resources "/roles", RoleController
+    get "/roles/revoke/:role_id/:person_id", RoleController, :revoke
     resources "/permissions", PermissionController
     resources "/settings/apikeys", ApikeyController
   end
diff --git a/lib/auth_web/templates/people/profile.html.eex b/lib/auth_web/templates/people/profile.html.eex
new file mode 100644
index 00000000..9204f45b
--- /dev/null
+++ b/lib/auth_web/templates/people/profile.html.eex
@@ -0,0 +1,59 @@
+<section class="mt4 w-100 center ph3 tc">
+  <img width="128px" src="<%= @person.picture %>"
+      class="center db br4"/>
+  <h1><%= @person.givenName %> <%= @person.familyName %></h1>
+  <div>
+    <strong class="f4"><%= @person.email %></strong> 
+    <span class="f4">(<%= String.capitalize(@person.auth_provider) %>) </span>
+  </div>
+  <div class="w-10 pa3 f3 mt3 center br3 <%= status_string(@person.status, @statuses) %>">
+    <%= String.capitalize(status_string(@person.status, @statuses)) %>
+  </div>
+  <div class="mt3 f4">Last login: <br /><strong><%= @person.updated_at %></strong></div>
+</section>
+
+<h1 class="tc mt3">Role Admin</h1>
+
+<table class="w-70 center tc ba bw1 pb2" id="table">
+    <thead>
+      <tr class="tc">
+        <th>ID</th>        
+        <th>Role</th>
+        <th>Granted</th>
+        <th>Granted by</th>
+        <th colspan="2" class="pa3">Revoke?</th>
+      </tr>
+    </thead>
+    <tbody class="tc">
+  <%= for {r, idx} <- Enum.with_index(@roles) do %>
+      <tr class="row pt2">
+        <td><%= r.role_id %></td>
+        <td><%= r.role.name %></td>
+        <td><%= r.inserted_at %></td>  
+        <td>
+          <%= if Map.has_key?(r, :granter_id) and not is_nil(r.granter_id) do %>
+            <%= r.granter_id %>
+          <% else %>
+            System
+          <% end %>
+        </td>  
+        <td>
+          <%= if Map.has_key?(r, :revoked) and not is_nil(r.revoked) do %>
+            <%= r.revoked %>
+          <% else %>
+            <a href="/roles/revoke/<%= r.id %>/<%= @person.id %>"
+            class="pointer ba border-box bg-red white f5 pa2 mt1
+            shadow-hover bg-animate no-underline">
+            Revoke Role
+            </a>
+          <% end %>
+        </td>    
+
+      </tr>
+  <% end %>
+    </tbody>
+  </table>
+
+<style>
+  .verified { background-color: #7bed9f;}
+</style>
\ No newline at end of file
diff --git a/lib/auth_web/templates/role/revoke.html.eex b/lib/auth_web/templates/role/revoke.html.eex
new file mode 100644
index 00000000..884f1196
--- /dev/null
+++ b/lib/auth_web/templates/role/revoke.html.eex
@@ -0,0 +1,50 @@
+<section class="mt4 w-100 center ph3 tc">
+  <h1>Are Your Sure You Want to Revoke this Role?</h1>
+</section>
+
+<!--
+%Auth.PeopleRoles{
+  __meta__: #Ecto.Schema.Metadata<:loaded, "people_roles">,
+  granter_id: nil,
+  id: 2,
+  inserted_at: ~N[2020-08-23 22:24:58],
+  person: %Auth.Person{
+    __meta__: #Ecto.Schema.Metadata<:loaded, "people">,
+    auth_provider: "google",
+    email: "ignaseo@gmail.com",
+    email_hash: <<137, 251, 104, 244, 253, 112, 246, 254, 47, 207, 57, 67, 94,
+      144, 221, 220, 75, 88, 44, 77, 166, 49, 18, 95, 67, 191, 76, 253, 117, 48,
+      78, 26>>,
+    familyName: "Correia",
+    givenName: "Nelson",
+    id: 2,
+    inserted_at: ~N[2020-08-23 22:24:58],
+    key_id: nil,
+    locale: "en-GB",
+    password: nil,
+    password_hash: nil,
+    picture: "https://lh3.googleusercontent.com/a-/AOh14Gjd8AwOhTfQkPgJIdKcS6uzlHMEgPRbFQYrCAGtIg",
+    roles: #Ecto.Association.NotLoaded<association :roles is not loaded>,
+    status: 1,
+    statuses: #Ecto.Association.NotLoaded<association :statuses is not loaded>,
+    tag: nil,
+    updated_at: ~N[2020-08-23 22:24:58],
+    username: nil,
+    username_hash: nil
+  },
+  person_id: 2,
+  revoked: nil,
+  revoker_id: nil,
+  role: %Auth.Role{
+    __meta__: #Ecto.Schema.Metadata<:loaded, "roles">,
+    desc: "Subscribes for updates e.g. newsletter or content from a specific person. Cannot comment until verified.",
+    id: 6,
+    inserted_at: ~N[2020-08-23 17:49:46],
+    name: "subscriber",
+    person_id: 1,
+    updated_at: ~N[2020-08-23 17:49:46]
+  },
+  role_id: 6,
+  updated_at: ~N[2020-08-23 22:24:58]
+}
+-->
\ No newline at end of file
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index ae56b018..7be52ceb 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -1,6 +1,9 @@
 defmodule AuthWeb.PeopleView do
   use AuthWeb, :view
 
+  @doc """
+  status_string/2 returns a string of status
+  """
   def status_string(status_id, statuses)  do
     if status_id != nil do
       status = Enum.filter(statuses, fn s ->
@@ -12,6 +15,9 @@ defmodule AuthWeb.PeopleView do
     end
   end
 
+  @doc """
+  role_string/1 returns a string of all the role names
+  """
   def role_string(person_roles)  do
     Enum.map_join(person_roles, " ", fn r ->
       r.name

From 7ac38b3634158e2bcd4fb123adffd69caa22376c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 24 Aug 2020 21:58:07 +0100
Subject: [PATCH 057/166] [WiP] create revoke.html.eex and /roles/revoke/:id +
 handler for #94

---
 lib/auth/people_roles.ex                       | 18 +++++++++++++++---
 lib/auth_web/controllers/role_controller.ex    | 10 +++++-----
 lib/auth_web/router.ex                         |  3 ++-
 lib/auth_web/templates/people/profile.html.eex |  6 +++---
 lib/auth_web/templates/role/revoke.html.eex    | 11 ++++++++++-
 5 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 19edb1b4..1815f147 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -28,7 +28,7 @@ defmodule Auth.PeopleRoles do
   end
 
   @doc """
-  get_record/0 returns the record where the person was granted a role.
+  get_record/2 returns the record where the person was granted a role.
   """
   def get_record(person_id, role_id) do
     Repo.one(
@@ -39,6 +39,18 @@ defmodule Auth.PeopleRoles do
     )
   end
 
+  @doc """
+  get_by_id!/1 returns the record with the given people_roles.id.
+  """
+  def get_by_id(id) do
+    Repo.one(
+      from(pr in __MODULE__,
+        where: pr.id == ^id,
+        preload: [:person, :role]
+      )
+    )
+  end
+
   @doc """
   get_roles_for_person/1 returns the list of roles for a given person.id
   """
@@ -72,9 +84,9 @@ defmodule Auth.PeopleRoles do
   person_id is the person.id of the person being granted the role
   role_id is the role.id (int, e.g: 4) of th role being granted.
   """
-  def revoke(revoker_id, person_id, role_id) do
+  def revoke(revoker_id, people_roles_id) do
     # get the people_role record that needs to be updated (revoked)
-    get_record(person_id, role_id)
+    get_by_id(people_roles_id)
     |> cast(
       %{revoker_id: revoker_id, revoked: DateTime.utc_now()},
       [:revoker_id, :revoked]
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index d7ccbb61..66f2ab47 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -87,14 +87,14 @@ defmodule AuthWeb.RoleController do
     # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     if conn.assigns.person.id == 1 do
-      pr = Auth.PeopleRoles.get_record(
-        Map.get(params, "person_id"), Map.get(params, "role_id")
-      )
+      people_roles_id = Map.get(params, "people_roles_id")
+      pr = Auth.PeopleRoles.get_by_id(people_roles_id)
       IO.inspect(pr, label: "pr")
       if conn.method == "GET" do
-        render(conn, "revoke.html", role: pr)
+        render(conn, "revoke.html", role: pr, people_roles_id: people_roles_id)
       else
-
+        Auth.PeopleRoles.revoke(conn.assigns.person.id, people_roles_id)
+        redirect(conn, to: Routes.people_path(conn, :show, pr.person_id))
       end
     else
       AuthWeb.AuthController.unauthorized(conn)
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index bad3fc22..905f794f 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -44,7 +44,8 @@ defmodule AuthWeb.Router do
     get "/people/:person_id", PeopleController, :show
     get "/profile", AuthController, :admin
     resources "/roles", RoleController
-    get "/roles/revoke/:role_id/:person_id", RoleController, :revoke
+    get "/roles/revoke/:people_roles_id", RoleController, :revoke
+    post "/roles/revoke/:people_roles_id", RoleController, :revoke
     resources "/permissions", PermissionController
     resources "/settings/apikeys", ApikeyController
   end
diff --git a/lib/auth_web/templates/people/profile.html.eex b/lib/auth_web/templates/people/profile.html.eex
index 9204f45b..fde1bba0 100644
--- a/lib/auth_web/templates/people/profile.html.eex
+++ b/lib/auth_web/templates/people/profile.html.eex
@@ -12,7 +12,7 @@
   <div class="mt3 f4">Last login: <br /><strong><%= @person.updated_at %></strong></div>
 </section>
 
-<h1 class="tc mt3">Role Admin</h1>
+<h1 class="tc mt3">Roles</h1>
 
 <table class="w-70 center tc ba bw1 pb2" id="table">
     <thead>
@@ -21,7 +21,7 @@
         <th>Role</th>
         <th>Granted</th>
         <th>Granted by</th>
-        <th colspan="2" class="pa3">Revoke?</th>
+        <th class="pa3">Revocation</th>
       </tr>
     </thead>
     <tbody class="tc">
@@ -41,7 +41,7 @@
           <%= if Map.has_key?(r, :revoked) and not is_nil(r.revoked) do %>
             <%= r.revoked %>
           <% else %>
-            <a href="/roles/revoke/<%= r.id %>/<%= @person.id %>"
+            <a href="/roles/revoke/<%= r.id %>"
             class="pointer ba border-box bg-red white f5 pa2 mt1
             shadow-hover bg-animate no-underline">
             Revoke Role
diff --git a/lib/auth_web/templates/role/revoke.html.eex b/lib/auth_web/templates/role/revoke.html.eex
index 884f1196..ac3a0282 100644
--- a/lib/auth_web/templates/role/revoke.html.eex
+++ b/lib/auth_web/templates/role/revoke.html.eex
@@ -1,5 +1,14 @@
 <section class="mt4 w-100 center ph3 tc">
-  <h1>Are Your Sure You Want to Revoke this Role?</h1>
+  <p class="f3">Are your <em>sure</em> you want 
+  to <strong>revoke</strong> the 
+  <strong><%= @role.role.name %></strong> role
+  from <strong><%= @role.person.givenName %></strong>
+  ?</p>
+  
+  <%= form_for :revoke, Routes.role_path(AuthWeb.Endpoint, :revoke, @people_roles_id), fn f -> %>
+    <%= submit "Revoke", class: "pointer bn bg-red white f2 pa2 mt1 shadow-hover bg-animate" %>
+  <% end %>
+
 </section>
 
 <!--

From 73a610723bd09405e1cdf78ffd52c726acf2be93 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 25 Aug 2020 08:22:46 +0100
Subject: [PATCH 058/166] add tests for RBAC Admin UI
 https://github.com/dwyl/auth/issues/94#issuecomment-679371807

---
 lib/auth_web/controllers/people_controller.ex |  4 +--
 lib/auth_web/controllers/role_controller.ex   |  3 --
 .../templates/people/profile.html.eex         |  8 ++---
 lib/auth_web/views/people_view.ex             | 13 +++++++++
 test/auth/people_roles_test.exs               |  4 +--
 .../controllers/people_controller_test.exs    | 19 ++++++++++++
 .../controllers/role_controller_test.exs      | 29 +++++++++++++++++++
 7 files changed, 68 insertions(+), 12 deletions(-)

diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index e0513578..a84cbbf3 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -25,12 +25,10 @@ defmodule AuthWeb.PeopleController do
   `show/2` shows the profile of a person with all relevant info.
   """
   def show(conn, params) do
-    IO.inspect(params, label: "params")
     # should be visible to superadmin and people with "admin" role
     if conn.assigns.person.id == 1 do
       person = Auth.Person.get_person_by_id(Map.get(params, "person_id"))
-      IO.inspect(person, label: "person")
-      roles = Auth.PeopleRoles.get_roles_for_person(person.id) |> IO.inspect(label: "roles")
+      roles = Auth.PeopleRoles.get_roles_for_person(person.id)
       render(conn, :profile,
         person: person,
         roles: roles,
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 66f2ab47..8115b655 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -82,14 +82,11 @@ defmodule AuthWeb.RoleController do
   revoke/2 revokes a role
   """
   def revoke(conn, params) do
-    IO.inspect(conn.method, label: "conn.method")
-    IO.inspect(params)
     # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     if conn.assigns.person.id == 1 do
       people_roles_id = Map.get(params, "people_roles_id")
       pr = Auth.PeopleRoles.get_by_id(people_roles_id)
-      IO.inspect(pr, label: "pr")
       if conn.method == "GET" do
         render(conn, "revoke.html", role: pr, people_roles_id: people_roles_id)
       else
diff --git a/lib/auth_web/templates/people/profile.html.eex b/lib/auth_web/templates/people/profile.html.eex
index fde1bba0..7dce8ec6 100644
--- a/lib/auth_web/templates/people/profile.html.eex
+++ b/lib/auth_web/templates/people/profile.html.eex
@@ -4,10 +4,10 @@
   <h1><%= @person.givenName %> <%= @person.familyName %></h1>
   <div>
     <strong class="f4"><%= @person.email %></strong> 
-    <span class="f4">(<%= String.capitalize(@person.auth_provider) %>) </span>
+    <span class="f4">(<%= @person.auth_provider |> capitalize() %>) </span>
   </div>
   <div class="w-10 pa3 f3 mt3 center br3 <%= status_string(@person.status, @statuses) %>">
-    <%= String.capitalize(status_string(@person.status, @statuses)) %>
+    <%= status_string(@person.status, @statuses) |> capitalize() %>
   </div>
   <div class="mt3 f4">Last login: <br /><strong><%= @person.updated_at %></strong></div>
 </section>
@@ -17,7 +17,7 @@
 <table class="w-70 center tc ba bw1 pb2" id="table">
     <thead>
       <tr class="tc">
-        <th>ID</th>        
+        <th>ID</th>
         <th>Role</th>
         <th>Granted</th>
         <th>Granted by</th>
@@ -25,7 +25,7 @@
       </tr>
     </thead>
     <tbody class="tc">
-  <%= for {r, idx} <- Enum.with_index(@roles) do %>
+  <%= for {r} <- Enum.with_index(@roles) do %>
       <tr class="row pt2">
         <td><%= r.role_id %></td>
         <td><%= r.role.name %></td>
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index 7be52ceb..a2799729 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -23,4 +23,17 @@ defmodule AuthWeb.PeopleView do
       r.name
     end)
   end
+
+  @doc """
+  upcaseFirst/2 captalises the first character of a string.
+  stackoverflow.com/questions/58672621/elixir-upcase-only-first-letter
+  got: (FunctionClauseError) no function clause matching in String.capitalize/2
+  """
+  def capitalize(str) do
+    if is_nil(str) do
+      str
+    else
+      :string.titlecase(str)
+    end
+  end
 end
diff --git a/test/auth/people_roles_test.exs b/test/auth/people_roles_test.exs
index 7fc7c15c..48a6526c 100644
--- a/test/auth/people_roles_test.exs
+++ b/test/auth/people_roles_test.exs
@@ -27,7 +27,7 @@ defmodule AuthWeb.PeopleRolesTest do
     assert pr.person_id == grantee.id
   end
 
-  test "Auth.PeopleRoles.revoke/3 revokes a role" do
+  test "Auth.PeopleRoles.revoke/2 revokes a role" do
     # create a new person:
     alex = %{email: "alex_revoke@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
@@ -42,7 +42,7 @@ defmodule AuthWeb.PeopleRolesTest do
     assert record.granter_id == 1
 
     # revoke the role!
-    Auth.PeopleRoles.revoke(1, grantee.id, role_id)
+    Auth.PeopleRoles.revoke(1, record.id)
 
     # confirm people_roles record was updated:
     record = Auth.PeopleRoles.get_record(grantee.id, role_id)
diff --git a/test/auth_web/controllers/people_controller_test.exs b/test/auth_web/controllers/people_controller_test.exs
index 53bac00c..ed6aaf00 100644
--- a/test/auth_web/controllers/people_controller_test.exs
+++ b/test/auth_web/controllers/people_controller_test.exs
@@ -29,6 +29,11 @@ defmodule AuthWeb.PeopleControllerTest do
     assert conn.status == 401
   end
 
+  test "GET /people/:person_id displays person", %{conn: conn} do
+    conn = get(admin_login(conn), "/people/1")
+    assert html_response(conn, 200) =~ "Roles"
+  end
+
   test "AuthWeb.PeopleView.status_string/2" do
     statuses = [%{text: "verified", id: 1}]
     assert AuthWeb.PeopleView.status_string(1, statuses) == "verified"
@@ -37,4 +42,18 @@ defmodule AuthWeb.PeopleControllerTest do
   test "AuthWeb.PeopleView.status_string/2 if status_id is nil" do
     assert AuthWeb.PeopleView.status_string(nil, []) == "none"
   end
+
+  test "AuthWeb.PeopleController.show/2 unauthorized if not admin", %{conn: conn} do
+    wrong_person_data = %{
+      email: "unauthorized@gmail.com",
+      auth_provider: "email",
+      id: 42
+    }
+
+    Auth.Person.create_person(wrong_person_data)
+    conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
+
+    conn = AuthWeb.PeopleController.show(conn, %{"people_roles_id" => 1})
+    assert conn.status == 401
+  end
 end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 2541416b..aa78bc41 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -115,4 +115,33 @@ defmodule AuthWeb.RoleControllerTest do
   # test "get list of roles" do
   #   Auth.Role.list_roles() |> IO.inspect()
   # end
+
+  test "GET /roles/revoke/:people_roles_id displays confirm prompt", %{conn: conn} do
+    conn = admin_login(conn)
+    conn = get(conn, Routes.role_path(conn, :revoke, 1))
+    assert html_response(conn, 200) =~ "superadmin"
+  end
+
+  test "POST /roles/revoke/:people_roles_id revokes the role", %{conn: conn} do
+    conn = admin_login(conn)
+    conn = post(conn, Routes.role_path(conn, :revoke, 1))
+    assert html_response(conn, 302) =~ "redirected"
+
+    pr = Auth.PeopleRoles.get_by_id(1)
+    assert pr.revoker_id == 1
+  end
+
+  test "AuthWeb.RoleController.revoke/2 unauthorized if not admin", %{conn: conn} do
+    wrong_person_data = %{
+      email: "unauthorized@gmail.com",
+      auth_provider: "email",
+      id: 42
+    }
+
+    Auth.Person.create_person(wrong_person_data)
+    conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
+
+    conn = AuthWeb.RoleController.revoke(conn, %{"people_roles_id" => 1})
+    assert conn.status == 401
+  end
 end

From 7335bbd3db5da65d8c9e41293dd1472932f9e018 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 25 Aug 2020 17:09:17 +0100
Subject: [PATCH 059/166] create Grant Roles Route, Handler and UI for #94 see:
 https://github.com/dwyl/auth/issues/94#issuecomment-680116408

---
 lib/auth/people_roles.ex                      |  1 -
 lib/auth_web/controllers/people_controller.ex |  5 ++-
 lib/auth_web/controllers/role_controller.ex   | 28 +++++++++------
 lib/auth_web/router.ex                        |  5 ++-
 lib/auth_web/templates/people/index.html.eex  |  6 ++--
 .../templates/people/profile.html.eex         | 34 +++++++++++++------
 lib/auth_web/views/people_view.ex             |  6 ++--
 .../controllers/people_controller_test.exs    |  4 +--
 8 files changed, 55 insertions(+), 34 deletions(-)

diff --git a/lib/auth/people_roles.ex b/lib/auth/people_roles.ex
index 1815f147..8e6bd7d3 100644
--- a/lib/auth/people_roles.ex
+++ b/lib/auth/people_roles.ex
@@ -55,7 +55,6 @@ defmodule Auth.PeopleRoles do
   get_roles_for_person/1 returns the list of roles for a given person.id
   """
   def get_roles_for_person(person_id) do
-    IO.inspect(person_id, label: "person_id")
     Repo.all(
       from(pr in __MODULE__,
         where: pr.person_id == ^person_id,
diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index a84cbbf3..bddc5fa2 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -29,10 +29,13 @@ defmodule AuthWeb.PeopleController do
     if conn.assigns.person.id == 1 do
       person = Auth.Person.get_person_by_id(Map.get(params, "person_id"))
       roles = Auth.PeopleRoles.get_roles_for_person(person.id)
+      IO.inspect(roles, label: "roles")
+      all_roles = Auth.Role.list_roles()
       render(conn, :profile,
         person: person,
         roles: roles,
-        statuses: Auth.Status.list_statuses()
+        statuses: Auth.Status.list_statuses(),
+        all_roles: all_roles
       )
       # Note: this can easily be refactored to save on DB queries. #HelpWanted
     else
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 8115b655..30e8be7a 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -66,17 +66,23 @@ defmodule AuthWeb.RoleController do
   grantee_id should be a valid person.id (the person you want to grant the role to) and
   role_id a valid role.id
   """
-  # def grant_role(conn, grantee_id, role_id) do
-  #   # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
-  #   # or has an "admin" role (1 || 2)
-  #   granter = conn.assigns.person
-
-  #   if granter.id == 1 do
-  #     conn
-  #   else
-  #     AuthWeb.AuthController.unauthorized(conn)
-  #   end
-  # end
+  def grant(conn, params) do
+    # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
+    # or has an "admin" role (1 || 2)
+    granter_id = conn.assigns.person.id
+    IO.inspect(conn, label: "conn")
+    IO.inspect(params, label: "params")
+    role_id = Map.get(params, "role_id")
+    person_id = Map.get(params, "person_id")
+    Auth.PeopleRoles.insert(granter_id, person_id, role_id)
+    # redirect(conn, to: Routes.people_path(conn, :index))
+    redirect(conn, to: Routes.people_path(conn, :show, person_id))
+    # if granter.id == 1 do
+    #   conn
+    # else
+    #   AuthWeb.AuthController.unauthorized(conn)
+    # end
+  end
 
   @doc """
   revoke/2 revokes a role
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 905f794f..ab405c97 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -43,9 +43,12 @@ defmodule AuthWeb.Router do
     get "/people", PeopleController, :index
     get "/people/:person_id", PeopleController, :show
     get "/profile", AuthController, :admin
-    resources "/roles", RoleController
+
+    get "/roles/grant", RoleController, :grant
     get "/roles/revoke/:people_roles_id", RoleController, :revoke
     post "/roles/revoke/:people_roles_id", RoleController, :revoke
+    resources "/roles", RoleController
+
     resources "/permissions", PermissionController
     resources "/settings/apikeys", ApikeyController
   end
diff --git a/lib/auth_web/templates/people/index.html.eex b/lib/auth_web/templates/people/index.html.eex
index 1264a4d1..ebf894ba 100644
--- a/lib/auth_web/templates/people/index.html.eex
+++ b/lib/auth_web/templates/people/index.html.eex
@@ -19,16 +19,14 @@
   <%= for {p, idx} <- Enum.with_index(@people) do %>
       <tr class="hover-bg-light-gray
         <%= if rem(idx,2) == 0 do %> bb b--moon-gray bg-light-gray <% end %>">
-        <td><%= p.id %></td>
+        <td><a href="/people/<%= p.id %>" class="no-underline"><%= p.id %></a></td>
         <td><img width="64px" src="<%= p.picture %>" class="center db br2"/></td>
         <td><%= p.givenName %></td>
         <td class="<%= status_string(p.status, @statuses) %>"><%= status_string(p.status, @statuses) %></td>
         <td><%= p.updated_at %></td>
         <td><%= p.email %></td>
         <td><%= p.auth_provider %></td>
-        <td class="<%= role_string(p.roles) %>"><%= role_string(p.roles) %></td>
-
-        
+        <td class="<%= role_string(p.roles) %>"><%= role_string(p.roles) %></td>  
       </tr>
   <% end %>
     </tbody>
diff --git a/lib/auth_web/templates/people/profile.html.eex b/lib/auth_web/templates/people/profile.html.eex
index 7dce8ec6..bdb79d8c 100644
--- a/lib/auth_web/templates/people/profile.html.eex
+++ b/lib/auth_web/templates/people/profile.html.eex
@@ -4,17 +4,17 @@
   <h1><%= @person.givenName %> <%= @person.familyName %></h1>
   <div>
     <strong class="f4"><%= @person.email %></strong> 
-    <span class="f4">(<%= @person.auth_provider |> capitalize() %>) </span>
+    <span class="f4">(<%= capitalize(@person.auth_provider) %> Auth) </span>
+    <span class="w-10 pv1 ph2 f5 mt3 center br3 <%= status_string(@person.status, @statuses) %>">
+      <%= capitalize(status_string(@person.status, @statuses)) %>
+    </span>
   </div>
-  <div class="w-10 pa3 f3 mt3 center br3 <%= status_string(@person.status, @statuses) %>">
-    <%= status_string(@person.status, @statuses) |> capitalize() %>
-  </div>
-  <div class="mt3 f4">Last login: <br /><strong><%= @person.updated_at %></strong></div>
+  <div class="mt3 f4">Last login: <strong><%= @person.updated_at %></strong></div>
 </section>
 
 <h1 class="tc mt3">Roles</h1>
 
-<table class="w-70 center tc ba bw1 pb2" id="table">
+<table class="w-70 center tc ba bw1 pb2 pl2" id="table">
     <thead>
       <tr class="tc">
         <th>ID</th>
@@ -25,9 +25,9 @@
       </tr>
     </thead>
     <tbody class="tc">
-  <%= for {r} <- Enum.with_index(@roles) do %>
-      <tr class="row pt2">
-        <td><%= r.role_id %></td>
+  <%= for r <- @roles do %>
+      <tr class="row pt2 f4 datarow">
+        <td><%= r.id %></td>
         <td><%= r.role.name %></td>
         <td><%= r.inserted_at %></td>  
         <td>
@@ -54,6 +54,20 @@
     </tbody>
   </table>
 
+<h1 class="tc mt3">Grant a New Role</h1>
+<!-- Grant New Roles -->
+<%= form_tag("/roles/grant/", method: "get", class: "w-30 tc center mt2") do %>
+  <select name="role_id" id="1" class="center input-reset ba b--black-20 pa2 mb2 db w-15">
+    <option class="tc" value="">▼ Please Select a Role ▼</option>
+  <%= for r <- @all_roles do %>
+    <option value="<%= r.id %>"><%= r.name %></option>
+  <% end %>
+  </select>
+  <input name="person_id" type="hidden" value="<%= @person.id %>">
+  <%= submit "Grant Role", class: "pointer bn bg-green white f2 pa2 mt1 shadow-hover bg-animate pa3 br1" %>
+<% end %>
+
 <style>
-  .verified { background-color: #7bed9f;}
+  .verified { background-color: #91ff91;}
+  .datarow { line-height: 40px; }
 </style>
\ No newline at end of file
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index a2799729..ef3aa43a 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -25,9 +25,9 @@ defmodule AuthWeb.PeopleView do
   end
 
   @doc """
-  upcaseFirst/2 captalises the first character of a string.
-  stackoverflow.com/questions/58672621/elixir-upcase-only-first-letter
-  got: (FunctionClauseError) no function clause matching in String.capitalize/2
+  capitalize/1 captalises the first character of a string.
+  checks for nil values to avoid seeing the following error:
+  (FunctionClauseError) no function clause matching in String.capitalize/2
   """
   def capitalize(str) do
     if is_nil(str) do
diff --git a/test/auth_web/controllers/people_controller_test.exs b/test/auth_web/controllers/people_controller_test.exs
index ed6aaf00..c2a998fa 100644
--- a/test/auth_web/controllers/people_controller_test.exs
+++ b/test/auth_web/controllers/people_controller_test.exs
@@ -3,9 +3,7 @@ defmodule AuthWeb.PeopleControllerTest do
   # @email System.get_env("ADMIN_EMAIL")
 
   test "GET /people displays list of people", %{conn: conn} do
-    conn = admin_login(conn)
-    |> get("/people")
-
+    conn = get(admin_login(conn)"/people")
     assert html_response(conn, 200) =~ "People Authenticated"
   end
 

From a22dd7b2c35fe40cc3dcaa7b91846d7775752ddb Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 26 Aug 2020 08:22:11 +0100
Subject: [PATCH 060/166] add test for POST /roles/grant for
 https://github.com/dwyl/auth/issues/94#issuecomment-680125158

---
 lib/auth_web/controllers/role_controller.ex   | 20 ++++------
 lib/auth_web/templates/role/revoke.html.eex   |  2 +-
 .../controllers/people_controller_test.exs    |  2 +-
 .../controllers/role_controller_test.exs      | 38 +++++++++++++------
 4 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 30e8be7a..5947c60c 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -70,18 +70,14 @@ defmodule AuthWeb.RoleController do
     # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     granter_id = conn.assigns.person.id
-    IO.inspect(conn, label: "conn")
-    IO.inspect(params, label: "params")
-    role_id = Map.get(params, "role_id")
-    person_id = Map.get(params, "person_id")
-    Auth.PeopleRoles.insert(granter_id, person_id, role_id)
-    # redirect(conn, to: Routes.people_path(conn, :index))
-    redirect(conn, to: Routes.people_path(conn, :show, person_id))
-    # if granter.id == 1 do
-    #   conn
-    # else
-    #   AuthWeb.AuthController.unauthorized(conn)
-    # end
+    if granter_id == 1 do
+      role_id = Map.get(params, "role_id")
+      person_id = Map.get(params, "person_id")
+      Auth.PeopleRoles.insert(granter_id, person_id, role_id)
+      redirect(conn, to: Routes.people_path(conn, :show, person_id))
+    else
+      AuthWeb.AuthController.unauthorized(conn)
+    end
   end
 
   @doc """
diff --git a/lib/auth_web/templates/role/revoke.html.eex b/lib/auth_web/templates/role/revoke.html.eex
index ac3a0282..0d2895af 100644
--- a/lib/auth_web/templates/role/revoke.html.eex
+++ b/lib/auth_web/templates/role/revoke.html.eex
@@ -5,7 +5,7 @@
   from <strong><%= @role.person.givenName %></strong>
   ?</p>
   
-  <%= form_for :revoke, Routes.role_path(AuthWeb.Endpoint, :revoke, @people_roles_id), fn f -> %>
+  <%= form_for :revoke, Routes.role_path(AuthWeb.Endpoint, :revoke, @people_roles_id), fn _f -> %>
     <%= submit "Revoke", class: "pointer bn bg-red white f2 pa2 mt1 shadow-hover bg-animate" %>
   <% end %>
 
diff --git a/test/auth_web/controllers/people_controller_test.exs b/test/auth_web/controllers/people_controller_test.exs
index c2a998fa..86198cf1 100644
--- a/test/auth_web/controllers/people_controller_test.exs
+++ b/test/auth_web/controllers/people_controller_test.exs
@@ -3,7 +3,7 @@ defmodule AuthWeb.PeopleControllerTest do
   # @email System.get_env("ADMIN_EMAIL")
 
   test "GET /people displays list of people", %{conn: conn} do
-    conn = get(admin_login(conn)"/people")
+    conn = get(admin_login(conn), "/people")
     assert html_response(conn, 200) =~ "People Authenticated"
   end
 
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index aa78bc41..96742b38 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -104,17 +104,33 @@ defmodule AuthWeb.RoleControllerTest do
     %{role: role}
   end
 
-  # test "attempt to grant_role/3 without admin should 401", %{conn: conn} do
-  #   alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
-  #   grantee = Auth.Person.create_person(alex)
-  #   conn = assign(conn, :person, grantee)
-  #   role_id = 4
-  #   conn = Auth.PeopleRoles.insert(conn, grantee.id, role_id)
-  #   assert conn.status == 401
-  # end
-  # test "get list of roles" do
-  #   Auth.Role.list_roles() |> IO.inspect()
-  # end
+
+
+  test "POST /roles/grant without admin should 401", %{conn: conn} do
+    alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
+    grantee = Auth.Person.create_person(alex)
+    conn = assign(conn, :person, grantee)
+    conn = AuthWeb.RoleController.grant(conn, %{"role_id" => 5, "person_id" => grantee.id})
+    assert conn.status == 401
+  end
+
+  test "POST /roles/grant should create people_roles entry", %{conn: conn} do
+    alex = %{email: "alex_grant_success@gmail.com", auth_provider: "email"}
+    grantee = Auth.Person.create_person(alex)
+
+
+    conn = get(admin_login(conn), Routes.role_path(conn, :grant,
+      %{"role_id" => 5, "person_id" => grantee.id}))
+
+    # the grant/2 controller handler redirects back to /person/:id
+    assert html_response(conn, 302) =~ "redirected"
+
+    # check that the record was created:
+    pr = Auth.PeopleRoles.get_record(grantee.id, 5)
+    assert pr.person_id == grantee.id
+    assert pr.role_id == 5
+    assert pr.granter_id == 1
+  end
 
   test "GET /roles/revoke/:people_roles_id displays confirm prompt", %{conn: conn} do
     conn = admin_login(conn)

From 4568c7d1213a0403a6aed35162182229b93cbfb7 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 26 Aug 2020 08:26:40 +0100
Subject: [PATCH 061/166] mix format

---
 lib/auth/person.ex                                  |  1 -
 lib/auth_web/controllers/people_controller.ex       |  3 +++
 lib/auth_web/controllers/role_controller.ex         |  2 ++
 lib/auth_web/views/people_view.ex                   | 13 ++++++++-----
 .../auth_web/controllers/people_controller_test.exs |  1 -
 test/auth_web/controllers/role_controller_test.exs  | 10 +++++-----
 6 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 505a7c05..2de30ee4 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -264,7 +264,6 @@ defmodule Auth.Person do
     end
   end
 
-
   @doc """
   `list_people/0` lists all people in the system.
   Used for displaying the table of authenticated people.
diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index bddc5fa2..12511509 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -15,6 +15,7 @@ defmodule AuthWeb.PeopleController do
         roles: Auth.Role.list_roles(),
         statuses: Auth.Status.list_statuses()
       )
+
       # Note: this can easily be refactored to save on DB queries. #HelpWanted
     else
       AuthWeb.AuthController.unauthorized(conn)
@@ -31,12 +32,14 @@ defmodule AuthWeb.PeopleController do
       roles = Auth.PeopleRoles.get_roles_for_person(person.id)
       IO.inspect(roles, label: "roles")
       all_roles = Auth.Role.list_roles()
+
       render(conn, :profile,
         person: person,
         roles: roles,
         statuses: Auth.Status.list_statuses(),
         all_roles: all_roles
       )
+
       # Note: this can easily be refactored to save on DB queries. #HelpWanted
     else
       AuthWeb.AuthController.unauthorized(conn)
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 5947c60c..0271f048 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -70,6 +70,7 @@ defmodule AuthWeb.RoleController do
     # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     granter_id = conn.assigns.person.id
+
     if granter_id == 1 do
       role_id = Map.get(params, "role_id")
       person_id = Map.get(params, "person_id")
@@ -89,6 +90,7 @@ defmodule AuthWeb.RoleController do
     if conn.assigns.person.id == 1 do
       people_roles_id = Map.get(params, "people_roles_id")
       pr = Auth.PeopleRoles.get_by_id(people_roles_id)
+
       if conn.method == "GET" do
         render(conn, "revoke.html", role: pr, people_roles_id: people_roles_id)
       else
diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index ef3aa43a..7a56592b 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -4,11 +4,14 @@ defmodule AuthWeb.PeopleView do
   @doc """
   status_string/2 returns a string of status
   """
-  def status_string(status_id, statuses)  do
+  def status_string(status_id, statuses) do
     if status_id != nil do
-      status = Enum.filter(statuses, fn s ->
-        s.id == status_id
-      end) |> Enum.at(0)
+      status =
+        Enum.filter(statuses, fn s ->
+          s.id == status_id
+        end)
+        |> Enum.at(0)
+
       status.text
     else
       "none"
@@ -18,7 +21,7 @@ defmodule AuthWeb.PeopleView do
   @doc """
   role_string/1 returns a string of all the role names
   """
-  def role_string(person_roles)  do
+  def role_string(person_roles) do
     Enum.map_join(person_roles, " ", fn r ->
       r.name
     end)
diff --git a/test/auth_web/controllers/people_controller_test.exs b/test/auth_web/controllers/people_controller_test.exs
index 86198cf1..95e27a1f 100644
--- a/test/auth_web/controllers/people_controller_test.exs
+++ b/test/auth_web/controllers/people_controller_test.exs
@@ -12,7 +12,6 @@ defmodule AuthWeb.PeopleControllerTest do
     assert conn.status == 302
   end
 
-
   test "Attempt to GET /people without admin role should 401", %{conn: conn} do
     wrong_person_data = %{
       email: "not_admin@gmail.com",
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 96742b38..a037b301 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -104,8 +104,6 @@ defmodule AuthWeb.RoleControllerTest do
     %{role: role}
   end
 
-
-
   test "POST /roles/grant without admin should 401", %{conn: conn} do
     alex = %{email: "alex_grant_role_fail@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
@@ -118,9 +116,11 @@ defmodule AuthWeb.RoleControllerTest do
     alex = %{email: "alex_grant_success@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
 
-
-    conn = get(admin_login(conn), Routes.role_path(conn, :grant,
-      %{"role_id" => 5, "person_id" => grantee.id}))
+    conn =
+      get(
+        admin_login(conn),
+        Routes.role_path(conn, :grant, %{"role_id" => 5, "person_id" => grantee.id})
+      )
 
     # the grant/2 controller handler redirects back to /person/:id
     assert html_response(conn, 302) =~ "redirected"

From 3df1c93fcf524da71ab3950165af9fd4e6656ba1 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 26 Aug 2020 08:32:16 +0100
Subject: [PATCH 062/166] remove pipeline from simple
 PeopleView.status_string/2 function
 https://github.com/dwyl/auth/pull/85#pullrequestreview-47522326

---
 lib/auth_web/views/people_view.ex | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/lib/auth_web/views/people_view.ex b/lib/auth_web/views/people_view.ex
index 7a56592b..d0fdec05 100644
--- a/lib/auth_web/views/people_view.ex
+++ b/lib/auth_web/views/people_view.ex
@@ -6,12 +6,7 @@ defmodule AuthWeb.PeopleView do
   """
   def status_string(status_id, statuses) do
     if status_id != nil do
-      status =
-        Enum.filter(statuses, fn s ->
-          s.id == status_id
-        end)
-        |> Enum.at(0)
-
+      status = Enum.at(Enum.filter(statuses, fn s -> s.id == status_id end), 0)
       status.text
     else
       "none"

From 2eacfeb2b95d11d84247cba0738cc753ac811b06 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 26 Aug 2020 08:33:47 +0100
Subject: [PATCH 063/166] tidy up PeopleController.show/2 handler
 https://github.com/dwyl/auth/pull/85#pullrequestreview-475217260

---
 lib/auth_web/controllers/people_controller.ex | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index 12511509..21fd53ab 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -29,15 +29,11 @@ defmodule AuthWeb.PeopleController do
     # should be visible to superadmin and people with "admin" role
     if conn.assigns.person.id == 1 do
       person = Auth.Person.get_person_by_id(Map.get(params, "person_id"))
-      roles = Auth.PeopleRoles.get_roles_for_person(person.id)
-      IO.inspect(roles, label: "roles")
-      all_roles = Auth.Role.list_roles()
-
       render(conn, :profile,
         person: person,
-        roles: roles,
+        roles: Auth.PeopleRoles.get_roles_for_person(person.id),
         statuses: Auth.Status.list_statuses(),
-        all_roles: all_roles
+        all_roles: Auth.Role.list_roles()
       )
 
       # Note: this can easily be refactored to save on DB queries. #HelpWanted

From 46e4a8a5838d507a1540c8e9779415c8bf4233f3 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 27 Aug 2020 23:43:20 +0100
Subject: [PATCH 064/166] use latest version of elixir-auth-github see:
 https://github.com/dwyl/elixir-auth-github/issues/46

---
 lib/auth/person.ex | 5 ++++-
 mix.exs            | 2 +-
 mix.lock           | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 2de30ee4..7271c923 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -116,6 +116,8 @@ defmodule Auth.Person do
     }
   """
   def transform_github_profile_data_to_person(profile) do
+
+    IO.inspect(profile, label: "profile")
     Map.merge(profile, %{
       username: profile.login,
       givenName: profile.name,
@@ -270,7 +272,8 @@ defmodule Auth.Person do
   """
   def list_people do
     Repo.all(from(pr in __MODULE__, preload: [:roles, :statuses]))
-
+    # keeping this query commented here for now in case I decide to use it
+    # instead of having to call PeopleView.status_string/2
     # query = """
     # SELECT DISTINCT ON (s.status_id, s.person_id) s.id, s.message_id,
     # s.updated_at, s.template, st.text as status, s.person_id
diff --git a/mix.exs b/mix.exs
index b771494c..f0dd52ea 100644
--- a/mix.exs
+++ b/mix.exs
@@ -58,7 +58,7 @@ defmodule Auth.Mixfile do
 
       # Auth:
       # https://github.com/dwyl/elixir-auth-github
-      {:elixir_auth_github, "~> 1.3.0"},
+      {:elixir_auth_github, "~> 1.4.0"},
       # https://github.com/dwyl/elixir-auth-google
       {:elixir_auth_google, "~> 1.3.0"},
       # https://github.com/dwyl/auth_plug
diff --git a/mix.lock b/mix.lock
index e000f255..222db618 100644
--- a/mix.lock
+++ b/mix.lock
@@ -15,7 +15,7 @@
   "earmark": {:hex, :earmark, "1.4.4", "4821b8d05cda507189d51f2caeef370cf1e18ca5d7dfb7d31e9cafe6688106a4", [:mix], [], "hexpm", "1f93aba7340574847c0f609da787f0d79efcab51b044bb6e242cae5aca9d264d"},
   "ecto": {:hex, :ecto, "3.4.5", "2bcd262f57b2c888b0bd7f7a28c8a48aa11dc1a2c6a858e45dd8f8426d504265", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8c6d1d4d524559e9b7a062f0498e2c206122552d63eacff0a6567ffe7a8e8691"},
   "ecto_sql": {:hex, :ecto_sql, "3.4.5", "30161f81b167d561a9a2df4329c10ae05ff36eca7ccc84628f2c8b9fa1e43323", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0 or ~> 0.4.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.0", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "31990c6a3579b36a3c0841d34a94c275e727de8b84f58509da5f1b2032c98ac2"},
-  "elixir_auth_github": {:hex, :elixir_auth_github, "1.3.0", "1885de6fb7c3994e4a614864c76032f59761d5b3d2dce6c839f93d72f46e375a", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:poison, "~> 4.0.1", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm", "4ae8bc9c9cd1a7a087ffe1e6dfda55137cf3ca9b82cd30e18e9dc7b79ba3f253"},
+  "elixir_auth_github": {:hex, :elixir_auth_github, "1.4.0", "fa6b4f52812201380213d49bbe09d8706dc97eacf9962c9e8d34d95aec3ad33c", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:poison, "~> 4.0.1", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm", "7c6ec4e8c73cef5c810a70e308505f67b56805a72b6fe9841ea81e8d24b91c7e"},
   "elixir_auth_google": {:hex, :elixir_auth_google, "1.3.0", "b3a7843ccc004888f2dd1478b3ca5a102751138657ee2fd68fdbbf43e44fb138", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:poison, "~> 4.0.1", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm", "d2fb766ca4f6fcbf8f1f4128dcf2a35c7cd0c702ab62e3110458acd8038d0267"},
   "elixir_make": {:hex, :elixir_make, "0.6.0", "38349f3e29aff4864352084fc736fa7fa0f2995a819a737554f7ebd28b85aaab", [:mix], [], "hexpm", "d522695b93b7f0b4c0fcb2dfe73a6b905b1c301226a5a55cb42e5b14d509e050"},
   "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},

From 7abbd6f69e183e368cb0f49fd22047b67e2d89f0 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 27 Aug 2020 23:49:04 +0100
Subject: [PATCH 065/166] remove stray IO.inspect
 https://github.com/dwyl/auth/pull/85#pullrequestreview-477133431

---
 lib/auth/person.ex | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 7271c923..f2111a7c 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -116,8 +116,6 @@ defmodule Auth.Person do
     }
   """
   def transform_github_profile_data_to_person(profile) do
-
-    IO.inspect(profile, label: "profile")
     Map.merge(profile, %{
       username: profile.login,
       givenName: profile.name,

From 5389ea48ced23d27448011f7dfbda62ba4283ffd Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 30 Aug 2020 07:22:56 +0100
Subject: [PATCH 066/166] mix phx.gen.html Ctx App apps #95

---
 lib/auth/ctx.ex                               | 104 ++++++++++++++++++
 lib/auth/ctx/app.ex                           |  23 ++++
 lib/auth_web/controllers/app_controller.ex    |  62 +++++++++++
 lib/auth_web/templates/app/edit.html.eex      |   5 +
 lib/auth_web/templates/app/form.html.eex      |  27 +++++
 lib/auth_web/templates/app/index.html.eex     |  32 ++++++
 lib/auth_web/templates/app/new.html.eex       |   5 +
 lib/auth_web/templates/app/show.html.eex      |  28 +++++
 lib/auth_web/views/app_view.ex                |   3 +
 .../migrations/20200830061923_create_apps.exs |  21 ++++
 test/auth/ctx_test.exs                        |  70 ++++++++++++
 .../controllers/app_controller_test.exs       |  88 +++++++++++++++
 12 files changed, 468 insertions(+)
 create mode 100644 lib/auth/ctx.ex
 create mode 100644 lib/auth/ctx/app.ex
 create mode 100644 lib/auth_web/controllers/app_controller.ex
 create mode 100644 lib/auth_web/templates/app/edit.html.eex
 create mode 100644 lib/auth_web/templates/app/form.html.eex
 create mode 100644 lib/auth_web/templates/app/index.html.eex
 create mode 100644 lib/auth_web/templates/app/new.html.eex
 create mode 100644 lib/auth_web/templates/app/show.html.eex
 create mode 100644 lib/auth_web/views/app_view.ex
 create mode 100644 priv/repo/migrations/20200830061923_create_apps.exs
 create mode 100644 test/auth/ctx_test.exs
 create mode 100644 test/auth_web/controllers/app_controller_test.exs

diff --git a/lib/auth/ctx.ex b/lib/auth/ctx.ex
new file mode 100644
index 00000000..2844f7d1
--- /dev/null
+++ b/lib/auth/ctx.ex
@@ -0,0 +1,104 @@
+defmodule Auth.Ctx do
+  @moduledoc """
+  The Ctx context.
+  """
+
+  import Ecto.Query, warn: false
+  alias Auth.Repo
+
+  alias Auth.Ctx.App
+
+  @doc """
+  Returns the list of apps.
+
+  ## Examples
+
+      iex> list_apps()
+      [%App{}, ...]
+
+  """
+  def list_apps do
+    Repo.all(App)
+  end
+
+  @doc """
+  Gets a single app.
+
+  Raises `Ecto.NoResultsError` if the App does not exist.
+
+  ## Examples
+
+      iex> get_app!(123)
+      %App{}
+
+      iex> get_app!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_app!(id), do: Repo.get!(App, id)
+
+  @doc """
+  Creates a app.
+
+  ## Examples
+
+      iex> create_app(%{field: value})
+      {:ok, %App{}}
+
+      iex> create_app(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_app(attrs \\ %{}) do
+    %App{}
+    |> App.changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a app.
+
+  ## Examples
+
+      iex> update_app(app, %{field: new_value})
+      {:ok, %App{}}
+
+      iex> update_app(app, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_app(%App{} = app, attrs) do
+    app
+    |> App.changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a app.
+
+  ## Examples
+
+      iex> delete_app(app)
+      {:ok, %App{}}
+
+      iex> delete_app(app)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_app(%App{} = app) do
+    Repo.delete(app)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking app changes.
+
+  ## Examples
+
+      iex> change_app(app)
+      %Ecto.Changeset{data: %App{}}
+
+  """
+  def change_app(%App{} = app, attrs \\ %{}) do
+    App.changeset(app, attrs)
+  end
+end
diff --git a/lib/auth/ctx/app.ex b/lib/auth/ctx/app.ex
new file mode 100644
index 00000000..084ca5bb
--- /dev/null
+++ b/lib/auth/ctx/app.ex
@@ -0,0 +1,23 @@
+defmodule Auth.Ctx.App do
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  schema "apps" do
+    field :description, :binary
+    field :end, :naive_datetime
+    field :name, :binary
+    field :url, :binary
+    field :person_id, :id
+    field :status, :id
+    field :apikey_id, :id
+
+    timestamps()
+  end
+
+  @doc false
+  def changeset(app, attrs) do
+    app
+    |> cast(attrs, [:name, :description, :url, :end])
+    |> validate_required([:name, :description, :url, :end])
+  end
+end
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
new file mode 100644
index 00000000..585c915a
--- /dev/null
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -0,0 +1,62 @@
+defmodule AuthWeb.AppController do
+  use AuthWeb, :controller
+
+  alias Auth.Ctx
+  alias Auth.Ctx.App
+
+  def index(conn, _params) do
+    apps = Ctx.list_apps()
+    render(conn, "index.html", apps: apps)
+  end
+
+  def new(conn, _params) do
+    changeset = Ctx.change_app(%App{})
+    render(conn, "new.html", changeset: changeset)
+  end
+
+  def create(conn, %{"app" => app_params}) do
+    case Ctx.create_app(app_params) do
+      {:ok, app} ->
+        conn
+        |> put_flash(:info, "App created successfully.")
+        |> redirect(to: Routes.app_path(conn, :show, app))
+
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render(conn, "new.html", changeset: changeset)
+    end
+  end
+
+  def show(conn, %{"id" => id}) do
+    app = Ctx.get_app!(id)
+    render(conn, "show.html", app: app)
+  end
+
+  def edit(conn, %{"id" => id}) do
+    app = Ctx.get_app!(id)
+    changeset = Ctx.change_app(app)
+    render(conn, "edit.html", app: app, changeset: changeset)
+  end
+
+  def update(conn, %{"id" => id, "app" => app_params}) do
+    app = Ctx.get_app!(id)
+
+    case Ctx.update_app(app, app_params) do
+      {:ok, app} ->
+        conn
+        |> put_flash(:info, "App updated successfully.")
+        |> redirect(to: Routes.app_path(conn, :show, app))
+
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render(conn, "edit.html", app: app, changeset: changeset)
+    end
+  end
+
+  def delete(conn, %{"id" => id}) do
+    app = Ctx.get_app!(id)
+    {:ok, _app} = Ctx.delete_app(app)
+
+    conn
+    |> put_flash(:info, "App deleted successfully.")
+    |> redirect(to: Routes.app_path(conn, :index))
+  end
+end
diff --git a/lib/auth_web/templates/app/edit.html.eex b/lib/auth_web/templates/app/edit.html.eex
new file mode 100644
index 00000000..28e61bad
--- /dev/null
+++ b/lib/auth_web/templates/app/edit.html.eex
@@ -0,0 +1,5 @@
+<h1>Edit App</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :update, @app)) %>
+
+<span><%= link "Back", to: Routes.app_path(@conn, :index) %></span>
diff --git a/lib/auth_web/templates/app/form.html.eex b/lib/auth_web/templates/app/form.html.eex
new file mode 100644
index 00000000..7a669661
--- /dev/null
+++ b/lib/auth_web/templates/app/form.html.eex
@@ -0,0 +1,27 @@
+<%= form_for @changeset, @action, fn f -> %>
+  <%= if @changeset.action do %>
+    <div class="alert alert-danger">
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <%= label f, :name %>
+  <%= text_input f, :name %>
+  <%= error_tag f, :name %>
+
+  <%= label f, :description %>
+  <%= text_input f, :description %>
+  <%= error_tag f, :description %>
+
+  <%= label f, :url %>
+  <%= text_input f, :url %>
+  <%= error_tag f, :url %>
+
+  <%= label f, :end %>
+  <%= datetime_select f, :end %>
+  <%= error_tag f, :end %>
+
+  <div>
+    <%= submit "Save" %>
+  </div>
+<% end %>
diff --git a/lib/auth_web/templates/app/index.html.eex b/lib/auth_web/templates/app/index.html.eex
new file mode 100644
index 00000000..948b2925
--- /dev/null
+++ b/lib/auth_web/templates/app/index.html.eex
@@ -0,0 +1,32 @@
+<h1>Listing Apps</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>Name</th>
+      <th>Description</th>
+      <th>Url</th>
+      <th>End</th>
+
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+<%= for app <- @apps do %>
+    <tr>
+      <td><%= app.name %></td>
+      <td><%= app.description %></td>
+      <td><%= app.url %></td>
+      <td><%= app.end %></td>
+
+      <td>
+        <span><%= link "Show", to: Routes.app_path(@conn, :show, app) %></span>
+        <span><%= link "Edit", to: Routes.app_path(@conn, :edit, app) %></span>
+        <span><%= link "Delete", to: Routes.app_path(@conn, :delete, app), method: :delete, data: [confirm: "Are you sure?"] %></span>
+      </td>
+    </tr>
+<% end %>
+  </tbody>
+</table>
+
+<span><%= link "New App", to: Routes.app_path(@conn, :new) %></span>
diff --git a/lib/auth_web/templates/app/new.html.eex b/lib/auth_web/templates/app/new.html.eex
new file mode 100644
index 00000000..517173bc
--- /dev/null
+++ b/lib/auth_web/templates/app/new.html.eex
@@ -0,0 +1,5 @@
+<h1>New App</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :create)) %>
+
+<span><%= link "Back", to: Routes.app_path(@conn, :index) %></span>
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
new file mode 100644
index 00000000..f64d8a1c
--- /dev/null
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -0,0 +1,28 @@
+<h1>Show App</h1>
+
+<ul>
+
+  <li>
+    <strong>Name:</strong>
+    <%= @app.name %>
+  </li>
+
+  <li>
+    <strong>Description:</strong>
+    <%= @app.description %>
+  </li>
+
+  <li>
+    <strong>Url:</strong>
+    <%= @app.url %>
+  </li>
+
+  <li>
+    <strong>End:</strong>
+    <%= @app.end %>
+  </li>
+
+</ul>
+
+<span><%= link "Edit", to: Routes.app_path(@conn, :edit, @app) %></span>
+<span><%= link "Back", to: Routes.app_path(@conn, :index) %></span>
diff --git a/lib/auth_web/views/app_view.ex b/lib/auth_web/views/app_view.ex
new file mode 100644
index 00000000..b65eb8a7
--- /dev/null
+++ b/lib/auth_web/views/app_view.ex
@@ -0,0 +1,3 @@
+defmodule AuthWeb.AppView do
+  use AuthWeb, :view
+end
diff --git a/priv/repo/migrations/20200830061923_create_apps.exs b/priv/repo/migrations/20200830061923_create_apps.exs
new file mode 100644
index 00000000..e5c6ccc3
--- /dev/null
+++ b/priv/repo/migrations/20200830061923_create_apps.exs
@@ -0,0 +1,21 @@
+defmodule Auth.Repo.Migrations.CreateApps do
+  use Ecto.Migration
+
+  def change do
+    create table(:apps) do
+      add :name, :binary
+      add :description, :binary
+      add :url, :binary
+      add :end, :naive_datetime
+      add :person_id, references(:people, on_delete: :nothing)
+      add :status, references(:status, on_delete: :nothing)
+      add :apikey_id, references(:api, on_delete: :nothing)
+
+      timestamps()
+    end
+
+    create index(:apps, [:person_id])
+    create index(:apps, [:status])
+    create index(:apps, [:apikey_id])
+  end
+end
diff --git a/test/auth/ctx_test.exs b/test/auth/ctx_test.exs
new file mode 100644
index 00000000..6b2a76af
--- /dev/null
+++ b/test/auth/ctx_test.exs
@@ -0,0 +1,70 @@
+defmodule Auth.CtxTest do
+  use Auth.DataCase
+
+  alias Auth.Ctx
+
+  describe "apps" do
+    alias Auth.Ctx.App
+
+    @valid_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
+    @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
+    @invalid_attrs %{description: nil, end: nil, name: nil, url: nil}
+
+    def app_fixture(attrs \\ %{}) do
+      {:ok, app} =
+        attrs
+        |> Enum.into(@valid_attrs)
+        |> Ctx.create_app()
+
+      app
+    end
+
+    test "list_apps/0 returns all apps" do
+      app = app_fixture()
+      assert Ctx.list_apps() == [app]
+    end
+
+    test "get_app!/1 returns the app with given id" do
+      app = app_fixture()
+      assert Ctx.get_app!(app.id) == app
+    end
+
+    test "create_app/1 with valid data creates a app" do
+      assert {:ok, %App{} = app} = Ctx.create_app(@valid_attrs)
+      assert app.description == "some description"
+      assert app.end == ~N[2010-04-17 14:00:00]
+      assert app.name == "some name"
+      assert app.url == "some url"
+    end
+
+    test "create_app/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = Ctx.create_app(@invalid_attrs)
+    end
+
+    test "update_app/2 with valid data updates the app" do
+      app = app_fixture()
+      assert {:ok, %App{} = app} = Ctx.update_app(app, @update_attrs)
+      assert app.description == "some updated description"
+      assert app.end == ~N[2011-05-18 15:01:01]
+      assert app.name == "some updated name"
+      assert app.url == "some updated url"
+    end
+
+    test "update_app/2 with invalid data returns error changeset" do
+      app = app_fixture()
+      assert {:error, %Ecto.Changeset{}} = Ctx.update_app(app, @invalid_attrs)
+      assert app == Ctx.get_app!(app.id)
+    end
+
+    test "delete_app/1 deletes the app" do
+      app = app_fixture()
+      assert {:ok, %App{}} = Ctx.delete_app(app)
+      assert_raise Ecto.NoResultsError, fn -> Ctx.get_app!(app.id) end
+    end
+
+    test "change_app/1 returns a app changeset" do
+      app = app_fixture()
+      assert %Ecto.Changeset{} = Ctx.change_app(app)
+    end
+  end
+end
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
new file mode 100644
index 00000000..2da664e5
--- /dev/null
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -0,0 +1,88 @@
+defmodule AuthWeb.AppControllerTest do
+  use AuthWeb.ConnCase
+
+  alias Auth.Ctx
+
+  @create_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
+  @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
+  @invalid_attrs %{description: nil, end: nil, name: nil, url: nil}
+
+  def fixture(:app) do
+    {:ok, app} = Ctx.create_app(@create_attrs)
+    app
+  end
+
+  describe "index" do
+    test "lists all apps", %{conn: conn} do
+      conn = get(conn, Routes.app_path(conn, :index))
+      assert html_response(conn, 200) =~ "Listing Apps"
+    end
+  end
+
+  describe "new app" do
+    test "renders form", %{conn: conn} do
+      conn = get(conn, Routes.app_path(conn, :new))
+      assert html_response(conn, 200) =~ "New App"
+    end
+  end
+
+  describe "create app" do
+    test "redirects to show when data is valid", %{conn: conn} do
+      conn = post(conn, Routes.app_path(conn, :create), app: @create_attrs)
+
+      assert %{id: id} = redirected_params(conn)
+      assert redirected_to(conn) == Routes.app_path(conn, :show, id)
+
+      conn = get(conn, Routes.app_path(conn, :show, id))
+      assert html_response(conn, 200) =~ "Show App"
+    end
+
+    test "renders errors when data is invalid", %{conn: conn} do
+      conn = post(conn, Routes.app_path(conn, :create), app: @invalid_attrs)
+      assert html_response(conn, 200) =~ "New App"
+    end
+  end
+
+  describe "edit app" do
+    setup [:create_app]
+
+    test "renders form for editing chosen app", %{conn: conn, app: app} do
+      conn = get(conn, Routes.app_path(conn, :edit, app))
+      assert html_response(conn, 200) =~ "Edit App"
+    end
+  end
+
+  describe "update app" do
+    setup [:create_app]
+
+    test "redirects when data is valid", %{conn: conn, app: app} do
+      conn = put(conn, Routes.app_path(conn, :update, app), app: @update_attrs)
+      assert redirected_to(conn) == Routes.app_path(conn, :show, app)
+
+      conn = get(conn, Routes.app_path(conn, :show, app))
+      assert html_response(conn, 200)
+    end
+
+    test "renders errors when data is invalid", %{conn: conn, app: app} do
+      conn = put(conn, Routes.app_path(conn, :update, app), app: @invalid_attrs)
+      assert html_response(conn, 200) =~ "Edit App"
+    end
+  end
+
+  describe "delete app" do
+    setup [:create_app]
+
+    test "deletes chosen app", %{conn: conn, app: app} do
+      conn = delete(conn, Routes.app_path(conn, :delete, app))
+      assert redirected_to(conn) == Routes.app_path(conn, :index)
+      assert_error_sent 404, fn ->
+        get(conn, Routes.app_path(conn, :show, app))
+      end
+    end
+  end
+
+  defp create_app(_) do
+    app = fixture(:app)
+    %{app: app}
+  end
+end

From f90ef84e33a1c35c6c4ffcd58d661590bc7e5966 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 30 Aug 2020 07:39:40 +0100
Subject: [PATCH 067/166] remvoe Ctx and fix CreateApps migration #95

---
 lib/auth/{ctx.ex => app.ex}                   | 28 ++++++++++++++++---
 lib/auth/ctx/app.ex                           | 23 ---------------
 lib/auth_web/controllers/app_controller.ex    | 24 ++++++++--------
 lib/auth_web/router.ex                        |  1 +
 .../migrations/20200830061923_create_apps.exs |  2 +-
 .../controllers/app_controller_test.exs       |  5 ++--
 6 files changed, 40 insertions(+), 43 deletions(-)
 rename lib/auth/{ctx.ex => app.ex} (72%)
 delete mode 100644 lib/auth/ctx/app.ex

diff --git a/lib/auth/ctx.ex b/lib/auth/app.ex
similarity index 72%
rename from lib/auth/ctx.ex
rename to lib/auth/app.ex
index 2844f7d1..ae489fc7 100644
--- a/lib/auth/ctx.ex
+++ b/lib/auth/app.ex
@@ -1,12 +1,32 @@
-defmodule Auth.Ctx do
+defmodule Auth.App do
   @moduledoc """
-  The Ctx context.
+  Schema and helper functions for creating/managing Apps.
   """
-
+  use Ecto.Schema
+  import Ecto.Changeset
   import Ecto.Query, warn: false
   alias Auth.Repo
+  # https://stackoverflow.com/a/47501059/1148249
+  alias __MODULE__
+
+  schema "apps" do
+    field :description, :binary
+    field :end, :naive_datetime
+    field :name, :binary
+    field :url, :binary
+    field :person_id, :id
+    field :status, :id
+    field :apikey_id, :id
+
+    timestamps()
+  end
 
-  alias Auth.Ctx.App
+  @doc false
+  def changeset(app, attrs) do
+    app
+    |> cast(attrs, [:name, :description, :url, :end])
+    |> validate_required([:name, :url])
+  end
 
   @doc """
   Returns the list of apps.
diff --git a/lib/auth/ctx/app.ex b/lib/auth/ctx/app.ex
deleted file mode 100644
index 084ca5bb..00000000
--- a/lib/auth/ctx/app.ex
+++ /dev/null
@@ -1,23 +0,0 @@
-defmodule Auth.Ctx.App do
-  use Ecto.Schema
-  import Ecto.Changeset
-
-  schema "apps" do
-    field :description, :binary
-    field :end, :naive_datetime
-    field :name, :binary
-    field :url, :binary
-    field :person_id, :id
-    field :status, :id
-    field :apikey_id, :id
-
-    timestamps()
-  end
-
-  @doc false
-  def changeset(app, attrs) do
-    app
-    |> cast(attrs, [:name, :description, :url, :end])
-    |> validate_required([:name, :description, :url, :end])
-  end
-end
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 585c915a..4f0cbbc6 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -1,21 +1,19 @@
 defmodule AuthWeb.AppController do
   use AuthWeb, :controller
-
-  alias Auth.Ctx
-  alias Auth.Ctx.App
+  alias Auth.App
 
   def index(conn, _params) do
-    apps = Ctx.list_apps()
+    apps = App.list_apps()
     render(conn, "index.html", apps: apps)
   end
 
   def new(conn, _params) do
-    changeset = Ctx.change_app(%App{})
+    changeset = App.change_app(%App{})
     render(conn, "new.html", changeset: changeset)
   end
 
   def create(conn, %{"app" => app_params}) do
-    case Ctx.create_app(app_params) do
+    case App.create_app(app_params) do
       {:ok, app} ->
         conn
         |> put_flash(:info, "App created successfully.")
@@ -27,20 +25,20 @@ defmodule AuthWeb.AppController do
   end
 
   def show(conn, %{"id" => id}) do
-    app = Ctx.get_app!(id)
+    app = App.get_app!(id)
     render(conn, "show.html", app: app)
   end
 
   def edit(conn, %{"id" => id}) do
-    app = Ctx.get_app!(id)
-    changeset = Ctx.change_app(app)
+    app = App.get_app!(id)
+    changeset = App.change_app(app)
     render(conn, "edit.html", app: app, changeset: changeset)
   end
 
   def update(conn, %{"id" => id, "app" => app_params}) do
-    app = Ctx.get_app!(id)
+    app = App.get_app!(id)
 
-    case Ctx.update_app(app, app_params) do
+    case App.update_app(app, app_params) do
       {:ok, app} ->
         conn
         |> put_flash(:info, "App updated successfully.")
@@ -52,8 +50,8 @@ defmodule AuthWeb.AppController do
   end
 
   def delete(conn, %{"id" => id}) do
-    app = Ctx.get_app!(id)
-    {:ok, _app} = Ctx.delete_app(app)
+    app = App.get_app!(id)
+    {:ok, _app} = App.delete_app(app)
 
     conn
     |> put_flash(:info, "App deleted successfully.")
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index ab405c97..94328a55 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -50,6 +50,7 @@ defmodule AuthWeb.Router do
     resources "/roles", RoleController
 
     resources "/permissions", PermissionController
+    resources "/apps", AppController
     resources "/settings/apikeys", ApikeyController
   end
 
diff --git a/priv/repo/migrations/20200830061923_create_apps.exs b/priv/repo/migrations/20200830061923_create_apps.exs
index e5c6ccc3..27757cf9 100644
--- a/priv/repo/migrations/20200830061923_create_apps.exs
+++ b/priv/repo/migrations/20200830061923_create_apps.exs
@@ -9,7 +9,7 @@ defmodule Auth.Repo.Migrations.CreateApps do
       add :end, :naive_datetime
       add :person_id, references(:people, on_delete: :nothing)
       add :status, references(:status, on_delete: :nothing)
-      add :apikey_id, references(:api, on_delete: :nothing)
+      add :apikey_id, references(:apikeys, on_delete: :nothing)
 
       timestamps()
     end
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 2da664e5..7af06ebb 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -1,19 +1,20 @@
 defmodule AuthWeb.AppControllerTest do
   use AuthWeb.ConnCase
 
-  alias Auth.Ctx
+  alias Auth.App
 
   @create_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
   @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
   @invalid_attrs %{description: nil, end: nil, name: nil, url: nil}
 
   def fixture(:app) do
-    {:ok, app} = Ctx.create_app(@create_attrs)
+    {:ok, app} = App.create_app(@create_attrs)
     app
   end
 
   describe "index" do
     test "lists all apps", %{conn: conn} do
+      conn = admin_login(conn)
       conn = get(conn, Routes.app_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Apps"
     end

From 01b2b87a838faf0b028c77f71696e580c7a510c3 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 31 Aug 2020 07:48:07 +0100
Subject: [PATCH 068/166] add admin_login(conn) to all AppController tests #95

---
 test/auth_web/controllers/app_controller_test.exs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 7af06ebb..4d9aaf38 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -22,6 +22,7 @@ defmodule AuthWeb.AppControllerTest do
 
   describe "new app" do
     test "renders form", %{conn: conn} do
+      conn = admin_login(conn)
       conn = get(conn, Routes.app_path(conn, :new))
       assert html_response(conn, 200) =~ "New App"
     end
@@ -29,6 +30,7 @@ defmodule AuthWeb.AppControllerTest do
 
   describe "create app" do
     test "redirects to show when data is valid", %{conn: conn} do
+      conn = admin_login(conn)
       conn = post(conn, Routes.app_path(conn, :create), app: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
@@ -39,6 +41,7 @@ defmodule AuthWeb.AppControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
+      conn = admin_login(conn)
       conn = post(conn, Routes.app_path(conn, :create), app: @invalid_attrs)
       assert html_response(conn, 200) =~ "New App"
     end
@@ -48,6 +51,7 @@ defmodule AuthWeb.AppControllerTest do
     setup [:create_app]
 
     test "renders form for editing chosen app", %{conn: conn, app: app} do
+      conn = admin_login(conn)
       conn = get(conn, Routes.app_path(conn, :edit, app))
       assert html_response(conn, 200) =~ "Edit App"
     end
@@ -57,6 +61,7 @@ defmodule AuthWeb.AppControllerTest do
     setup [:create_app]
 
     test "redirects when data is valid", %{conn: conn, app: app} do
+      conn = admin_login(conn)
       conn = put(conn, Routes.app_path(conn, :update, app), app: @update_attrs)
       assert redirected_to(conn) == Routes.app_path(conn, :show, app)
 
@@ -65,6 +70,7 @@ defmodule AuthWeb.AppControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, app: app} do
+      conn = admin_login(conn)
       conn = put(conn, Routes.app_path(conn, :update, app), app: @invalid_attrs)
       assert html_response(conn, 200) =~ "Edit App"
     end
@@ -74,6 +80,7 @@ defmodule AuthWeb.AppControllerTest do
     setup [:create_app]
 
     test "deletes chosen app", %{conn: conn, app: app} do
+      conn = admin_login(conn)
       conn = delete(conn, Routes.app_path(conn, :delete, app))
       assert redirected_to(conn) == Routes.app_path(conn, :index)
       assert_error_sent 404, fn ->

From 52c082822fee76cea4dba5da3672022b5256b6df Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 31 Aug 2020 07:50:44 +0100
Subject: [PATCH 069/166] rename Ctx to App in app_test.exs #95

---
 test/auth/{ctx_test.exs => app_test.exs} | 28 +++++++++++-------------
 1 file changed, 13 insertions(+), 15 deletions(-)
 rename test/auth/{ctx_test.exs => app_test.exs} (71%)

diff --git a/test/auth/ctx_test.exs b/test/auth/app_test.exs
similarity index 71%
rename from test/auth/ctx_test.exs
rename to test/auth/app_test.exs
index 6b2a76af..13b5b017 100644
--- a/test/auth/ctx_test.exs
+++ b/test/auth/app_test.exs
@@ -1,10 +1,8 @@
-defmodule Auth.CtxTest do
+defmodule Auth.AppTest do
   use Auth.DataCase
 
-  alias Auth.Ctx
-
   describe "apps" do
-    alias Auth.Ctx.App
+    alias Auth.App
 
     @valid_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
     @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
@@ -14,23 +12,23 @@ defmodule Auth.CtxTest do
       {:ok, app} =
         attrs
         |> Enum.into(@valid_attrs)
-        |> Ctx.create_app()
+        |> App.create_app()
 
       app
     end
 
     test "list_apps/0 returns all apps" do
       app = app_fixture()
-      assert Ctx.list_apps() == [app]
+      assert App.list_apps() == [app]
     end
 
     test "get_app!/1 returns the app with given id" do
       app = app_fixture()
-      assert Ctx.get_app!(app.id) == app
+      assert App.get_app!(app.id) == app
     end
 
     test "create_app/1 with valid data creates a app" do
-      assert {:ok, %App{} = app} = Ctx.create_app(@valid_attrs)
+      assert {:ok, %App{} = app} = App.create_app(@valid_attrs)
       assert app.description == "some description"
       assert app.end == ~N[2010-04-17 14:00:00]
       assert app.name == "some name"
@@ -38,12 +36,12 @@ defmodule Auth.CtxTest do
     end
 
     test "create_app/1 with invalid data returns error changeset" do
-      assert {:error, %Ecto.Changeset{}} = Ctx.create_app(@invalid_attrs)
+      assert {:error, %Ecto.Changeset{}} = App.create_app(@invalid_attrs)
     end
 
     test "update_app/2 with valid data updates the app" do
       app = app_fixture()
-      assert {:ok, %App{} = app} = Ctx.update_app(app, @update_attrs)
+      assert {:ok, %App{} = app} = App.update_app(app, @update_attrs)
       assert app.description == "some updated description"
       assert app.end == ~N[2011-05-18 15:01:01]
       assert app.name == "some updated name"
@@ -52,19 +50,19 @@ defmodule Auth.CtxTest do
 
     test "update_app/2 with invalid data returns error changeset" do
       app = app_fixture()
-      assert {:error, %Ecto.Changeset{}} = Ctx.update_app(app, @invalid_attrs)
-      assert app == Ctx.get_app!(app.id)
+      assert {:error, %Ecto.Changeset{}} = App.update_app(app, @invalid_attrs)
+      assert app == App.get_app!(app.id)
     end
 
     test "delete_app/1 deletes the app" do
       app = app_fixture()
-      assert {:ok, %App{}} = Ctx.delete_app(app)
-      assert_raise Ecto.NoResultsError, fn -> Ctx.get_app!(app.id) end
+      assert {:ok, %App{}} = App.delete_app(app)
+      assert_raise Ecto.NoResultsError, fn -> App.get_app!(app.id) end
     end
 
     test "change_app/1 returns a app changeset" do
       app = app_fixture()
-      assert %Ecto.Changeset{} = Ctx.change_app(app)
+      assert %Ecto.Changeset{} = App.change_app(app)
     end
   end
 end

From 3100d2802c037c0510f41f36b32a1cf51765e55f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 31 Aug 2020 08:21:54 +0100
Subject: [PATCH 070/166] update html forms / tables to be more visually
 appealing #95

---
 lib/auth_web/templates/app/form.html.eex  | 31 +++++++++++++----------
 lib/auth_web/templates/app/index.html.eex | 30 +++++++++++++---------
 lib/auth_web/templates/app/new.html.eex   | 14 +++++++---
 3 files changed, 46 insertions(+), 29 deletions(-)

diff --git a/lib/auth_web/templates/app/form.html.eex b/lib/auth_web/templates/app/form.html.eex
index 7a669661..ae40a158 100644
--- a/lib/auth_web/templates/app/form.html.eex
+++ b/lib/auth_web/templates/app/form.html.eex
@@ -5,23 +5,26 @@
     </div>
   <% end %>
 
-  <%= label f, :name %>
-  <%= text_input f, :name %>
+  <%= label f, :name%>
+  <%= text_input f, :name, class: "db w-100 mt2 pa2 ba b--dark-grey",
+    placeholder: "A distinctive name"%>
   <%= error_tag f, :name %>
-
-  <%= label f, :description %>
-  <%= text_input f, :description %>
+  <br />
+  <%= label f, :description, class: "mt3" %>
+  <%= textarea f, :description, class: "db w-100 mt2 pa2 ba b--black",
+    placeholder: "Be as descriptive as possible." %>
   <%= error_tag f, :description %>
-
-  <%= label f, :url %>
-  <%= text_input f, :url %>
+  <br />
+  <%= label f, :url, class: "pt3" %>
+  <%= text_input f, :url, class: "db w-100 mt2 pa2 ba b--dark-grey",
+  placeholder: "The URL of your app e.g: http://localhost:4000 or dwyl.com"
+  %>
   <%= error_tag f, :url %>
 
-  <%= label f, :end %>
-  <%= datetime_select f, :end %>
-  <%= error_tag f, :end %>
-
-  <div>
-    <%= submit "Save" %>
+  <div class="mt2 fr">
+    <%= submit "Save",
+    class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
+    shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
+    %>
   </div>
 <% end %>
diff --git a/lib/auth_web/templates/app/index.html.eex b/lib/auth_web/templates/app/index.html.eex
index 948b2925..454dd2a1 100644
--- a/lib/auth_web/templates/app/index.html.eex
+++ b/lib/auth_web/templates/app/index.html.eex
@@ -1,14 +1,11 @@
-<h1>Listing Apps</h1>
+<h1 class="tc mb4">Apps</h1>
 
-<table>
-  <thead>
-    <tr>
-      <th>Name</th>
-      <th>Description</th>
-      <th>Url</th>
-      <th>End</th>
-
-      <th></th>
+  <table class="w-100 f3">
+    <thead>
+      <tr class="f3">
+        <th>Name</th>
+        <th>Description</th>
+        <th>Url</th>
     </tr>
   </thead>
   <tbody>
@@ -17,8 +14,6 @@
       <td><%= app.name %></td>
       <td><%= app.description %></td>
       <td><%= app.url %></td>
-      <td><%= app.end %></td>
-
       <td>
         <span><%= link "Show", to: Routes.app_path(@conn, :show, app) %></span>
         <span><%= link "Edit", to: Routes.app_path(@conn, :edit, app) %></span>
@@ -30,3 +25,14 @@
 </table>
 
 <span><%= link "New App", to: Routes.app_path(@conn, :new) %></span>
+
+  <style> /* stackoverflow.com/questions/9789723/css-text-overflow-table-cell */
+  td {
+      max-width: 400px;
+      overflow: hidden;
+      text-overflow: ellipsis;
+      white-space: nowrap;
+      text-align: center;
+      padding: 10px;
+  }
+  </style>
\ No newline at end of file
diff --git a/lib/auth_web/templates/app/new.html.eex b/lib/auth_web/templates/app/new.html.eex
index 517173bc..5e8872b4 100644
--- a/lib/auth_web/templates/app/new.html.eex
+++ b/lib/auth_web/templates/app/new.html.eex
@@ -1,5 +1,13 @@
-<h1>New App</h1>
+<div class="f3 w-60 center">
+  <h1>New App</h1>
 
-<%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :create)) %>
+  <%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :create)) %>
 
-<span><%= link "Back", to: Routes.app_path(@conn, :index) %></span>
+  <span><%= link "< Back", to: Routes.app_path(@conn, :index),
+  class: "fl pointer br2 ba b--orange bg-gold white pa3 f4 mt3
+  shadow-hover bg-animate hover-bg-orange border-box no-underline",
+  data:
+   [confirm: "Are you sure you want to disguard this form?
+    (The data cannot be recovered!)"]
+  %></span>
+</div>
\ No newline at end of file

From fdea23d5a4a642e9ef6ece366f195a12811a525c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 1 Sep 2020 15:58:22 +0100
Subject: [PATCH 071/166] update copy in test assertion "Listing Apps" > "Apps"
 #95

---
 lib/auth_web/templates/app/edit.html.eex      | 10 +++-
 lib/auth_web/templates/app/index.html.eex     | 23 ++++++--
 lib/auth_web/templates/app/show.html.eex      | 53 ++++++++++++-------
 .../controllers/app_controller_test.exs       |  2 +-
 4 files changed, 62 insertions(+), 26 deletions(-)

diff --git a/lib/auth_web/templates/app/edit.html.eex b/lib/auth_web/templates/app/edit.html.eex
index 28e61bad..03fb00e9 100644
--- a/lib/auth_web/templates/app/edit.html.eex
+++ b/lib/auth_web/templates/app/edit.html.eex
@@ -1,5 +1,13 @@
+<div class="f3 w-60 center">
 <h1>Edit App</h1>
 
 <%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :update, @app)) %>
 
-<span><%= link "Back", to: Routes.app_path(@conn, :index) %></span>
+
+  <span><%= link "< Back", to: Routes.app_path(@conn, :index),
+  class: "fl pointer br2 ba b--orange bg-gold white pa3 f4 mt3
+  shadow-hover bg-animate hover-bg-orange border-box no-underline",
+  data:
+   [confirm: "Any changes made will not be saved."]
+  %></span>
+</div>
\ No newline at end of file
diff --git a/lib/auth_web/templates/app/index.html.eex b/lib/auth_web/templates/app/index.html.eex
index 454dd2a1..3fd50ba5 100644
--- a/lib/auth_web/templates/app/index.html.eex
+++ b/lib/auth_web/templates/app/index.html.eex
@@ -15,10 +15,25 @@
       <td><%= app.description %></td>
       <td><%= app.url %></td>
       <td>
-        <span><%= link "Show", to: Routes.app_path(@conn, :show, app) %></span>
-        <span><%= link "Edit", to: Routes.app_path(@conn, :edit, app) %></span>
-        <span><%= link "Delete", to: Routes.app_path(@conn, :delete, app), method: :delete, data: [confirm: "Are you sure?"] %></span>
-      </td>
+          <span><%= link "View", to: Routes.app_path(@conn, :show, app),
+          class: "pointer br2 ba b--dark-blue bg-blue white pa3 ml1 mv1 f4
+                  bg-animate hover-bg-dark-blue border-box no-underline"
+           %>
+         </span>
+          <span><%= link "Edit", to: Routes.app_path(@conn, :edit, app),
+          class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
+                  bg-animate hover-bg-orange border-box no-underline"
+          %></span>
+          <span>
+          <%= link "Delete", to: Routes.app_path(@conn, :delete, app),
+          method: :delete,
+          class: "pointer br2 ba b--dark-red bg-red white pa3 ml1 mv1 f4
+                  bg-animate hover-bg-dark-red border-box no-underline",
+          data:
+           [confirm: "Are you sure you want to delete this App?
+          (This cannot be undone!)"] %>
+          </span>
+        </td>
     </tr>
 <% end %>
   </tbody>
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index f64d8a1c..1cda03f3 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -1,28 +1,41 @@
-<h1>Show App</h1>
+<div class="f3 w-70 center">
+  <h1>Your App</h1>
 
-<ul>
 
-  <li>
-    <strong>Name:</strong>
-    <%= @app.name %>
-  </li>
 
-  <li>
+  <p>
+    <strong>App Name:</strong>
+    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
+      <%= @app.name %>
+    </span>
+  </p>
+
+  <p>
     <strong>Description:</strong>
-    <%= @app.description %>
-  </li>
+    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
+      <%= @app.description %>
+    </span>
+  </p>
 
-  <li>
-    <strong>Url:</strong>
-    <%= @app.url %>
-  </li>
+  <p>
+    <strong>URL:</strong>
+    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
+      <%= @app.url %>
+    </span>
+  </p>
 
-  <li>
-    <strong>End:</strong>
-    <%= @app.end %>
-  </li>
 
-</ul>
+<span>
+  <%= link "< Back", to: Routes.app_path(@conn, :index),
+  class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
+  shadow-hover bg-animate hover-bg-orange border-box no-underline"
+  %>
+</span>
+<span>
+  <%= link "Edit", to: Routes.app_path(@conn, :edit, @app),
+  class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
+  shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
+  %>
+</span>
 
-<span><%= link "Edit", to: Routes.app_path(@conn, :edit, @app) %></span>
-<span><%= link "Back", to: Routes.app_path(@conn, :index) %></span>
+</div>
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 4d9aaf38..fd104950 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -16,7 +16,7 @@ defmodule AuthWeb.AppControllerTest do
     test "lists all apps", %{conn: conn} do
       conn = admin_login(conn)
       conn = get(conn, Routes.app_path(conn, :index))
-      assert html_response(conn, 200) =~ "Listing Apps"
+      assert html_response(conn, 200) =~ "Apps"
     end
   end
 

From 45b7dbeae578c21b8dcd7ba4d19e166fd9033b71 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 1 Sep 2020 16:09:07 +0100
Subject: [PATCH 072/166] fix failing test (assertion) "Show App" > "App" #95

---
 test/auth_web/controllers/app_controller_test.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index fd104950..58f25f24 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -37,7 +37,7 @@ defmodule AuthWeb.AppControllerTest do
       assert redirected_to(conn) == Routes.app_path(conn, :show, id)
 
       conn = get(conn, Routes.app_path(conn, :show, id))
-      assert html_response(conn, 200) =~ "Show App"
+      assert html_response(conn, 200) =~ "App"
     end
 
     test "renders errors when data is invalid", %{conn: conn} do

From ecc6043dd1baf33c6d86e0c630ed657d577eb35f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 2 Sep 2020 08:27:11 +0100
Subject: [PATCH 073/166] create apps before apikeys for #97

---
 lib/auth/apikey.ex                                       | 9 +++++----
 lib/auth/app.ex                                          | 3 ++-
 ...23_create_apps.exs => 20200424141937_create_apps.exs} | 4 ++--
 priv/repo/migrations/20200424141938_create_apikeys.exs   | 7 ++++---
 4 files changed, 13 insertions(+), 10 deletions(-)
 rename priv/repo/migrations/{20200830061923_create_apps.exs => 20200424141937_create_apps.exs} (81%)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 4c087636..20b32bab 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -12,11 +12,12 @@ defmodule Auth.Apikey do
   schema "apikeys" do
     field :client_secret, :binary
     field :client_id, :binary
-    field :description, :string
-    field :name, :string
-    field :url, :binary
+    # field :description, :string
+    # field :name, :string
+    # field :url, :binary
     field :person_id, :id
     field :status, :id
+    belongs_to :app, Auth.App
 
     timestamps()
   end
@@ -24,7 +25,7 @@ defmodule Auth.Apikey do
   @doc false
   def changeset(apikey, attrs) do
     apikey
-    |> cast(attrs, [:client_id, :client_secret, :name, :description, :url, :person_id])
+    |> cast(attrs, [:client_id, :client_secret, :person_id])
     |> validate_required([:client_secret])
   end
 
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index ae489fc7..b9ab7b86 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -16,7 +16,8 @@ defmodule Auth.App do
     field :url, :binary
     field :person_id, :id
     field :status, :id
-    field :apikey_id, :id
+    # field :apikey_id, :id
+    # has_many :apikeys, Auth.Status
 
     timestamps()
   end
diff --git a/priv/repo/migrations/20200830061923_create_apps.exs b/priv/repo/migrations/20200424141937_create_apps.exs
similarity index 81%
rename from priv/repo/migrations/20200830061923_create_apps.exs
rename to priv/repo/migrations/20200424141937_create_apps.exs
index 27757cf9..fad28f20 100644
--- a/priv/repo/migrations/20200830061923_create_apps.exs
+++ b/priv/repo/migrations/20200424141937_create_apps.exs
@@ -9,13 +9,13 @@ defmodule Auth.Repo.Migrations.CreateApps do
       add :end, :naive_datetime
       add :person_id, references(:people, on_delete: :nothing)
       add :status, references(:status, on_delete: :nothing)
-      add :apikey_id, references(:apikeys, on_delete: :nothing)
+      # add :apikey_id, references(:apikeys, on_delete: :nothing)
 
       timestamps()
     end
 
     create index(:apps, [:person_id])
     create index(:apps, [:status])
-    create index(:apps, [:apikey_id])
+    # create index(:apps, [:apikey_id])
   end
 end
diff --git a/priv/repo/migrations/20200424141938_create_apikeys.exs b/priv/repo/migrations/20200424141938_create_apikeys.exs
index d96c53f1..dededfa5 100644
--- a/priv/repo/migrations/20200424141938_create_apikeys.exs
+++ b/priv/repo/migrations/20200424141938_create_apikeys.exs
@@ -5,9 +5,10 @@ defmodule Auth.Repo.Migrations.CreateApikeys do
     create table(:apikeys) do
       add :client_id, :binary
       add :client_secret, :binary
-      add :name, :string
-      add :description, :text
-      add :url, :binary
+      # add :name, :string
+      # add :description, :text
+      # add :url, :binary
+      add :app_id, references(:apps, on_delete: :nothing)
       add :person_id, references(:people, on_delete: :nothing)
       add :status, references(:status, on_delete: :nothing)
 

From a4d5e5802f15b3166de198af854ba15b16e7ca50 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 2 Sep 2020 09:09:32 +0100
Subject: [PATCH 074/166] fix 1/4 failing auth tests #97

---
 lib/auth/apikey.ex                                 |  9 +++++++--
 lib/auth_web/controllers/auth_controller.ex        |  2 +-
 test/auth_web/controllers/auth_controller_test.exs | 13 +++++++++----
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 20b32bab..307ab315 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -25,8 +25,9 @@ defmodule Auth.Apikey do
   @doc false
   def changeset(apikey, attrs) do
     apikey
-    |> cast(attrs, [:client_id, :client_secret, :person_id])
+    |> cast(attrs, [:client_id, :client_secret, :person_id, :app_id])
     |> validate_required([:client_secret])
+    # |> put_assoc(:app, attrs.app_id)
   end
 
   def change_apikey(%Apikey{} = apikey) do
@@ -47,6 +48,7 @@ defmodule Auth.Apikey do
       )
 
     Repo.all(query)
+    |> Repo.preload(:app)
   end
 
   @doc """
@@ -63,7 +65,10 @@ defmodule Auth.Apikey do
       ** (Ecto.NoResultsError)
 
   """
-  def get_apikey!(id), do: Repo.get!(__MODULE__, id)
+  def get_apikey!(id) do
+    Repo.get!(__MODULE__, id)
+    |> Repo.preload(:apps)
+  end
 
   @doc """
   Updates a apikey.
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 30b605d8..6f48538c 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -434,7 +434,7 @@ defmodule AuthWeb.AuthController do
           k.client_id == client_id
         else
           # check url matches the state for all other keys:
-          k.client_id == client_id and state =~ k.url
+          k.client_id == client_id and state =~ k.app.url
         end
       end)
       |> List.first()
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 592410e8..61bfe329 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -58,10 +58,15 @@ defmodule AuthWeb.AuthControllerTest do
         auth_provider: "email"
       })
 
-    {:ok, key} =
-      %{"name" => "test key", "url" => "example.com"}
-      |> AuthWeb.ApikeyController.make_apikey(person.id)
-      |> Auth.Apikey.create_apikey()
+    app_data = %{
+      "name" => "example key",
+      "url" => "https://www.example.com",
+      "person_id" => person.id
+    }
+    {:ok, app} = Auth.App.create_app(app_data)
+    apikey_params = %{"app_id" => app.id}
+    key = AuthWeb.ApikeyController.make_apikey(apikey_params, person.id)
+    {:ok, key} = Auth.Apikey.create_apikey(key)
 
     state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
     secret = AuthWeb.AuthController.get_client_secret(key.client_id, state)

From b7188d0f152f86be5339d0f66721e99b01d0be47 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 2 Sep 2020 10:37:59 +0100
Subject: [PATCH 075/166] update seeds and tests to create App before API Key
 #97

---
 lib/auth/apikey.ex                            |  6 +++---
 lib/auth/app.ex                               |  4 +++-
 lib/auth_web/templates/apikey/index.html.eex  |  6 ------
 lib/auth_web/templates/apikey/show.html.eex   | 21 -------------------
 priv/repo/seeds.exs                           | 10 ++++++---
 .../controllers/apikey_controller_test.exs    |  9 ++++----
 6 files changed, 17 insertions(+), 39 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 307ab315..b4692648 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -25,9 +25,9 @@ defmodule Auth.Apikey do
   @doc false
   def changeset(apikey, attrs) do
     apikey
-    |> cast(attrs, [:client_id, :client_secret, :person_id, :app_id])
+    |> cast(attrs, [:client_id, :client_secret, :person_id])
     |> validate_required([:client_secret])
-    # |> put_assoc(:app, attrs.app_id)
+    |> put_assoc(:app, Map.get(attrs, "app"))
   end
 
   def change_apikey(%Apikey{} = apikey) do
@@ -67,7 +67,7 @@ defmodule Auth.Apikey do
   """
   def get_apikey!(id) do
     Repo.get!(__MODULE__, id)
-    |> Repo.preload(:apps)
+    |> Repo.preload(:app)
   end
 
   @doc """
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index b9ab7b86..c5ffb36d 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -17,7 +17,7 @@ defmodule Auth.App do
     field :person_id, :id
     field :status, :id
     # field :apikey_id, :id
-    # has_many :apikeys, Auth.Status
+    has_many :apikeys, Auth.Apikey
 
     timestamps()
   end
@@ -27,6 +27,8 @@ defmodule Auth.App do
     app
     |> cast(attrs, [:name, :description, :url, :end])
     |> validate_required([:name, :url])
+
+
   end
 
   @doc """
diff --git a/lib/auth_web/templates/apikey/index.html.eex b/lib/auth_web/templates/apikey/index.html.eex
index 5b9450b8..0fd7724b 100644
--- a/lib/auth_web/templates/apikey/index.html.eex
+++ b/lib/auth_web/templates/apikey/index.html.eex
@@ -6,9 +6,6 @@
     <thead>
       <tr class="f3">
         <th>AUTH_API_KEY</th>
-        <th>Name</th>
-        <th>Description</th>
-        <th>Url</th>
       </tr>
     </thead>
     <tbody>
@@ -17,9 +14,6 @@
         <td style="width:200px;">
         <%= apikey.client_id %>/<%= apikey.client_secret %>
         </td>
-        <td><%= apikey.name %></td>
-        <td><%= apikey.description %></td>
-        <td><%= apikey.url %></td>
 
         <td>
           <span><%= link "View", to: Routes.apikey_path(@conn, :show, apikey),
diff --git a/lib/auth_web/templates/apikey/show.html.eex b/lib/auth_web/templates/apikey/show.html.eex
index 96740c0d..b8c1377d 100644
--- a/lib/auth_web/templates/apikey/show.html.eex
+++ b/lib/auth_web/templates/apikey/show.html.eex
@@ -25,27 +25,6 @@
   </p>
 
 
-  <p>
-    <strong>Key Name:</strong>
-    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
-      <%= @apikey.name %>
-    </span>
-  </p>
-
-  <p>
-    <strong>Description:</strong>
-    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
-      <%= @apikey.description %>
-    </span>
-  </p>
-
-  <p>
-    <strong>URL:</strong>
-    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
-      <%= @apikey.url %>
-    </span>
-  </p>
-
 
 <span>
   <%= link "< Back", to: Routes.apikey_path(@conn, :index),
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 41152667..51a89c3a 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -38,15 +38,19 @@ defmodule Auth.Seeds do
   end
 
   def create_apikey_for_admin(person) do
-    {:ok, key} =
+    {:ok, app} =
       %{
-        "name" => "system admin key",
+        "name" => "default system app",
         "description" => "Created by /priv/repo/seeds.exs during setup.",
         "url" => "localhost:4000"
       }
-      |> AuthWeb.ApikeyController.make_apikey(person.id)
+      |> Auth.App.create_app()
+
+    {:ok, key} = AuthWeb.ApikeyController.make_apikey(%{"app" => app}, person.id)
       |> Auth.Apikey.create_apikey()
 
+    # IO.inspect(key, label: "key")
+
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
     if(Mix.env() == :test) do
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 1d717704..64464346 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -5,7 +5,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   # alias Auth.Apikey
   # alias AuthWeb.ApikeyController, as: Ctrl
   @email System.get_env("ADMIN_EMAIL")
-  @create_attrs %{description: "some description", name: "some name", url: "some url"}
+  @create_attrs %{description: "some description", name: "some name", url: "localhost"}
   @update_attrs %{
     client_secret: "updated client sec",
     description: "some updated desc",
@@ -94,9 +94,11 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "create apikey" do
     test "redirects to show when data is valid", %{conn: conn} do
+      {:ok, app} = Auth.App.create_app(@create_attrs)
+
       conn =
         admin_login(conn)
-        |> post(Routes.apikey_path(conn, :create), apikey: @create_attrs)
+        |> post(Routes.apikey_path(conn, :create), apikey: %{"app" => app})
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.apikey_path(conn, :show, id)
@@ -162,9 +164,6 @@ defmodule AuthWeb.ApikeyControllerTest do
 
       conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
       assert redirected_to(conn) == Routes.apikey_path(conn, :show, key)
-
-      conn = get(conn, Routes.apikey_path(conn, :show, key))
-      assert html_response(conn, 200) =~ "some updated desc"
     end
 
     test "renders errors when data is invalid", %{conn: conn} do

From 87c52d6da8191fcccda3526a84eb21ee4288621c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 3 Sep 2020 08:12:09 +0100
Subject: [PATCH 076/166] fix failing tests for Apps #97

---
 test/auth/app_test.exs                             | 3 ++-
 test/auth_web/controllers/auth_controller_test.exs | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/auth/app_test.exs b/test/auth/app_test.exs
index 13b5b017..040c8ee7 100644
--- a/test/auth/app_test.exs
+++ b/test/auth/app_test.exs
@@ -19,7 +19,8 @@ defmodule Auth.AppTest do
 
     test "list_apps/0 returns all apps" do
       app = app_fixture()
-      assert App.list_apps() == [app]
+      a = List.first(Enum.filter(App.list_apps(), fn(a) -> a.id == app.id end))
+      assert a.id == app.id
     end
 
     test "get_app!/1 returns the app with given id" do
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 61bfe329..fbdd131c 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -64,7 +64,7 @@ defmodule AuthWeb.AuthControllerTest do
       "person_id" => person.id
     }
     {:ok, app} = Auth.App.create_app(app_data)
-    apikey_params = %{"app_id" => app.id}
+    apikey_params = %{"app" => app}
     key = AuthWeb.ApikeyController.make_apikey(apikey_params, person.id)
     {:ok, key} = Auth.Apikey.create_apikey(key)
 

From 5d52ed3a0e1f4afbfbcafb53a716cbe809854210 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 13:08:49 +0100
Subject: [PATCH 077/166] [WiP:TestsFailing] automatically create API key when
 new app is inserted see:
 https://github.com/dwyl/auth/issues/97#issuecomment-688821757

---
 lib/auth/app.ex                            | 16 ++++++++++---
 lib/auth_web/controllers/app_controller.ex |  1 +
 lib/auth_web/templates/app/show.html.eex   | 28 ++++++++++++++++++----
 priv/repo/seeds.exs                        |  3 ++-
 test/auth/apikey_test.exs                  |  4 ++--
 test/auth/app_test.exs                     |  5 ++--
 6 files changed, 45 insertions(+), 12 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index c5ffb36d..02c0c1ff 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -25,7 +25,7 @@ defmodule Auth.App do
   @doc false
   def changeset(app, attrs) do
     app
-    |> cast(attrs, [:name, :description, :url, :end])
+    |> cast(attrs, [:name, :description, :url, :end, :person_id])
     |> validate_required([:name, :url])
 
 
@@ -58,7 +58,10 @@ defmodule Auth.App do
       ** (Ecto.NoResultsError)
 
   """
-  def get_app!(id), do: Repo.get!(App, id)
+  def get_app!(id) do
+    Repo.get!(App, id)
+    |> Repo.preload(:apikeys)
+  end
 
   @doc """
   Creates a app.
@@ -73,9 +76,16 @@ defmodule Auth.App do
 
   """
   def create_app(attrs \\ %{}) do
-    %App{}
+    {:ok, app} = %App{}
     |> App.changeset(attrs)
     |> Repo.insert()
+
+    # Create API Key for App https://github.com/dwyl/auth/issues/97
+    AuthWeb.ApikeyController.make_apikey(%{"app" => app}, app.person_id)
+    |> Auth.Apikey.create_apikey()
+
+    # return the App with the API Key preloaded:
+    {:ok, get_app!(app.id)}
   end
 
   @doc """
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 4f0cbbc6..896b2c31 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -26,6 +26,7 @@ defmodule AuthWeb.AppController do
 
   def show(conn, %{"id" => id}) do
     app = App.get_app!(id)
+    IO.inspect(app, label: "app 29")
     render(conn, "show.html", app: app)
   end
 
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index 1cda03f3..6c97ca60 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -1,10 +1,10 @@
 <div class="f3 w-70 center">
-  <h1>Your App</h1>
+  <h1 class="tc">Your App</h1>
 
 
 
   <p>
-    <strong>App Name:</strong>
+    <strong>Name:</strong>
     <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
       <%= @app.name %>
     </span>
@@ -24,16 +24,36 @@
     </span>
   </p>
 
+  <%= for apikey <- @app.apikeys do %>
+    <p><strong>AUTH_API_KEY:</strong>
+      <div style="font-size: 1.2em;
+      overflow-wrap: break-word; font-family: monospace;
+      border: 1px solid black; padding: 10px; background-color: #EBEDEF;">
+      <%= apikey.client_id %>/<%= apikey.client_secret %>
+      </div>
+    </p>
+
+    <p> Export it as an environment variable:
+      <div style="font-size: 1.2em;
+      overflow-wrap: break-word; font-family: monospace;
+      border: 1px solid black; padding: 10px; background-color: #EBEDEF;">
+      export AUTH_API_KEY=<%= apikey.client_id %>/<%= apikey.client_secret %>
+      </div>
+    </p>
+  <% end %>
+
+
+
 
 <span>
   <%= link "< Back", to: Routes.app_path(@conn, :index),
-  class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
+  class: "fl pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
   shadow-hover bg-animate hover-bg-orange border-box no-underline"
   %>
 </span>
 <span>
   <%= link "Edit", to: Routes.app_path(@conn, :edit, @app),
-  class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
+  class: "fr pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
   shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
   %>
 </span>
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 51a89c3a..4b2a4627 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -42,7 +42,8 @@ defmodule Auth.Seeds do
       %{
         "name" => "default system app",
         "description" => "Created by /priv/repo/seeds.exs during setup.",
-        "url" => "localhost:4000"
+        "url" => "localhost:4000",
+        "person_id" => person.id
       }
       |> Auth.App.create_app()
 
diff --git a/test/auth/apikey_test.exs b/test/auth/apikey_test.exs
index 3e262bf8..12d617a5 100644
--- a/test/auth/apikey_test.exs
+++ b/test/auth/apikey_test.exs
@@ -8,7 +8,7 @@ defmodule Auth.ApikeyTest do
     person = Auth.Person.get_person_by_email(@email)
 
     keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) == 1
+    assert length(keys) > 1
 
     # Insert Two API keys:
     params = %{
@@ -27,6 +27,6 @@ defmodule Auth.ApikeyTest do
     |> Auth.Apikey.create_apikey()
 
     keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) == 3
+    assert length(keys) > 3
   end
 end
diff --git a/test/auth/app_test.exs b/test/auth/app_test.exs
index 040c8ee7..c885dec7 100644
--- a/test/auth/app_test.exs
+++ b/test/auth/app_test.exs
@@ -24,8 +24,9 @@ defmodule Auth.AppTest do
     end
 
     test "get_app!/1 returns the app with given id" do
-      app = app_fixture()
-      assert App.get_app!(app.id) == app
+      app = app_fixture(%{person_id: 1})
+      a = App.get_app!(app.id)
+      assert a.id == app.id
     end
 
     test "create_app/1 with valid data creates a app" do

From 22f5d5049a5f7b3db4bc8388ef2c3094bbd32168 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 15:19:41 +0100
Subject: [PATCH 078/166] create statuses.json for #101

---
 priv/repo/statuses.json | 57 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 priv/repo/statuses.json

diff --git a/priv/repo/statuses.json b/priv/repo/statuses.json
new file mode 100644
index 00000000..b03758db
--- /dev/null
+++ b/priv/repo/statuses.json
@@ -0,0 +1,57 @@
+[
+  {
+    "text": "unverified", 
+    "id": "1",
+    "desc": "People are considered unverified until they confirm their email address"
+  },
+  {
+    "text": "verified", 
+    "id": "2",
+    "desc": "People are verified once they confirm their email address"
+  },
+  {
+    "text": "uncategorized", 
+    "id": "3",
+    "desc": "All items are uncategorized when they are first created. (Yes, American spelling)"
+  },
+  {
+    "text": "active", 
+    "id": "4",
+    "desc": "An App, Item or Person can be active; this is the default state for an App"
+  },
+  {
+    "text": "flagged", 
+    "id": "5",
+    "desc": "A flagged App, Item or Person requires admin attention"
+  },
+  {
+    "text": "deleted", 
+    "id": "6",
+    "desc": "Soft-deleted items that no longer appear in UI but are kept for audit trail purposes"
+  },
+  {
+    "text": "pending", 
+    "id": "7",
+    "desc": "When an email or item is ready to be started/sent is still pending"
+  },
+  {
+    "text": "sent", 
+    "id": "8",
+    "desc": "An email that has been sent but not yet opened"
+  },
+  {
+    "text": "opened", 
+    "id": "9",
+    "desc": "When an email is opened by the recipient"
+  },
+  {
+    "text": "bounce_transient", 
+    "id": "10",
+    "desc": "Temporary email bounce e.g. because inbox is full"
+  },
+  {
+    "text": "bounce_permanent", 
+    "id": "11",
+    "desc": "Permanent email bounce e.g. when inbox doesn't exist"
+  }
+]
\ No newline at end of file

From 2aa97f74e24b4121e8944403e1488d24fcce424f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 18:14:13 +0100
Subject: [PATCH 079/166] create insert_statuses/0 for #101

---
 lib/auth/person.ex                            |  2 +-
 lib/auth/status.ex                            | 13 ++++++-----
 .../20191113100912_create_status.exs          |  1 +
 priv/repo/seeds.exs                           | 22 ++++++++++++++-----
 priv/repo/statuses.json                       | 16 +++++++-------
 test/auth/status_test.exs                     |  6 ++---
 6 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index f2111a7c..a38830fa 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -188,7 +188,7 @@ defmodule Auth.Person do
   end
 
   def get_status_verified do
-    status = Auth.Status.upsert_status("verified")
+    status = Auth.Status.upsert_status(%{"text" => "verified"})
     status.id
   end
 
diff --git a/lib/auth/status.ex b/lib/auth/status.ex
index fe3f4ceb..94471188 100644
--- a/lib/auth/status.ex
+++ b/lib/auth/status.ex
@@ -7,6 +7,7 @@ defmodule Auth.Status do
 
   schema "status" do
     field :text, :string
+    field :desc, :string
     belongs_to :person, Auth.Person
 
     timestamps()
@@ -15,24 +16,26 @@ defmodule Auth.Status do
   @doc false
   def changeset(status, attrs) do
     status
-    |> cast(attrs, [:text])
+    |> cast(attrs, [:text, :desc])
     |> validate_required([:text])
   end
 
-  def create_status(text, person) do
+  def create_status(attrs, person) do
     %Status{}
-    |> changeset(%{text: text})
+    |> changeset(attrs)
     |> put_assoc(:person, person)
     |> Repo.insert!()
   end
 
-  def upsert_status(text) do
+  def upsert_status(attrs) do
+    text = Map.get(attrs, "text")
+    |> IO.inspect(label: "text")
     case Auth.Repo.get_by(__MODULE__, text: text) do
       # create status
       nil ->
         email = System.get_env("ADMIN_EMAIL")
         person = Auth.Person.get_person_by_email(email)
-        create_status(text, person)
+        create_status(attrs, person)
 
       status ->
         status
diff --git a/priv/repo/migrations/20191113100912_create_status.exs b/priv/repo/migrations/20191113100912_create_status.exs
index 6d19f2c7..df640170 100644
--- a/priv/repo/migrations/20191113100912_create_status.exs
+++ b/priv/repo/migrations/20191113100912_create_status.exs
@@ -4,6 +4,7 @@ defmodule Auth.Repo.Migrations.CreateStatus do
   def change do
     create table(:status) do
       add :text, :string
+      add :desc, :string
 
       timestamps()
     end
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 4b2a4627..398cfaa7 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -10,7 +10,7 @@
 defmodule Auth.Seeds do
   alias Auth.{Person, Repo, Status}
   # put_assoc
-  import Ecto.Changeset
+  # import Ecto.Changeset
 
   def create_admin do
     email = System.get_env("ADMIN_EMAIL")
@@ -20,9 +20,10 @@ defmodule Auth.Seeds do
         nil ->
           %Person{}
           |> Person.changeset(%{email: email})
-          |> put_assoc(:statuses, [%Status{text: "verified"}])
+          # |> put_assoc(:statuses, [%Status{text: "verified"}])
           |> Repo.insert!()
 
+
         person ->
           person
       end
@@ -103,8 +104,8 @@ Auth.Seeds.create_admin()
 |> Auth.Seeds.create_apikey_for_admin()
 
 # scripts for creating default roles and permissions
-defmodule SetupRoles do
-  alias Auth.Role
+defmodule SeedData do
+  alias Auth.{Role, Status}
 
   def get_json(filepath) do
     # IO.inspect(filepath, label: "filepath")
@@ -116,7 +117,7 @@ defmodule SetupRoles do
     json
   end
 
-  def create_default_roles() do
+  def create_default_roles do
     json = get_json("/priv/repo/default_roles.json")
 
     Enum.each(json, fn role ->
@@ -124,8 +125,17 @@ defmodule SetupRoles do
       # |> IO.inspect()
     end)
   end
+
+  def insert_statuses do
+    json = get_json("/priv/repo/statuses.json")
+    Enum.each(json, fn s ->
+      Status.upsert_status(s)
+    end)
+
+  end
 end
 
-SetupRoles.create_default_roles()
+SeedData.create_default_roles()
+SeedData.insert_statuses()
 # grant superadmin role to app owner:
 Auth.PeopleRoles.insert(1, 1, 1)
diff --git a/priv/repo/statuses.json b/priv/repo/statuses.json
index b03758db..0427ab2c 100644
--- a/priv/repo/statuses.json
+++ b/priv/repo/statuses.json
@@ -1,23 +1,23 @@
 [
   {
-    "text": "unverified", 
+    "text": "verified", 
     "id": "1",
-    "desc": "People are considered unverified until they confirm their email address"
+    "desc": "People are verified once they confirm their email address"
   },
   {
-    "text": "verified", 
+    "text": "uncategorized", 
     "id": "2",
-    "desc": "People are verified once they confirm their email address"
+    "desc": "All items are uncategorized when they are first created. (Yes, US spelling)"
   },
   {
-    "text": "uncategorized", 
+    "text": "active", 
     "id": "3",
-    "desc": "All items are uncategorized when they are first created. (Yes, American spelling)"
+    "desc": "An App, Item or Person can be active; this is the default state for an App"
   },
   {
-    "text": "active", 
+    "text": "done", 
     "id": "4",
-    "desc": "An App, Item or Person can be active; this is the default state for an App"
+    "desc": "Items marked as done are complete"
   },
   {
     "text": "flagged", 
diff --git a/test/auth/status_test.exs b/test/auth/status_test.exs
index 76addb66..a71018d7 100644
--- a/test/auth/status_test.exs
+++ b/test/auth/status_test.exs
@@ -3,10 +3,10 @@ defmodule Auth.StatusTest do
   alias Auth.{Status}
 
   test "upsert_status/1 inserts or updates a status record" do
-    status = Status.upsert_status("verified")
+    status = Status.upsert_status(%{"text" => "verified"})
     assert status.id == 1
 
-    new_status = Status.upsert_status("amaze")
-    assert new_status.id == 2
+    new_status = Status.upsert_status(%{"text" => "amaze"})
+    assert new_status.id == 12
   end
 end

From 205c828a8d109051f4066ef465fbcad6dbc55373 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 19:13:01 +0100
Subject: [PATCH 080/166] rework create_app/1 to use case statement for errors
 #97

---
 lib/auth/app.ex                               | 22 ++++++++++---------
 lib/auth_web/controllers/app_controller.ex    |  2 +-
 .../controllers/app_controller_test.exs       |  2 +-
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 02c0c1ff..c450045e 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -76,16 +76,18 @@ defmodule Auth.App do
 
   """
   def create_app(attrs \\ %{}) do
-    {:ok, app} = %App{}
-    |> App.changeset(attrs)
-    |> Repo.insert()
-
-    # Create API Key for App https://github.com/dwyl/auth/issues/97
-    AuthWeb.ApikeyController.make_apikey(%{"app" => app}, app.person_id)
-    |> Auth.Apikey.create_apikey()
-
-    # return the App with the API Key preloaded:
-    {:ok, get_app!(app.id)}
+    case %App{} |> App.changeset(attrs) |> Repo.insert() do
+      {:ok, app} ->
+        # Create API Key for App https://github.com/dwyl/auth/issues/97
+        AuthWeb.ApikeyController.make_apikey(%{"app" => app}, app.person_id)
+        |> Auth.Apikey.create_apikey()
+
+        # return the App with the API Key preloaded:
+        {:ok, get_app!(app.id)}
+
+      {:error, err} ->
+        {:error, err}
+    end
   end
 
   @doc """
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 896b2c31..86c543b5 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -26,7 +26,7 @@ defmodule AuthWeb.AppController do
 
   def show(conn, %{"id" => id}) do
     app = App.get_app!(id)
-    IO.inspect(app, label: "app 29")
+    # restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
     render(conn, "show.html", app: app)
   end
 
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 58f25f24..a1817e74 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -5,7 +5,7 @@ defmodule AuthWeb.AppControllerTest do
 
   @create_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
   @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
-  @invalid_attrs %{description: nil, end: nil, name: nil, url: nil}
+  @invalid_attrs %{description: nil, end: nil, name: nil, url: nil, person_id: nil}
 
   def fixture(:app) do
     {:ok, app} = App.create_app(@create_attrs)

From 2da212d7cf2f6ca463219c010a6bbbb4d403493a Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 19:13:18 +0100
Subject: [PATCH 081/166] mix format

---
 lib/auth/app.ex                                  |  2 --
 lib/auth/status.ex                               |  6 ++++--
 lib/auth_web/controllers/app_controller.ex       |  2 +-
 lib/auth_web/controllers/people_controller.ex    |  1 +
 priv/repo/seeds.exs                              |  6 +++---
 test/auth/app_test.exs                           | 16 +++++++++++++---
 .../auth_web/controllers/app_controller_test.exs | 15 +++++++++++++--
 .../controllers/auth_controller_test.exs         |  1 +
 8 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index c450045e..7c919366 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -27,8 +27,6 @@ defmodule Auth.App do
     app
     |> cast(attrs, [:name, :description, :url, :end, :person_id])
     |> validate_required([:name, :url])
-
-
   end
 
   @doc """
diff --git a/lib/auth/status.ex b/lib/auth/status.ex
index 94471188..9f11f069 100644
--- a/lib/auth/status.ex
+++ b/lib/auth/status.ex
@@ -28,8 +28,10 @@ defmodule Auth.Status do
   end
 
   def upsert_status(attrs) do
-    text = Map.get(attrs, "text")
-    |> IO.inspect(label: "text")
+    text =
+      Map.get(attrs, "text")
+      |> IO.inspect(label: "text")
+
     case Auth.Repo.get_by(__MODULE__, text: text) do
       # create status
       nil ->
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 86c543b5..720c41af 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -26,7 +26,7 @@ defmodule AuthWeb.AppController do
 
   def show(conn, %{"id" => id}) do
     app = App.get_app!(id)
-    # restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
+    #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
     render(conn, "show.html", app: app)
   end
 
diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index 21fd53ab..1a7dc42e 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -29,6 +29,7 @@ defmodule AuthWeb.PeopleController do
     # should be visible to superadmin and people with "admin" role
     if conn.assigns.person.id == 1 do
       person = Auth.Person.get_person_by_id(Map.get(params, "person_id"))
+
       render(conn, :profile,
         person: person,
         roles: Auth.PeopleRoles.get_roles_for_person(person.id),
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 398cfaa7..1408ab28 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -23,7 +23,6 @@ defmodule Auth.Seeds do
           # |> put_assoc(:statuses, [%Status{text: "verified"}])
           |> Repo.insert!()
 
-
         person ->
           person
       end
@@ -48,7 +47,8 @@ defmodule Auth.Seeds do
       }
       |> Auth.App.create_app()
 
-    {:ok, key} = AuthWeb.ApikeyController.make_apikey(%{"app" => app}, person.id)
+    {:ok, key} =
+      AuthWeb.ApikeyController.make_apikey(%{"app" => app}, person.id)
       |> Auth.Apikey.create_apikey()
 
     # IO.inspect(key, label: "key")
@@ -128,10 +128,10 @@ defmodule SeedData do
 
   def insert_statuses do
     json = get_json("/priv/repo/statuses.json")
+
     Enum.each(json, fn s ->
       Status.upsert_status(s)
     end)
-
   end
 end
 
diff --git a/test/auth/app_test.exs b/test/auth/app_test.exs
index c885dec7..0082351c 100644
--- a/test/auth/app_test.exs
+++ b/test/auth/app_test.exs
@@ -4,8 +4,18 @@ defmodule Auth.AppTest do
   describe "apps" do
     alias Auth.App
 
-    @valid_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
-    @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
+    @valid_attrs %{
+      description: "some description",
+      end: ~N[2010-04-17 14:00:00],
+      name: "some name",
+      url: "some url"
+    }
+    @update_attrs %{
+      description: "some updated description",
+      end: ~N[2011-05-18 15:01:01],
+      name: "some updated name",
+      url: "some updated url"
+    }
     @invalid_attrs %{description: nil, end: nil, name: nil, url: nil}
 
     def app_fixture(attrs \\ %{}) do
@@ -19,7 +29,7 @@ defmodule Auth.AppTest do
 
     test "list_apps/0 returns all apps" do
       app = app_fixture()
-      a = List.first(Enum.filter(App.list_apps(), fn(a) -> a.id == app.id end))
+      a = List.first(Enum.filter(App.list_apps(), fn a -> a.id == app.id end))
       assert a.id == app.id
     end
 
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index a1817e74..b60de7d8 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -3,8 +3,18 @@ defmodule AuthWeb.AppControllerTest do
 
   alias Auth.App
 
-  @create_attrs %{description: "some description", end: ~N[2010-04-17 14:00:00], name: "some name", url: "some url"}
-  @update_attrs %{description: "some updated description", end: ~N[2011-05-18 15:01:01], name: "some updated name", url: "some updated url"}
+  @create_attrs %{
+    description: "some description",
+    end: ~N[2010-04-17 14:00:00],
+    name: "some name",
+    url: "some url"
+  }
+  @update_attrs %{
+    description: "some updated description",
+    end: ~N[2011-05-18 15:01:01],
+    name: "some updated name",
+    url: "some updated url"
+  }
   @invalid_attrs %{description: nil, end: nil, name: nil, url: nil, person_id: nil}
 
   def fixture(:app) do
@@ -83,6 +93,7 @@ defmodule AuthWeb.AppControllerTest do
       conn = admin_login(conn)
       conn = delete(conn, Routes.app_path(conn, :delete, app))
       assert redirected_to(conn) == Routes.app_path(conn, :index)
+
       assert_error_sent 404, fn ->
         get(conn, Routes.app_path(conn, :show, app))
       end
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index fbdd131c..2c86abfc 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -63,6 +63,7 @@ defmodule AuthWeb.AuthControllerTest do
       "url" => "https://www.example.com",
       "person_id" => person.id
     }
+
     {:ok, app} = Auth.App.create_app(app_data)
     apikey_params = %{"app" => app}
     key = AuthWeb.ApikeyController.make_apikey(apikey_params, person.id)

From 0ae675b346a91a2f08c53b46679993bfacba50da Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 22:37:32 +0100
Subject: [PATCH 082/166] fix failing tests #102

---
 lib/auth/apikey.ex                            |  2 +-
 lib/auth/app.ex                               | 29 +++++++++++++++----
 lib/auth/status.ex                            |  6 +---
 lib/auth_web/controllers/app_controller.ex    |  3 ++
 lib/auth_web/templates/app/form.html.eex      |  6 ++--
 lib/auth_web/templates/app/index.html.eex     |  2 +-
 lib/auth_web/templates/app/show.html.eex      |  2 +-
 .../migrations/20200424141937_create_apps.exs |  2 +-
 priv/repo/seeds.exs                           | 21 +++++++-------
 test/auth/apikey_test.exs                     |  4 +--
 test/auth/app_test.exs                        | 17 ++++++-----
 .../controllers/app_controller_test.exs       | 12 ++++----
 .../controllers/auth_controller_test.exs      |  3 +-
 13 files changed, 66 insertions(+), 43 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index b4692648..33ea3af9 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -101,6 +101,6 @@ defmodule Auth.Apikey do
 
   """
   def delete_apikey(%Apikey{} = apikey) do
-    Repo.delete(apikey)
+    Repo.delete(apikey) |> IO.inspect(label: "delete_apikey:104")
   end
 end
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 7c919366..a64584de 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -10,7 +10,7 @@ defmodule Auth.App do
   alias __MODULE__
 
   schema "apps" do
-    field :description, :binary
+    field :desc, :binary
     field :end, :naive_datetime
     field :name, :binary
     field :url, :binary
@@ -25,7 +25,7 @@ defmodule Auth.App do
   @doc false
   def changeset(app, attrs) do
     app
-    |> cast(attrs, [:name, :description, :url, :end, :person_id])
+    |> cast(attrs, [:name, :desc, :url, :end, :person_id, :status])
     |> validate_required([:name, :url])
   end
 
@@ -39,7 +39,10 @@ defmodule Auth.App do
 
   """
   def list_apps do
-    Repo.all(App)
+    App
+    |> where([a], a.status != 6)
+    |> Repo.all()
+
   end
 
   @doc """
@@ -57,8 +60,18 @@ defmodule Auth.App do
 
   """
   def get_app!(id) do
-    Repo.get!(App, id)
+    # IO.inspect(id, label: "get_app!/1 id:60")
+    # Repo.get!(App, id, where: :status != 6)
+    # Repo.get!(App, id, where: :status not in [6])
+    # |> Repo.preload(:apikeys)
+    # |> IO.inspect(label: "get_app!:63")
+    App
+    |> where([a], a.id == ^id and a.status != 6)
+    # |> select([:id, :name, :url, :desc])
+    |> Repo.one()
     |> Repo.preload(:apikeys)
+    # |> IO.inspect(label: "app:69")
+
   end
 
   @doc """
@@ -74,6 +87,8 @@ defmodule Auth.App do
 
   """
   def create_app(attrs \\ %{}) do
+    # IO.inspect(attrs, label: "attrs:87")
+    # attrs = Map.merge(attrs, %{status: 3}) # active
     case %App{} |> App.changeset(attrs) |> Repo.insert() do
       {:ok, app} ->
         # Create API Key for App https://github.com/dwyl/auth/issues/97
@@ -119,7 +134,11 @@ defmodule Auth.App do
 
   """
   def delete_app(%App{} = app) do
-    Repo.delete(app)
+    # IO.inspect(app, label: "app:131")
+    # Repo.delete(app)
+    # |> IO.inspect(label: "delete")
+    update_app(app, %{status: 6})
+    # |> IO.inspect(label: "delete:135")
   end
 
   @doc """
diff --git a/lib/auth/status.ex b/lib/auth/status.ex
index 9f11f069..9bd4a9c2 100644
--- a/lib/auth/status.ex
+++ b/lib/auth/status.ex
@@ -28,11 +28,7 @@ defmodule Auth.Status do
   end
 
   def upsert_status(attrs) do
-    text =
-      Map.get(attrs, "text")
-      |> IO.inspect(label: "text")
-
-    case Auth.Repo.get_by(__MODULE__, text: text) do
+    case Auth.Repo.get_by(__MODULE__, text: Map.get(attrs, "text")) do
       # create status
       nil ->
         email = System.get_env("ADMIN_EMAIL")
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 720c41af..703d6868 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -13,8 +13,10 @@ defmodule AuthWeb.AppController do
   end
 
   def create(conn, %{"app" => app_params}) do
+    # IO.inspect(app_params, label: "app_params:16")
     case App.create_app(app_params) do
       {:ok, app} ->
+        # IO.inspect(app, label: "app:19")
         conn
         |> put_flash(:info, "App created successfully.")
         |> redirect(to: Routes.app_path(conn, :show, app))
@@ -31,6 +33,7 @@ defmodule AuthWeb.AppController do
   end
 
   def edit(conn, %{"id" => id}) do
+    # IO.inspect(id, label: "edit id:36")
     app = App.get_app!(id)
     changeset = App.change_app(app)
     render(conn, "edit.html", app: app, changeset: changeset)
diff --git a/lib/auth_web/templates/app/form.html.eex b/lib/auth_web/templates/app/form.html.eex
index ae40a158..76b51489 100644
--- a/lib/auth_web/templates/app/form.html.eex
+++ b/lib/auth_web/templates/app/form.html.eex
@@ -10,10 +10,10 @@
     placeholder: "A distinctive name"%>
   <%= error_tag f, :name %>
   <br />
-  <%= label f, :description, class: "mt3" %>
-  <%= textarea f, :description, class: "db w-100 mt2 pa2 ba b--black",
+  <%= label f, :desc, class: "mt3" %>
+  <%= textarea f, :desc, class: "db w-100 mt2 pa2 ba b--black",
     placeholder: "Be as descriptive as possible." %>
-  <%= error_tag f, :description %>
+  <%= error_tag f, :desc %>
   <br />
   <%= label f, :url, class: "pt3" %>
   <%= text_input f, :url, class: "db w-100 mt2 pa2 ba b--dark-grey",
diff --git a/lib/auth_web/templates/app/index.html.eex b/lib/auth_web/templates/app/index.html.eex
index 3fd50ba5..d574cdc6 100644
--- a/lib/auth_web/templates/app/index.html.eex
+++ b/lib/auth_web/templates/app/index.html.eex
@@ -12,7 +12,7 @@
 <%= for app <- @apps do %>
     <tr>
       <td><%= app.name %></td>
-      <td><%= app.description %></td>
+      <td><%= app.desc %></td>
       <td><%= app.url %></td>
       <td>
           <span><%= link "View", to: Routes.app_path(@conn, :show, app),
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index 6c97ca60..fc5eac3b 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -13,7 +13,7 @@
   <p>
     <strong>Description:</strong>
     <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
-      <%= @app.description %>
+      <%= @app.desc %>
     </span>
   </p>
 
diff --git a/priv/repo/migrations/20200424141937_create_apps.exs b/priv/repo/migrations/20200424141937_create_apps.exs
index fad28f20..9e907bf8 100644
--- a/priv/repo/migrations/20200424141937_create_apps.exs
+++ b/priv/repo/migrations/20200424141937_create_apps.exs
@@ -4,7 +4,7 @@ defmodule Auth.Repo.Migrations.CreateApps do
   def change do
     create table(:apps) do
       add :name, :binary
-      add :description, :binary
+      add :desc, :binary
       add :url, :binary
       add :end, :naive_datetime
       add :person_id, references(:people, on_delete: :nothing)
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 1408ab28..48ae48a9 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -41,17 +41,16 @@ defmodule Auth.Seeds do
     {:ok, app} =
       %{
         "name" => "default system app",
-        "description" => "Created by /priv/repo/seeds.exs during setup.",
+        "desc" => "Created by /priv/repo/seeds.exs during setup.",
         "url" => "localhost:4000",
-        "person_id" => person.id
+        "person_id" => person.id,
+        "status" => 3
       }
       |> Auth.App.create_app()
 
-    {:ok, key} =
-      AuthWeb.ApikeyController.make_apikey(%{"app" => app}, person.id)
-      |> Auth.Apikey.create_apikey()
-
-    # IO.inspect(key, label: "key")
+    # API Key is automatically created by create_app/1
+    # https://github.com/dwyl/auth/issues/97
+    key = List.first(app.apikeys)
 
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
@@ -100,9 +99,6 @@ defmodule Auth.Seeds do
   end
 end
 
-Auth.Seeds.create_admin()
-|> Auth.Seeds.create_apikey_for_admin()
-
 # scripts for creating default roles and permissions
 defmodule SeedData do
   alias Auth.{Role, Status}
@@ -135,7 +131,10 @@ defmodule SeedData do
   end
 end
 
-SeedData.create_default_roles()
 SeedData.insert_statuses()
+Auth.Seeds.create_admin()
+|> Auth.Seeds.create_apikey_for_admin()
+
+SeedData.create_default_roles()
 # grant superadmin role to app owner:
 Auth.PeopleRoles.insert(1, 1, 1)
diff --git a/test/auth/apikey_test.exs b/test/auth/apikey_test.exs
index 12d617a5..3e262bf8 100644
--- a/test/auth/apikey_test.exs
+++ b/test/auth/apikey_test.exs
@@ -8,7 +8,7 @@ defmodule Auth.ApikeyTest do
     person = Auth.Person.get_person_by_email(@email)
 
     keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) > 1
+    assert length(keys) == 1
 
     # Insert Two API keys:
     params = %{
@@ -27,6 +27,6 @@ defmodule Auth.ApikeyTest do
     |> Auth.Apikey.create_apikey()
 
     keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) > 3
+    assert length(keys) == 3
   end
 end
diff --git a/test/auth/app_test.exs b/test/auth/app_test.exs
index 0082351c..b5ff61e1 100644
--- a/test/auth/app_test.exs
+++ b/test/auth/app_test.exs
@@ -5,16 +5,18 @@ defmodule Auth.AppTest do
     alias Auth.App
 
     @valid_attrs %{
-      description: "some description",
+      desc: "some description",
       end: ~N[2010-04-17 14:00:00],
       name: "some name",
-      url: "some url"
+      url: "some url",
+      status: 3
     }
     @update_attrs %{
-      description: "some updated description",
+      desc: "some updated description",
       end: ~N[2011-05-18 15:01:01],
       name: "some updated name",
-      url: "some updated url"
+      url: "some updated url",
+      status: 3
     }
     @invalid_attrs %{description: nil, end: nil, name: nil, url: nil}
 
@@ -41,7 +43,7 @@ defmodule Auth.AppTest do
 
     test "create_app/1 with valid data creates a app" do
       assert {:ok, %App{} = app} = App.create_app(@valid_attrs)
-      assert app.description == "some description"
+      assert app.desc == "some description"
       assert app.end == ~N[2010-04-17 14:00:00]
       assert app.name == "some name"
       assert app.url == "some url"
@@ -54,7 +56,7 @@ defmodule Auth.AppTest do
     test "update_app/2 with valid data updates the app" do
       app = app_fixture()
       assert {:ok, %App{} = app} = App.update_app(app, @update_attrs)
-      assert app.description == "some updated description"
+      assert app.desc == "some updated description"
       assert app.end == ~N[2011-05-18 15:01:01]
       assert app.name == "some updated name"
       assert app.url == "some updated url"
@@ -69,7 +71,8 @@ defmodule Auth.AppTest do
     test "delete_app/1 deletes the app" do
       app = app_fixture()
       assert {:ok, %App{}} = App.delete_app(app)
-      assert_raise Ecto.NoResultsError, fn -> App.get_app!(app.id) end
+      app = App.get_app!(app.id)
+      assert is_nil(app)
     end
 
     test "change_app/1 returns a app changeset" do
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index b60de7d8..ed31e260 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -4,16 +4,18 @@ defmodule AuthWeb.AppControllerTest do
   alias Auth.App
 
   @create_attrs %{
-    description: "some description",
+    desc: "some description",
     end: ~N[2010-04-17 14:00:00],
     name: "some name",
-    url: "some url"
+    url: "some url",
+    status: 3
   }
   @update_attrs %{
-    description: "some updated description",
+    desc: "some updated description",
     end: ~N[2011-05-18 15:01:01],
     name: "some updated name",
-    url: "some updated url"
+    url: "some updated url",
+    status: 3
   }
   @invalid_attrs %{description: nil, end: nil, name: nil, url: nil, person_id: nil}
 
@@ -94,7 +96,7 @@ defmodule AuthWeb.AppControllerTest do
       conn = delete(conn, Routes.app_path(conn, :delete, app))
       assert redirected_to(conn) == Routes.app_path(conn, :index)
 
-      assert_error_sent 404, fn ->
+      assert_error_sent 500, fn ->
         get(conn, Routes.app_path(conn, :show, app))
       end
     end
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 2c86abfc..b6f1eb29 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -61,7 +61,8 @@ defmodule AuthWeb.AuthControllerTest do
     app_data = %{
       "name" => "example key",
       "url" => "https://www.example.com",
-      "person_id" => person.id
+      "person_id" => person.id,
+      "status" => 3
     }
 
     {:ok, app} = Auth.App.create_app(app_data)

From e07952ec89b7100430a922523461d8643ffd98ad Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 22:37:44 +0100
Subject: [PATCH 083/166] mix format

---
 lib/auth/app.ex     | 3 +--
 priv/repo/seeds.exs | 1 +
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index a64584de..47050ae3 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -42,7 +42,6 @@ defmodule Auth.App do
     App
     |> where([a], a.status != 6)
     |> Repo.all()
-
   end
 
   @doc """
@@ -70,8 +69,8 @@ defmodule Auth.App do
     # |> select([:id, :name, :url, :desc])
     |> Repo.one()
     |> Repo.preload(:apikeys)
-    # |> IO.inspect(label: "app:69")
 
+    # |> IO.inspect(label: "app:69")
   end
 
   @doc """
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 48ae48a9..a11c9bef 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -132,6 +132,7 @@ defmodule SeedData do
 end
 
 SeedData.insert_statuses()
+
 Auth.Seeds.create_admin()
 |> Auth.Seeds.create_apikey_for_admin()
 

From 36fd51e6d9e11be92cde64751b50900f239237f2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 22:41:14 +0100
Subject: [PATCH 084/166] remove IO.inspect()
 https://github.com/dwyl/auth/pull/85#pullrequestreview-484510440

---
 lib/auth/apikey.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 33ea3af9..b4692648 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -101,6 +101,6 @@ defmodule Auth.Apikey do
 
   """
   def delete_apikey(%Apikey{} = apikey) do
-    Repo.delete(apikey) |> IO.inspect(label: "delete_apikey:104")
+    Repo.delete(apikey)
   end
 end

From 978504f89b46d203dbcb86a98a6db0d3fa7bc903 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 22:59:23 +0100
Subject: [PATCH 085/166] add Top Nav for /apps /people & /roles
 https://github.com/dwyl/auth/issues/103#issuecomment-689159011

---
 lib/auth_web/templates/layout/nav.html.eex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/auth_web/templates/layout/nav.html.eex b/lib/auth_web/templates/layout/nav.html.eex
index dce5099e..8a8165a3 100644
--- a/lib/auth_web/templates/layout/nav.html.eex
+++ b/lib/auth_web/templates/layout/nav.html.eex
@@ -12,22 +12,22 @@
          <img src="https://dwyl.com/img/favicon-32x32.png" alt="dwyl logo"/>
        </a>
      </li>
-<!--
+
      <li class="di-l pl6 tl pt5-m pb2-m">
-       <a href="#" class="white link">Portfolio</a>
+       <a href="/apps" class="white link">Apps</a>
      </li>
      <li class="pl5 pl6-m di-l tl pb2-m">
-       <a href="#" class="white link">Blog</a>
+       <a href="/people" class="white link">People</a>
      </li>
      <li class="pl5 pl6-m di-l tl pb2-m">
-       <a href="#contact" id="contact-link" class="white link">Contact</a>
+       <a href="/roles" id="contact-link" class="white link">Roles</a>
      </li>
 
-     <li class="pl6-m tl dn-l pb3"> <!-- example of mobile-only menu item
+     <li class="pl6-m tl dn-l pb3">
        <a href="https://youtu.be/dQw4w9WgXcQ"
          class="white link">S'up?</a>
      </li>
--->
+
    </ul>
  </nav>
 

From 78cb2d8ce90af73e7303b03ab4936239a4d75b34 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Tue, 8 Sep 2020 23:08:20 +0100
Subject: [PATCH 086/166] make "New App" button more obvious:
 https://github.com/dwyl/auth/issues/103#issuecomment-689162296

---
 lib/auth_web/templates/app/index.html.eex    | 7 ++++++-
 lib/auth_web/templates/auth/welcome.html.eex | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/auth_web/templates/app/index.html.eex b/lib/auth_web/templates/app/index.html.eex
index d574cdc6..570131a1 100644
--- a/lib/auth_web/templates/app/index.html.eex
+++ b/lib/auth_web/templates/app/index.html.eex
@@ -39,7 +39,12 @@
   </tbody>
 </table>
 
-<span><%= link "New App", to: Routes.app_path(@conn, :new) %></span>
+  <span class="fr w-20 mt4 center">
+    <%= link "New App", to: Routes.app_path(@conn, :new),
+    class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f3
+    shadow-hover bg-animate hover-bg-dark-green border-box no-underline" %>
+  </span>
+
 
   <style> /* stackoverflow.com/questions/9789723/css-text-overflow-table-cell */
   td {
diff --git a/lib/auth_web/templates/auth/welcome.html.eex b/lib/auth_web/templates/auth/welcome.html.eex
index 3b055518..64b149a4 100644
--- a/lib/auth_web/templates/auth/welcome.html.eex
+++ b/lib/auth_web/templates/auth/welcome.html.eex
@@ -8,9 +8,9 @@
   <p/>
 
   <br />
-  <a href="/settings/apikeys"
+  <a href="/apps"
   class="pointer ba border-box dwyl-bg-mint white pa3 ml1 mv1 f3
   shadow-hover bg-animate hover-dwyl-teal-darkest no-underline">
-  Manage API Keys
+  Manage Apps
   </a>
 </section>

From b3e55764a9a7a5c918430eb381b8224f52bd2f3c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 08:36:44 +0100
Subject: [PATCH 087/166] remove single pipeline operators from tests to keep
 sourcelevel happy ... https://github.com/dwyl/technology-stack/issues/86

---
 lib/auth/role.ex                              |  3 +-
 lib/auth_web/controllers/auth_controller.ex   |  4 +-
 .../controllers/role_controller_test.exs      | 45 +++++++++----------
 3 files changed, 23 insertions(+), 29 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 2e1fba9a..951f1369 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -121,8 +121,7 @@ defmodule Auth.Role do
 
   # @doc """
   # grants the default "subscriber" (6) role to the person
-  # """ 
+  # """
   # def set_default_role(person) do
-
   # end
 end
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 6f48538c..c3b764f9 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -182,7 +182,7 @@ defmodule AuthWeb.AuthController do
     end
   end
 
-  # TODO: create a human-friendy response
+  # create a human-friendy response?
   def unauthorized(conn) do
     conn
     |> put_resp_content_type("text/html")
@@ -190,7 +190,7 @@ defmodule AuthWeb.AuthController do
     |> halt()
   end
 
-  # TODO: refactor this to render a template with a nice layout.
+  # refactor this to render a template with a nice layout?
   def not_found(conn, message) do
     conn
     |> put_resp_content_type("text/html")
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index a037b301..e346342b 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -14,23 +14,24 @@ defmodule AuthWeb.RoleControllerTest do
 
   describe "index" do
     test "lists all roles", %{conn: conn} do
-      conn = admin_login(conn) |> get(Routes.role_path(conn, :index))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.role_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Roles"
     end
   end
 
   describe "new role" do
     test "renders form", %{conn: conn} do
-      conn = admin_login(conn) |> get(Routes.role_path(conn, :new))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.role_path(conn, :new))
       assert html_response(conn, 200) =~ "New Role"
     end
   end
 
   describe "create role" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn =
-        admin_login(conn)
-        |> post(Routes.role_path(conn, :create), role: @create_attrs)
+      conn = admin_login(conn)
+      conn = post(conn, Routes.role_path(conn, :create), role: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.role_path(conn, :show, id)
@@ -40,9 +41,8 @@ defmodule AuthWeb.RoleControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn =
-        admin_login(conn)
-        |> post(Routes.role_path(conn, :create), role: @invalid_attrs)
+      conn = admin_login(conn)
+      conn = post(conn, Routes.role_path(conn, :create), role: @invalid_attrs)
 
       assert html_response(conn, 200) =~ "New Role"
     end
@@ -52,9 +52,8 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "renders form for editing chosen role", %{conn: conn, role: role} do
-      conn =
-        admin_login(conn)
-        |> get(Routes.role_path(conn, :edit, role))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.role_path(conn, :edit, role))
 
       assert html_response(conn, 200) =~ "Edit Role"
     end
@@ -64,9 +63,8 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "redirects when data is valid", %{conn: conn, role: role} do
-      conn =
-        admin_login(conn)
-        |> put(Routes.role_path(conn, :update, role), role: @update_attrs)
+      conn = admin_login(conn)
+      conn = put(conn, Routes.role_path(conn, :update, role), role: @update_attrs)
 
       assert redirected_to(conn) == Routes.role_path(conn, :show, role)
 
@@ -75,9 +73,8 @@ defmodule AuthWeb.RoleControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, role: role} do
-      conn =
-        admin_login(conn)
-        |> put(Routes.role_path(conn, :update, role), role: @invalid_attrs)
+      conn = admin_login(conn)
+      conn = put(conn, Routes.role_path(conn, :update, role), role: @invalid_attrs)
 
       assert html_response(conn, 200) =~ "Edit Role"
     end
@@ -87,9 +84,8 @@ defmodule AuthWeb.RoleControllerTest do
     setup [:create_role]
 
     test "deletes chosen role", %{conn: conn, role: role} do
-      conn =
-        admin_login(conn)
-        |> delete(Routes.role_path(conn, :delete, role))
+      conn = admin_login(conn)
+      conn = delete(conn, Routes.role_path(conn, :delete, role))
 
       assert redirected_to(conn) == Routes.role_path(conn, :index)
 
@@ -116,11 +112,10 @@ defmodule AuthWeb.RoleControllerTest do
     alex = %{email: "alex_grant_success@gmail.com", auth_provider: "email"}
     grantee = Auth.Person.create_person(alex)
 
-    conn =
-      get(
-        admin_login(conn),
-        Routes.role_path(conn, :grant, %{"role_id" => 5, "person_id" => grantee.id})
-      )
+    conn = admin_login(conn)
+    conn = get(conn, Routes.role_path(conn, :grant,
+      %{"role_id" => 5, "person_id" => grantee.id})
+    )
 
     # the grant/2 controller handler redirects back to /person/:id
     assert html_response(conn, 302) =~ "redirected"

From 8e6c096043fb5467d53d23034e031710f9ebb1a2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 08:41:44 +0100
Subject: [PATCH 088/166] remove single pipeline operator from permissions
 tests to keep @sourcelevel-bot happy
 https://github.com/dwyl/technology-stack/issues/86

---
 test/auth/role_test.exs                       |  2 +-
 .../permission_controller_test.exs            | 36 +++++++++----------
 2 files changed, 17 insertions(+), 21 deletions(-)

diff --git a/test/auth/role_test.exs b/test/auth/role_test.exs
index 9769d67a..bc7e2266 100644
--- a/test/auth/role_test.exs
+++ b/test/auth/role_test.exs
@@ -20,7 +20,7 @@ defmodule Auth.RoleTest do
 
     test "list_roles/0 returns all roles" do
       role = role_fixture()
-      assert Role.list_roles() |> List.last() == role
+      assert List.last(Role.list_roles()) == role
     end
 
     test "get_role!/1 returns the role with given id" do
diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
index 0c5d1fb5..c7e04fe0 100644
--- a/test/auth_web/controllers/permission_controller_test.exs
+++ b/test/auth_web/controllers/permission_controller_test.exs
@@ -14,23 +14,24 @@ defmodule AuthWeb.PermissionControllerTest do
 
   describe "index" do
     test "lists all permissions", %{conn: conn} do
-      conn = admin_login(conn) |> get(Routes.permission_path(conn, :index))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.permission_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Permissions"
     end
   end
 
   describe "new permission" do
     test "renders form", %{conn: conn} do
-      conn = admin_login(conn) |> get(Routes.permission_path(conn, :new))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.permission_path(conn, :new))
       assert html_response(conn, 200) =~ "New Permission"
     end
   end
 
   describe "create permission" do
     test "redirects to show when data is valid", %{conn: conn} do
-      conn =
-        admin_login(conn)
-        |> post(Routes.permission_path(conn, :create), permission: @create_attrs)
+      conn = admin_login(conn)
+      conn = post(conn, Routes.permission_path(conn, :create), permission: @create_attrs)
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.permission_path(conn, :show, id)
@@ -40,9 +41,8 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn} do
-      conn =
-        admin_login(conn)
-        |> post(Routes.permission_path(conn, :create), permission: @invalid_attrs)
+      conn = admin_login(conn)
+      conn = post(conn, Routes.permission_path(conn, :create), permission: @invalid_attrs)
 
       assert html_response(conn, 200) =~ "New Permission"
     end
@@ -52,9 +52,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "renders form for editing chosen permission", %{conn: conn, permission: permission} do
-      conn =
-        admin_login(conn)
-        |> get(Routes.permission_path(conn, :edit, permission))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.permission_path(conn, :edit, permission))
 
       assert html_response(conn, 200) =~ "Edit Permission"
     end
@@ -64,9 +63,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "redirects when data is valid", %{conn: conn, permission: permission} do
-      conn =
-        admin_login(conn)
-        |> put(Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+      conn = admin_login(conn)
+      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @update_attrs)
 
       assert redirected_to(conn) == Routes.permission_path(conn, :show, permission)
 
@@ -75,9 +73,8 @@ defmodule AuthWeb.PermissionControllerTest do
     end
 
     test "renders errors when data is invalid", %{conn: conn, permission: permission} do
-      conn =
-        admin_login(conn)
-        |> put(Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+      conn = admin_login(conn)
+      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
 
       assert html_response(conn, 200) =~ "Edit Permission"
     end
@@ -87,9 +84,8 @@ defmodule AuthWeb.PermissionControllerTest do
     setup [:create_permission]
 
     test "deletes chosen permission", %{conn: conn, permission: permission} do
-      conn =
-        admin_login(conn)
-        |> delete(Routes.permission_path(conn, :delete, permission))
+      conn = admin_login(conn)
+      conn = delete(conn, Routes.permission_path(conn, :delete, permission))
 
       assert redirected_to(conn) == Routes.permission_path(conn, :index)
 

From dd97914804ac881fc5e20ca68845d15a65fa49d6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 08:57:26 +0100
Subject: [PATCH 089/166] remove single pipeline from apikey.ex #104

---
 lib/auth/apikey.ex                                | 15 +++++++--------
 .../controllers/apikey_controller_test.exs        |  5 ++---
 .../controllers/permission_controller_test.exs    |  8 ++++++--
 .../auth_web/controllers/role_controller_test.exs |  4 +---
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index b4692648..06d37985 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -41,13 +41,11 @@ defmodule Auth.Apikey do
   end
 
   def list_apikeys_for_person(person_id) do
-    query =
-      from(
-        a in __MODULE__,
-        where: a.person_id == ^person_id
-      )
-
-    Repo.all(query)
+    from(
+      a in __MODULE__,
+      where: a.person_id == ^person_id
+    )
+    |> Repo.all()
     |> Repo.preload(:app)
   end
 
@@ -66,7 +64,8 @@ defmodule Auth.Apikey do
 
   """
   def get_apikey!(id) do
-    Repo.get!(__MODULE__, id)
+    __MODULE__
+    |> Repo.get!(id)
     |> Repo.preload(:app)
   end
 
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 64464346..c2ff8287 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -74,9 +74,8 @@ defmodule AuthWeb.ApikeyControllerTest do
   #
   describe "index" do
     test "lists all apikeys", %{conn: conn} do
-      conn =
-        admin_login(conn)
-        |> get(Routes.apikey_path(conn, :index))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.apikey_path(conn, :index))
 
       assert html_response(conn, 200) =~ "Auth API Keys"
     end
diff --git a/test/auth_web/controllers/permission_controller_test.exs b/test/auth_web/controllers/permission_controller_test.exs
index c7e04fe0..3181c7e7 100644
--- a/test/auth_web/controllers/permission_controller_test.exs
+++ b/test/auth_web/controllers/permission_controller_test.exs
@@ -64,7 +64,9 @@ defmodule AuthWeb.PermissionControllerTest do
 
     test "redirects when data is valid", %{conn: conn, permission: permission} do
       conn = admin_login(conn)
-      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @update_attrs)
+
+      conn =
+        put(conn, Routes.permission_path(conn, :update, permission), permission: @update_attrs)
 
       assert redirected_to(conn) == Routes.permission_path(conn, :show, permission)
 
@@ -74,7 +76,9 @@ defmodule AuthWeb.PermissionControllerTest do
 
     test "renders errors when data is invalid", %{conn: conn, permission: permission} do
       conn = admin_login(conn)
-      conn = put(conn, Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
+
+      conn =
+        put(conn, Routes.permission_path(conn, :update, permission), permission: @invalid_attrs)
 
       assert html_response(conn, 200) =~ "Edit Permission"
     end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index e346342b..acb32cf7 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -113,9 +113,7 @@ defmodule AuthWeb.RoleControllerTest do
     grantee = Auth.Person.create_person(alex)
 
     conn = admin_login(conn)
-    conn = get(conn, Routes.role_path(conn, :grant,
-      %{"role_id" => 5, "person_id" => grantee.id})
-    )
+    conn = get(conn, Routes.role_path(conn, :grant, %{"role_id" => 5, "person_id" => grantee.id}))
 
     # the grant/2 controller handler redirects back to /person/:id
     assert html_response(conn, 302) =~ "redirected"

From 35515a6c7a32f05673efe0ca42b1d13e2138b737 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 08:59:07 +0100
Subject: [PATCH 090/166] tidy up
 test/auth_web/controllers/apikey_controller_test.exs for #104

---
 .../controllers/apikey_controller_test.exs    | 25 +++----------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index c2ff8287..1a8afe5e 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -2,8 +2,6 @@ defmodule AuthWeb.ApikeyControllerTest do
   use AuthWeb.ConnCase
   use ExUnitProperties
 
-  # alias Auth.Apikey
-  # alias AuthWeb.ApikeyController, as: Ctrl
   @email System.get_env("ADMIN_EMAIL")
   @create_attrs %{description: "some description", name: "some name", url: "localhost"}
   @update_attrs %{
@@ -67,11 +65,6 @@ defmodule AuthWeb.ApikeyControllerTest do
     end
   end
 
-  # def fixture(:apikey) do
-  #   {:ok, apikey} = Ctx.create_apikey(@create_attrs)
-  #   apikey
-  # end
-  #
   describe "index" do
     test "lists all apikeys", %{conn: conn} do
       conn = admin_login(conn)
@@ -83,9 +76,8 @@ defmodule AuthWeb.ApikeyControllerTest do
 
   describe "new apikey" do
     test "renders form", %{conn: conn} do
-      conn =
-        admin_login(conn)
-        |> get(Routes.apikey_path(conn, :new))
+      conn = admin_login(conn)
+      conn = get(conn, Routes.apikey_path(conn, :new))
 
       assert html_response(conn, 200) =~ "New Apikey"
     end
@@ -95,9 +87,8 @@ defmodule AuthWeb.ApikeyControllerTest do
     test "redirects to show when data is valid", %{conn: conn} do
       {:ok, app} = Auth.App.create_app(@create_attrs)
 
-      conn =
-        admin_login(conn)
-        |> post(Routes.apikey_path(conn, :create), apikey: %{"app" => app})
+      conn = admin_login(conn)
+      conn = post(conn, Routes.apikey_path(conn, :create), apikey: %{"app" => app})
 
       assert %{id: id} = redirected_params(conn)
       assert redirected_to(conn) == Routes.apikey_path(conn, :show, id)
@@ -105,14 +96,6 @@ defmodule AuthWeb.ApikeyControllerTest do
       conn = get(conn, Routes.apikey_path(conn, :show, id))
       assert html_response(conn, 200) =~ "Your AUTH_API_KEY"
     end
-
-    # test "renders errors when data is invalid", %{conn: conn} do
-    #   person = Auth.Person.get_person_by_email(@email)
-    #   conn = AuthPlug.create_jwt_session(conn, %{email: @email, id: person.id})
-    #
-    #   conn = post(conn, Routes.apikey_path(conn, :create), apikey: @invalid_attrs)
-    #   assert html_response(conn, 200) =~ "New Apikey"
-    # end
   end
 
   describe "edit apikey" do

From c5d75945265937a10d23c186dfabbbcf7413d183 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 09:08:44 +0100
Subject: [PATCH 091/166] tidy up lib/auth/app.ex for #104

---
 lib/auth/app.ex | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 47050ae3..47ae98cb 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -59,18 +59,10 @@ defmodule Auth.App do
 
   """
   def get_app!(id) do
-    # IO.inspect(id, label: "get_app!/1 id:60")
-    # Repo.get!(App, id, where: :status != 6)
-    # Repo.get!(App, id, where: :status not in [6])
-    # |> Repo.preload(:apikeys)
-    # |> IO.inspect(label: "get_app!:63")
     App
     |> where([a], a.id == ^id and a.status != 6)
-    # |> select([:id, :name, :url, :desc])
     |> Repo.one()
     |> Repo.preload(:apikeys)
-
-    # |> IO.inspect(label: "app:69")
   end
 
   @doc """
@@ -86,12 +78,11 @@ defmodule Auth.App do
 
   """
   def create_app(attrs \\ %{}) do
-    # IO.inspect(attrs, label: "attrs:87")
-    # attrs = Map.merge(attrs, %{status: 3}) # active
     case %App{} |> App.changeset(attrs) |> Repo.insert() do
       {:ok, app} ->
         # Create API Key for App https://github.com/dwyl/auth/issues/97
-        AuthWeb.ApikeyController.make_apikey(%{"app" => app}, app.person_id)
+        %{"app" => app}
+        |> AuthWeb.ApikeyController.make_apikey(app.person_id)
         |> Auth.Apikey.create_apikey()
 
         # return the App with the API Key preloaded:
@@ -133,11 +124,8 @@ defmodule Auth.App do
 
   """
   def delete_app(%App{} = app) do
-    # IO.inspect(app, label: "app:131")
-    # Repo.delete(app)
-    # |> IO.inspect(label: "delete")
+    # this is a "soft delete" for autiting purposes:
     update_app(app, %{status: 6})
-    # |> IO.inspect(label: "delete:135")
   end
 
   @doc """

From 341c1e12c314d6318f34fe4b47182335458115ab Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 09:19:25 +0100
Subject: [PATCH 092/166] tidy up auth/app.ex for #104

---
 lib/auth/apikey.ex | 3 ---
 lib/auth/app.ex    | 1 -
 2 files changed, 4 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 06d37985..2122bc96 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -12,9 +12,6 @@ defmodule Auth.Apikey do
   schema "apikeys" do
     field :client_secret, :binary
     field :client_id, :binary
-    # field :description, :string
-    # field :name, :string
-    # field :url, :binary
     field :person_id, :id
     field :status, :id
     belongs_to :app, Auth.App
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 47ae98cb..b15cd49d 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -16,7 +16,6 @@ defmodule Auth.App do
     field :url, :binary
     field :person_id, :id
     field :status, :id
-    # field :apikey_id, :id
     has_many :apikeys, Auth.Apikey
 
     timestamps()

From 05f88d79ba89b8e97c882349ebcc3516bf537d3e Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 10:15:30 +0100
Subject: [PATCH 093/166] set status for app and apikey to 3 ("active") in
 app_controller.ex > create/2 fixes #105

---
 lib/auth/apikey.ex                         | 2 +-
 lib/auth/app.ex                            | 3 ++-
 lib/auth_web/controllers/app_controller.ex | 8 ++++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 2122bc96..71c2b320 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -22,7 +22,7 @@ defmodule Auth.Apikey do
   @doc false
   def changeset(apikey, attrs) do
     apikey
-    |> cast(attrs, [:client_id, :client_secret, :person_id])
+    |> cast(attrs, [:client_id, :client_secret, :person_id, :status])
     |> validate_required([:client_secret])
     |> put_assoc(:app, Map.get(attrs, "app"))
   end
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index b15cd49d..e5c6bcea 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -80,8 +80,9 @@ defmodule Auth.App do
     case %App{} |> App.changeset(attrs) |> Repo.insert() do
       {:ok, app} ->
         # Create API Key for App https://github.com/dwyl/auth/issues/97
-        %{"app" => app}
+        %{"app" => app, "status" => 3}
         |> AuthWeb.ApikeyController.make_apikey(app.person_id)
+        |> IO.inspect(label: "create_app/1 apikey:85")
         |> Auth.Apikey.create_apikey()
 
         # return the App with the API Key preloaded:
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 703d6868..912daecb 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -14,9 +14,13 @@ defmodule AuthWeb.AppController do
 
   def create(conn, %{"app" => app_params}) do
     # IO.inspect(app_params, label: "app_params:16")
-    case App.create_app(app_params) do
+    attrs = Map.merge(app_params, %{
+    "person_id" => conn.assigns.person.id,
+    "status" => 3
+    })
+    case App.create_app(attrs) do
       {:ok, app} ->
-        # IO.inspect(app, label: "app:19")
+        # IO.inspect(app, label: "app:23")
         conn
         |> put_flash(:info, "App created successfully.")
         |> redirect(to: Routes.app_path(conn, :show, app))

From 88d31c22faa9bd57609939bf11540a042cceea21 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 10:18:08 +0100
Subject: [PATCH 094/166] derp! remove noisy IO.inspect #104

---
 lib/auth/app.ex | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index e5c6bcea..b3a03401 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -82,7 +82,6 @@ defmodule Auth.App do
         # Create API Key for App https://github.com/dwyl/auth/issues/97
         %{"app" => app, "status" => 3}
         |> AuthWeb.ApikeyController.make_apikey(app.person_id)
-        |> IO.inspect(label: "create_app/1 apikey:85")
         |> Auth.Apikey.create_apikey()
 
         # return the App with the API Key preloaded:

From df79ca2d2289a7cf68437816a2e162738c54ba20 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 9 Sep 2020 10:26:34 +0100
Subject: [PATCH 095/166] update copy on "back" button to "< All Apps" for
 clarity

---
 lib/auth_web/templates/app/edit.html.eex | 2 +-
 lib/auth_web/templates/app/show.html.eex | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/auth_web/templates/app/edit.html.eex b/lib/auth_web/templates/app/edit.html.eex
index 03fb00e9..7358a21d 100644
--- a/lib/auth_web/templates/app/edit.html.eex
+++ b/lib/auth_web/templates/app/edit.html.eex
@@ -4,7 +4,7 @@
 <%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :update, @app)) %>
 
 
-  <span><%= link "< Back", to: Routes.app_path(@conn, :index),
+  <span><%= link "< All Apps", to: Routes.app_path(@conn, :index),
   class: "fl pointer br2 ba b--orange bg-gold white pa3 f4 mt3
   shadow-hover bg-animate hover-bg-orange border-box no-underline",
   data:
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index fc5eac3b..e2594405 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -46,7 +46,7 @@
 
 
 <span>
-  <%= link "< Back", to: Routes.app_path(@conn, :index),
+  <%= link "< All Apps", to: Routes.app_path(@conn, :index),
   class: "fl pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
   shadow-hover bg-animate hover-bg-orange border-box no-underline"
   %>

From b1f7c4ab56bbe731f1b29be3bdf4e6e5c63ee3fd Mon Sep 17 00:00:00 2001
From: Nelson <194400+nelsonic@users.noreply.github.com>
Date: Wed, 9 Sep 2020 15:17:32 +0100
Subject: [PATCH 096/166] Repo.preload(:statuses) > Repo.preload([:statuses,
 :roles])

Co-authored-by: Tom Haines <tom@tomhaines.uk>
---
 lib/auth/person.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index a38830fa..83a2969d 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -231,7 +231,7 @@ defmodule Auth.Person do
     __MODULE__
     |> Repo.get_by(email_hash: email)
     |> Repo.preload(:roles)
-    |> Repo.preload(:statuses)
+    |> Repo.preload([:statuses, :roles])
   end
 
   @doc """

From c17bcbb2b2c6cbd48122656facef2a420293972d Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 07:33:32 +0100
Subject: [PATCH 097/166] comment out UI tests in
 test/auth_web/controllers/apikey_controller_test.exs #107

---
 lib/auth/apikey.ex                            |   8 +-
 lib/auth/app.ex                               |   3 +-
 lib/auth_web/router.ex                        |   2 +-
 priv/repo/seeds.exs                           |   6 -
 .../controllers/apikey_controller_test.exs    | 339 +++++++++---------
 5 files changed, 183 insertions(+), 175 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 71c2b320..ab51fcf4 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -62,7 +62,9 @@ defmodule Auth.Apikey do
   """
   def get_apikey!(id) do
     __MODULE__
-    |> Repo.get!(id)
+    # |> Repo.get!(id)
+    |> where([a], a.id == ^id and a.status != 6)
+    |> Repo.one()
     |> Repo.preload(:app)
   end
 
@@ -97,6 +99,8 @@ defmodule Auth.Apikey do
 
   """
   def delete_apikey(%Apikey{} = apikey) do
-    Repo.delete(apikey)
+    # Repo.delete(apikey)
+    # "soft delete" for autiting purposes:
+    update_apikey(apikey, %{status: 6})
   end
 end
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index b3a03401..cffe4be9 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -106,6 +106,7 @@ defmodule Auth.App do
   """
   def update_app(%App{} = app, attrs) do
     app
+    # |> IO.inspect(label: "update_app/2:109")
     |> App.changeset(attrs)
     |> Repo.update()
   end
@@ -123,7 +124,7 @@ defmodule Auth.App do
 
   """
   def delete_app(%App{} = app) do
-    # this is a "soft delete" for autiting purposes:
+    # "soft delete" for autiting purposes:
     update_app(app, %{status: 6})
   end
 
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 94328a55..ea8b9b52 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -51,7 +51,7 @@ defmodule AuthWeb.Router do
 
     resources "/permissions", PermissionController
     resources "/apps", AppController
-    resources "/settings/apikeys", ApikeyController
+    # resources "/settings/apikeys", ApikeyController
   end
 
   # Other scopes may use custom stacks.
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index a11c9bef..ee2bd031 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -104,27 +104,21 @@ defmodule SeedData do
   alias Auth.{Role, Status}
 
   def get_json(filepath) do
-    # IO.inspect(filepath, label: "filepath")
     path = File.cwd!() <> filepath
-    # IO.inspect(path, label: "path")
     {:ok, data} = File.read(path)
     json = Jason.decode!(data)
-    # IO.inspect(json)
     json
   end
 
   def create_default_roles do
     json = get_json("/priv/repo/default_roles.json")
-
     Enum.each(json, fn role ->
       Role.create_role(role)
-      # |> IO.inspect()
     end)
   end
 
   def insert_statuses do
     json = get_json("/priv/repo/statuses.json")
-
     Enum.each(json, fn s ->
       Status.upsert_status(s)
     end)
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index 1a8afe5e..ddbdd1a0 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -2,15 +2,21 @@ defmodule AuthWeb.ApikeyControllerTest do
   use AuthWeb.ConnCase
   use ExUnitProperties
 
-  @email System.get_env("ADMIN_EMAIL")
-  @create_attrs %{description: "some description", name: "some name", url: "localhost"}
-  @update_attrs %{
-    client_secret: "updated client sec",
-    description: "some updated desc",
-    name: "updated name",
-    url: "surl"
-  }
-  @invalid_attrs %{client_secret: nil, description: nil, key_id: nil, name: nil, url: nil}
+  # @email System.get_env("ADMIN_EMAIL")
+  # @create_attrs %{
+  #   description: "some description",
+  #   name: "some name", url: "localhost",
+  #   status: 3,
+  #   person_id: 1
+  # }
+  # @update_attrs %{
+  #   client_secret: "updated client sec",
+  #   description: "some updated desc",
+  #   name: "updated name",
+  #   url: "surl",
+  #   status: 3
+  # }
+  # @invalid_attrs %{client_secret: nil, description: nil, key_id: nil, name: nil, url: nil}
 
   describe "Create an AUTH_API_KEY for a given person_id" do
     test "encrypt_encode/1 returns a base58 we can decrypt" do
@@ -65,160 +71,163 @@ defmodule AuthWeb.ApikeyControllerTest do
     end
   end
 
-  describe "index" do
-    test "lists all apikeys", %{conn: conn} do
-      conn = admin_login(conn)
-      conn = get(conn, Routes.apikey_path(conn, :index))
-
-      assert html_response(conn, 200) =~ "Auth API Keys"
-    end
-  end
-
-  describe "new apikey" do
-    test "renders form", %{conn: conn} do
-      conn = admin_login(conn)
-      conn = get(conn, Routes.apikey_path(conn, :new))
-
-      assert html_response(conn, 200) =~ "New Apikey"
-    end
-  end
-
-  describe "create apikey" do
-    test "redirects to show when data is valid", %{conn: conn} do
-      {:ok, app} = Auth.App.create_app(@create_attrs)
-
-      conn = admin_login(conn)
-      conn = post(conn, Routes.apikey_path(conn, :create), apikey: %{"app" => app})
-
-      assert %{id: id} = redirected_params(conn)
-      assert redirected_to(conn) == Routes.apikey_path(conn, :show, id)
-
-      conn = get(conn, Routes.apikey_path(conn, :show, id))
-      assert html_response(conn, 200) =~ "Your AUTH_API_KEY"
-    end
-  end
-
-  describe "edit apikey" do
-    test "renders form for editing chosen apikey", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = admin_login(conn)
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000"}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = get(conn, Routes.apikey_path(conn, :edit, key.id))
-      assert html_response(conn, 200) =~ "Edit Apikey"
-    end
-
-    test "attempt to edit a key I don't own > should 404", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-
-      wrong_person_data = %{
-        email: "wronger@gmail.com",
-        auth_provider: "email",
-        id: 42
-      }
-
-      Auth.Person.create_person(wrong_person_data)
-      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000"}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = get(conn, Routes.apikey_path(conn, :edit, key.id))
-      assert html_response(conn, 404) =~ "not found"
-    end
-  end
-
-  describe "update apikey" do
-    test "redirects when data is valid", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = AuthPlug.create_jwt_session(conn, %{id: person.id})
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000"}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
-      assert redirected_to(conn) == Routes.apikey_path(conn, :show, key)
-    end
-
-    test "renders errors when data is invalid", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = admin_login(conn)
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000"}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = put(conn, Routes.apikey_path(conn, :update, key), apikey: @invalid_attrs)
-      assert html_response(conn, 200) =~ "Edit Apikey"
-    end
-
-    test "attempt to UPDATE a key I don't own > should 404", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      # create session with wrong person:
-      wrong_person_data = %{
-        email: "wronger@gmail.com",
-        auth_provider: "email",
-        id: 42
-      }
-
-      Auth.Person.create_person(wrong_person_data)
-      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000", "person_id" => person.id}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
-      assert html_response(conn, 404) =~ "not found"
-    end
-  end
-
-  describe "delete apikey" do
-    test "deletes chosen apikey", %{conn: conn} do
-      person = Auth.Person.get_person_by_email(@email)
-      conn = admin_login(conn)
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000"}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = delete(conn, Routes.apikey_path(conn, :delete, key))
-      assert redirected_to(conn) == Routes.apikey_path(conn, :index)
-
-      assert_error_sent 404, fn ->
-        get(conn, Routes.apikey_path(conn, :show, key))
-      end
-    end
-
-    test "cannot delete a key belonging to someone else! 404", %{conn: conn} do
-      wrong_person_data = %{
-        email: "wronger@gmail.com",
-        auth_provider: "email",
-        id: 42
-      }
-
-      Auth.Person.create_person(wrong_person_data)
-      conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
-      person = Auth.Person.get_person_by_email(@email)
-
-      {:ok, key} =
-        %{"name" => "test key", "url" => "http://localhost:4000"}
-        |> AuthWeb.ApikeyController.make_apikey(person.id)
-        |> Auth.Apikey.create_apikey()
-
-      conn = delete(conn, Routes.apikey_path(conn, :delete, key))
-      assert html_response(conn, 404) =~ "not found"
-    end
-  end
+  # describe "index" do
+  #   test "lists all apikeys", %{conn: conn} do
+  #     conn = admin_login(conn)
+  #     conn = get(conn, Routes.apikey_path(conn, :index))
+
+  #     assert html_response(conn, 200) =~ "Auth API Keys"
+  #   end
+  # end
+
+  # describe "new apikey" do
+  #   test "renders form", %{conn: conn} do
+  #     conn = admin_login(conn)
+  #     conn = get(conn, Routes.apikey_path(conn, :new))
+
+  #     assert html_response(conn, 200) =~ "New Apikey"
+  #   end
+  # end
+
+  # describe "create apikey" do
+  #   test "redirects to show when data is valid", %{conn: conn} do
+  #     {:ok, app} = Auth.App.create_app(@create_attrs)
+  #     IO.inspect(app, label: "app")
+  #     conn = admin_login(conn)
+  #     params = %{"app" => app}
+  #     conn = post(conn, Routes.apikey_path(conn, :create), apikey: params)
+
+  #     assert %{id: id} = redirected_params(conn)
+  #     IO.inspect(id, label: "id")
+  #     assert redirected_to(conn) == Routes.apikey_path(conn, :show, id)
+
+  #     conn = get(conn, Routes.apikey_path(conn, :show, id))
+  #     IO.inspect(conn, label: "conn")
+  #     # assert html_response(conn, 200) =~ "Your AUTH_API_KEY"
+  #   end
+  # end
+
+  # describe "edit apikey" do
+  #   test "renders form for editing chosen apikey", %{conn: conn} do
+  #     person = Auth.Person.get_person_by_email(@email)
+  #     conn = admin_login(conn)
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000"}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = get(conn, Routes.apikey_path(conn, :edit, key.id))
+  #     assert html_response(conn, 200) =~ "Edit Apikey"
+  #   end
+
+  #   test "attempt to edit a key I don't own > should 404", %{conn: conn} do
+  #     person = Auth.Person.get_person_by_email(@email)
+
+  #     wrong_person_data = %{
+  #       email: "wronger@gmail.com",
+  #       auth_provider: "email",
+  #       id: 42
+  #     }
+
+  #     Auth.Person.create_person(wrong_person_data)
+  #     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000"}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = get(conn, Routes.apikey_path(conn, :edit, key.id))
+  #     assert html_response(conn, 404) =~ "not found"
+  #   end
+  # end
+
+  # describe "update apikey" do
+  #   test "redirects when data is valid", %{conn: conn} do
+  #     person = Auth.Person.get_person_by_email(@email)
+  #     conn = AuthPlug.create_jwt_session(conn, %{id: person.id})
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000"}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
+  #     assert redirected_to(conn) == Routes.apikey_path(conn, :show, key)
+  #   end
+
+  #   test "renders errors when data is invalid", %{conn: conn} do
+  #     person = Auth.Person.get_person_by_email(@email)
+  #     conn = admin_login(conn)
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000"}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = put(conn, Routes.apikey_path(conn, :update, key), apikey: @invalid_attrs)
+  #     assert html_response(conn, 200) =~ "Edit Apikey"
+  #   end
+
+  #   test "attempt to UPDATE a key I don't own > should 404", %{conn: conn} do
+  #     person = Auth.Person.get_person_by_email(@email)
+  #     # create session with wrong person:
+  #     wrong_person_data = %{
+  #       email: "wronger@gmail.com",
+  #       auth_provider: "email",
+  #       id: 42
+  #     }
+
+  #     Auth.Person.create_person(wrong_person_data)
+  #     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000", "person_id" => person.id}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
+  #     assert html_response(conn, 404) =~ "not found"
+  #   end
+  # end
+
+  # describe "delete apikey" do
+  #   test "deletes chosen apikey", %{conn: conn} do
+  #     person = Auth.Person.get_person_by_email(@email)
+  #     conn = admin_login(conn)
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000"}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = delete(conn, Routes.apikey_path(conn, :delete, key))
+  #     assert redirected_to(conn) == Routes.apikey_path(conn, :index)
+
+  #     assert_error_sent 404, fn ->
+  #       get(conn, Routes.apikey_path(conn, :show, key))
+  #     end
+  #   end
+
+  #   test "cannot delete a key belonging to someone else! 404", %{conn: conn} do
+  #     wrong_person_data = %{
+  #       email: "wronger@gmail.com",
+  #       auth_provider: "email",
+  #       id: 42
+  #     }
+
+  #     Auth.Person.create_person(wrong_person_data)
+  #     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
+  #     person = Auth.Person.get_person_by_email(@email)
+
+  #     {:ok, key} =
+  #       %{"name" => "test key", "url" => "http://localhost:4000"}
+  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
+  #       |> Auth.Apikey.create_apikey()
+
+  #     conn = delete(conn, Routes.apikey_path(conn, :delete, key))
+  #     assert html_response(conn, 404) =~ "not found"
+  #   end
+  # end
 end

From bc136ced85bd02f9aaa14c00c55663fc303f6e88 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 08:21:21 +0100
Subject: [PATCH 098/166] delete lib/auth_web/templates/apikey to avoid
 warnings #107

---
 lib/auth_web/templates/apikey/edit.html.eex  | 14 -----
 lib/auth_web/templates/apikey/form.html.eex  | 30 ----------
 lib/auth_web/templates/apikey/index.html.eex | 60 --------------------
 lib/auth_web/templates/apikey/new.html.eex   | 15 -----
 lib/auth_web/templates/apikey/show.html.eex  | 42 --------------
 lib/auth_web/templates/app/show.html.eex     | 14 ++++-
 6 files changed, 11 insertions(+), 164 deletions(-)
 delete mode 100644 lib/auth_web/templates/apikey/edit.html.eex
 delete mode 100644 lib/auth_web/templates/apikey/form.html.eex
 delete mode 100644 lib/auth_web/templates/apikey/index.html.eex
 delete mode 100644 lib/auth_web/templates/apikey/new.html.eex
 delete mode 100644 lib/auth_web/templates/apikey/show.html.eex

diff --git a/lib/auth_web/templates/apikey/edit.html.eex b/lib/auth_web/templates/apikey/edit.html.eex
deleted file mode 100644
index 2509a843..00000000
--- a/lib/auth_web/templates/apikey/edit.html.eex
+++ /dev/null
@@ -1,14 +0,0 @@
-<div class="f3 w-50 center">
-
-<h1>Edit Apikey</h1>
-
-<%= render "form.html",
-  Map.put(assigns, :action, Routes.apikey_path(@conn, :update, @apikey)) %>
-
-<br />
-<span><%= link "< Back", to: Routes.apikey_path(@conn, :index),
-class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
-shadow-hover bg-animate hover-bg-orange border-box no-underline"
- %></span>
-
-</div>
diff --git a/lib/auth_web/templates/apikey/form.html.eex b/lib/auth_web/templates/apikey/form.html.eex
deleted file mode 100644
index 4e0ed64c..00000000
--- a/lib/auth_web/templates/apikey/form.html.eex
+++ /dev/null
@@ -1,30 +0,0 @@
-<%= form_for @changeset, @action, fn f -> %>
-  <%= if @changeset.action do %>
-    <div class="alert alert-danger">
-      <p>Oops, something went wrong! Please check the errors below.</p>
-    </div>
-  <% end %>
-
-  <%= label f, :name%>
-  <%= text_input f, :name, class: "db w-100 mt2 pa2 ba b--dark-grey",
-    placeholder: "A distinctive name"%>
-  <%= error_tag f, :name %>
-  <br />
-  <%= label f, :description, class: "mt3" %>
-  <%= textarea f, :description, class: "db w-100 mt2 pa2 ba b--black",
-    placeholder: "Be as descriptive as possible." %>
-  <%= error_tag f, :description %>
-  <br />
-  <%= label f, :url, class: "pt3" %>
-  <%= text_input f, :url, class: "db w-100 mt2 pa2 ba b--dark-grey",
-  placeholder: "The URL of your app e.g: http://localhost:4000 or dwyl.com"
-  %>
-  <%= error_tag f, :url %>
-
-  <div class="mt2">
-    <%= submit "Save",
-    class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
-    shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
-    %>
-  </div>
-<% end %>
diff --git a/lib/auth_web/templates/apikey/index.html.eex b/lib/auth_web/templates/apikey/index.html.eex
deleted file mode 100644
index 0fd7724b..00000000
--- a/lib/auth_web/templates/apikey/index.html.eex
+++ /dev/null
@@ -1,60 +0,0 @@
-<div class="ph3">
-  <h1 class="tc f1">Auth API Keys</h1>
-  <br />
-
-  <table class="w-100 f3">
-    <thead>
-      <tr class="f3">
-        <th>AUTH_API_KEY</th>
-      </tr>
-    </thead>
-    <tbody>
-  <%= for apikey <- @apikeys do %>
-      <tr>
-        <td style="width:200px;">
-        <%= apikey.client_id %>/<%= apikey.client_secret %>
-        </td>
-
-        <td>
-          <span><%= link "View", to: Routes.apikey_path(@conn, :show, apikey),
-          class: "pointer br2 ba b--dark-blue bg-blue white pa3 ml1 mv1 f4
-                  bg-animate hover-bg-dark-blue border-box no-underline"
-           %>
-         </span>
-          <span><%= link "Edit", to: Routes.apikey_path(@conn, :edit, apikey),
-          class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
-                  bg-animate hover-bg-orange border-box no-underline"
-          %></span>
-          <span>
-          <%= link "Delete", to: Routes.apikey_path(@conn, :delete, apikey),
-          method: :delete,
-          class: "pointer br2 ba b--dark-red bg-red white pa3 ml1 mv1 f4
-                  bg-animate hover-bg-dark-red border-box no-underline",
-          data:
-           [confirm: "Are you sure you want to delete this API Key?
-            (This cannot be undone!)"] %>
-          </span>
-        </td>
-      </tr>
-  <% end %>
-    </tbody>
-  </table>
-  <br /><br />
-
-  <span class="w-100 db">
-  <%= link "New Apikey", to: Routes.apikey_path(@conn, :new),
-  class: "center mr5 pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f3
-  shadow-hover bg-animate hover-bg-dark-green border-box no-underline" %>
-  </span>
-
-  <style> /* stackoverflow.com/questions/9789723/css-text-overflow-table-cell */
-  td {
-      max-width: 400px;
-      overflow: hidden;
-      text-overflow: ellipsis;
-      white-space: nowrap;
-      text-align: center;
-      padding: 10px;
-  }
-  </style>
-</div>
diff --git a/lib/auth_web/templates/apikey/new.html.eex b/lib/auth_web/templates/apikey/new.html.eex
deleted file mode 100644
index 76ed1f6e..00000000
--- a/lib/auth_web/templates/apikey/new.html.eex
+++ /dev/null
@@ -1,15 +0,0 @@
-<div class="f3 w-60 center">
-  <h1>New Apikey</h1>
-
-  <%= render "form.html", Map.put(assigns, :action,
-    Routes.apikey_path(@conn, :create)) %>
-
-  <br />
-  <span><%= link "< Back", to: Routes.apikey_path(@conn, :index),
-  class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4 mt3
-  shadow-hover bg-animate hover-bg-orange border-box no-underline",
-  data:
-   [confirm: "Are you sure you want to disguard this form?
-    (The data cannot be recovered!)"]
-  %></span>
-</div>
diff --git a/lib/auth_web/templates/apikey/show.html.eex b/lib/auth_web/templates/apikey/show.html.eex
deleted file mode 100644
index b8c1377d..00000000
--- a/lib/auth_web/templates/apikey/show.html.eex
+++ /dev/null
@@ -1,42 +0,0 @@
-<div class="f3 w-60 center">
-  <h1>Your AUTH_API_KEY</h1>
-
-  <p>
-    To securely access your data from outside the dwyl app,
-    you will need to use an API Key. Keep this key safe.
-    Anyone who has the key can access
-    <strong><em>all</em></strong> of your data.
-  </p>
-
-  <p>
-    <div style="font-size: 1.2em;
-    overflow-wrap: break-word; font-family: monospace;
-    border: 1px solid black; padding: 10px; background-color: #EBEDEF;">
-    <%= @apikey.client_id %>/<%= @apikey.client_secret %>
-    </div>
-  </p>
-
-  <p> Export it as an environment variable:
-    <div style="font-size: 1.2em;
-    overflow-wrap: break-word; font-family: monospace;
-    border: 1px solid black; padding: 10px; background-color: #EBEDEF;">
-    export AUTH_API_KEY=<%= @apikey.client_id %>/<%= @apikey.client_secret %>
-    </div>
-  </p>
-
-
-
-<span>
-  <%= link "< Back", to: Routes.apikey_path(@conn, :index),
-  class: "pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
-  shadow-hover bg-animate hover-bg-orange border-box no-underline"
-  %>
-</span>
-<span>
-  <%= link "Edit", to: Routes.apikey_path(@conn, :edit, @apikey),
-  class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
-  shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
-  %>
-</span>
-
-</div>
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index e2594405..6a15ee2a 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -25,7 +25,7 @@
   </p>
 
   <%= for apikey <- @app.apikeys do %>
-    <p><strong>AUTH_API_KEY:</strong>
+    <p><strong>API KEY:</strong>
       <div style="font-size: 1.2em;
       overflow-wrap: break-word; font-family: monospace;
       border: 1px solid black; padding: 10px; background-color: #EBEDEF;">
@@ -47,10 +47,11 @@
 
 <span>
   <%= link "< All Apps", to: Routes.app_path(@conn, :index),
-  class: "fl pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
-  shadow-hover bg-animate hover-bg-orange border-box no-underline"
+  class: "fl pointer br2 ba b--dark-blue bg-blue white pa3 ml1 mv1 f4
+  shadow-hover bg-animate hover-bg-dark-blue border-box no-underline"
   %>
 </span>
+
 <span>
   <%= link "Edit", to: Routes.app_path(@conn, :edit, @app),
   class: "fr pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
@@ -58,4 +59,11 @@
   %>
 </span>
 
+<span>
+  <%= link "Reset API Key", to: Routes.app_path(@conn, :resetapikey, @app),
+  class: "fl ml5 pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
+  shadow-hover bg-animate hover-bg-orange border-box no-underline"
+  %>
+</span>
+
 </div>

From 13cca0e289805a246eb9d168093729962bbb1bd8 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 08:22:15 +0100
Subject: [PATCH 099/166] remove lib/auth_web/views/apikey_view.ex as no longer
 needed #107

---
 lib/auth_web/views/apikey_view.ex | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 lib/auth_web/views/apikey_view.ex

diff --git a/lib/auth_web/views/apikey_view.ex b/lib/auth_web/views/apikey_view.ex
deleted file mode 100644
index c135c170..00000000
--- a/lib/auth_web/views/apikey_view.ex
+++ /dev/null
@@ -1,3 +0,0 @@
-defmodule AuthWeb.ApikeyView do
-  use AuthWeb, :view
-end

From 259149d324d3751772f2992dee98f7030cdd854f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 09:24:34 +0100
Subject: [PATCH 100/166] all tests passing again after removing API Key UI
 #107

---
 lib/auth/apikey.ex                            |  55 +++++-
 lib/auth/app.ex                               |   4 +-
 lib/auth_web/controllers/apikey_controller.ex | 181 +++++++-----------
 lib/auth_web/controllers/app_controller.ex    |  25 +++
 lib/auth_web/controllers/auth_controller.ex   |  10 +-
 lib/auth_web/router.ex                        |   1 +
 test/auth/apikey_test.exs                     |  77 ++++++--
 .../controllers/apikey_controller_test.exs    |  54 +-----
 .../controllers/auth_controller_test.exs      |  40 ++--
 9 files changed, 233 insertions(+), 214 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index ab51fcf4..b9f039cf 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -19,19 +19,62 @@ defmodule Auth.Apikey do
     timestamps()
   end
 
+
+  @doc """
+  `encrypt_encode/1` does exactly what it's name suggests,
+  AES Encrypts a string of plaintext and then Base58 encodes it.
+  We encode it using Base58 so it's human-friendly (readable).
+  """
+  def encrypt_encode(plaintext) do
+    Fields.AES.encrypt(plaintext) |> Base58.encode()
+  end
+
+  @doc """
+  `create_api_key/1` uses the `encrypt_encode/1` to create an API Key
+  that is just two strings joined with a forwardslash ("/").
+  This allows us to use a *single* environment variable.
+  """
+  def create_api_key(person_id) do
+    encrypt_encode(person_id) <> "/" <> encrypt_encode(person_id)
+  end
+
+  @doc """
+  `decode_decrypt/1` accepts a `key` and attempts to Base58.decode
+  followed by AES.decrypt it. If decode or decrypt fails, return 0 (zero).
+  """
+  def decode_decrypt(key) do
+    try do
+      key |> Base58.decode() |> Fields.AES.decrypt() |> String.to_integer()
+    rescue
+      ArgumentError ->
+        0
+    end
+  end
+
+  def decrypt_api_key(key) do
+    key |> String.split("/") |> List.first() |> decode_decrypt()
+  end
+
+
   @doc false
   def changeset(apikey, attrs) do
     apikey
     |> cast(attrs, [:client_id, :client_secret, :person_id, :status])
-    |> validate_required([:client_secret])
     |> put_assoc(:app, Map.get(attrs, "app"))
   end
 
-  def change_apikey(%Apikey{} = apikey) do
-    Apikey.changeset(apikey, %{})
-  end
-
-  def create_apikey(attrs \\ %{}) do
+  # def change_apikey(%Apikey{} = apikey) do
+  #   Apikey.changeset(apikey, %{})
+  # end
+
+  def create_apikey(app) do
+    attrs = %{
+      "client_secret" => encrypt_encode(app.person_id),
+      "client_id" => encrypt_encode(app.person_id),
+      "person_id" => app.person_id,
+      "status" => 3,
+      "app" => app
+    }
     %Apikey{}
     |> Apikey.changeset(attrs)
     |> Repo.insert()
diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index cffe4be9..4b599721 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -80,9 +80,7 @@ defmodule Auth.App do
     case %App{} |> App.changeset(attrs) |> Repo.insert() do
       {:ok, app} ->
         # Create API Key for App https://github.com/dwyl/auth/issues/97
-        %{"app" => app, "status" => 3}
-        |> AuthWeb.ApikeyController.make_apikey(app.person_id)
-        |> Auth.Apikey.create_apikey()
+        Auth.Apikey.create_apikey(app)
 
         # return the App with the API Key preloaded:
         {:ok, get_app!(app.id)}
diff --git a/lib/auth_web/controllers/apikey_controller.ex b/lib/auth_web/controllers/apikey_controller.ex
index dc3972fb..4b1f6502 100644
--- a/lib/auth_web/controllers/apikey_controller.ex
+++ b/lib/auth_web/controllers/apikey_controller.ex
@@ -5,111 +5,78 @@ defmodule AuthWeb.ApikeyController do
   use AuthWeb, :controller
   alias Auth.Apikey
 
-  def index(conn, _params) do
-    person_id = conn.assigns.person.id
-    apikeys = Apikey.list_apikeys_for_person(person_id)
-    render(conn, "index.html", apikeys: apikeys)
-  end
-
-  def new(conn, _params) do
-    changeset = Apikey.change_apikey(%Apikey{})
-    render(conn, "new.html", changeset: changeset)
-  end
-
-  def encrypt_encode(plaintext) do
-    Fields.AES.encrypt(plaintext) |> Base58.encode()
-  end
-
-  def create_api_key(person_id) do
-    encrypt_encode(person_id) <> "/" <> encrypt_encode(person_id)
-  end
-
-  @doc """
-  `decode_decrypt/1` accepts a `key` and attempts to Base58.decode
-  followed by AES.decrypt it. If decode or decrypt fails, return 0 (zero).
-  """
-  def decode_decrypt(key) do
-    try do
-      key |> Base58.decode() |> Fields.AES.decrypt() |> String.to_integer()
-    rescue
-      ArgumentError ->
-        0
-    end
-  end
-
-  def decrypt_api_key(key) do
-    key |> String.split("/") |> List.first() |> decode_decrypt()
-  end
-
-  def make_apikey(apikey_params, person_id) do
-    Map.merge(apikey_params, %{
-      "client_secret" => encrypt_encode(person_id),
-      "client_id" => encrypt_encode(person_id),
-      "person_id" => person_id
-    })
-  end
-
-  def create(conn, %{"apikey" => apikey_params}) do
-    {:ok, apikey} =
-      apikey_params
-      |> make_apikey(conn.assigns.person.id)
-      |> Apikey.create_apikey()
-
-    conn
-    |> put_flash(:info, "Apikey created successfully.")
-    |> redirect(to: Routes.apikey_path(conn, :show, apikey))
-  end
-
-  def show(conn, %{"id" => id}) do
-    apikey = Apikey.get_apikey!(id)
-    # combined = apikey.client_id <> "/" <> apikey.client_secret
-    render(conn, "show.html", apikey: apikey)
-  end
-
-  def edit(conn, %{"id" => id}) do
-    apikey = Auth.Apikey.get_apikey!(id)
-
-    if apikey.person_id == conn.assigns.person.id do
-      changeset = Auth.Apikey.change_apikey(apikey)
-      render(conn, "edit.html", apikey: apikey, changeset: changeset)
-    else
-      AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
-    end
-  end
-
-  @doc """
-    `update/2` updates a given API Key. Checks if the person attempting
-    to update the key is the "owner" of the key before updating.
-  """
-  def update(conn, %{"id" => id, "apikey" => apikey_params}) do
-    apikey = Apikey.get_apikey!(id)
-    # check that the person attempting to update the key owns it!
-    if apikey.person_id == conn.assigns.person.id do
-      case Apikey.update_apikey(apikey, apikey_params) do
-        {:ok, apikey} ->
-          conn
-          |> put_flash(:info, "Apikey updated successfully.")
-          |> redirect(to: Routes.apikey_path(conn, :show, apikey))
-
-        {:error, %Ecto.Changeset{} = changeset} ->
-          render(conn, "edit.html", apikey: apikey, changeset: changeset)
-      end
-    else
-      AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
-    end
-  end
-
-  def delete(conn, %{"id" => id}) do
-    apikey = Apikey.get_apikey!(id)
-    # check that the person attempting to delete the key owns it!
-    if apikey.person_id == conn.assigns.person.id do
-      {:ok, _apikey} = Apikey.delete_apikey(apikey)
-
-      conn
-      |> put_flash(:info, "Apikey deleted successfully.")
-      |> redirect(to: Routes.apikey_path(conn, :index))
-    else
-      AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
-    end
-  end
+  # def index(conn, _params) do
+  #   person_id = conn.assigns.person.id
+  #   apikeys = Apikey.list_apikeys_for_person(person_id)
+  #   render(conn, "index.html", apikeys: apikeys)
+  # end
+
+  # def new(conn, _params) do
+  #   changeset = Apikey.change_apikey(%Apikey{})
+  #   render(conn, "new.html", changeset: changeset)
+  # end
+
+  # def create(conn, %{"apikey" => apikey_params}) do
+  #   {:ok, apikey} =
+  #     apikey_params
+  #     |> make_apikey(conn.assigns.person.id)
+  #     |> Apikey.create_apikey()
+
+  #   conn
+  #   |> put_flash(:info, "Apikey created successfully.")
+  #   |> redirect(to: Routes.apikey_path(conn, :show, apikey))
+  # end
+
+  # def show(conn, %{"id" => id}) do
+  #   apikey = Apikey.get_apikey!(id)
+  #   # combined = apikey.client_id <> "/" <> apikey.client_secret
+  #   render(conn, "show.html", apikey: apikey)
+  # end
+
+  # def edit(conn, %{"id" => id}) do
+  #   apikey = Auth.Apikey.get_apikey!(id)
+
+  #   if apikey.person_id == conn.assigns.person.id do
+  #     changeset = Auth.Apikey.change_apikey(apikey)
+  #     render(conn, "edit.html", apikey: apikey, changeset: changeset)
+  #   else
+  #     AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
+  #   end
+  # end
+
+  # @doc """
+  #   `update/2` updates a given API Key. Checks if the person attempting
+  #   to update the key is the "owner" of the key before updating.
+  # """
+  # def update(conn, %{"id" => id, "apikey" => apikey_params}) do
+  #   apikey = Apikey.get_apikey!(id)
+  #   # check that the person attempting to update the key owns it!
+  #   if apikey.person_id == conn.assigns.person.id do
+  #     case Apikey.update_apikey(apikey, apikey_params) do
+  #       {:ok, apikey} ->
+  #         conn
+  #         |> put_flash(:info, "Apikey updated successfully.")
+  #         |> redirect(to: Routes.apikey_path(conn, :show, apikey))
+
+  #       {:error, %Ecto.Changeset{} = changeset} ->
+  #         render(conn, "edit.html", apikey: apikey, changeset: changeset)
+  #     end
+  #   else
+  #     AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
+  #   end
+  # end
+
+  # def delete(conn, %{"id" => id}) do
+  #   apikey = Apikey.get_apikey!(id)
+  #   # check that the person attempting to delete the key owns it!
+  #   if apikey.person_id == conn.assigns.person.id do
+  #     {:ok, _apikey} = Apikey.delete_apikey(apikey)
+
+  #     conn
+  #     |> put_flash(:info, "Apikey deleted successfully.")
+  #     |> redirect(to: Routes.apikey_path(conn, :index))
+  #   else
+  #     AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
+  #   end
+  # end
 end
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 912daecb..3d166d7b 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -65,4 +65,29 @@ defmodule AuthWeb.AppController do
     |> put_flash(:info, "App deleted successfully.")
     |> redirect(to: Routes.app_path(conn, :index))
   end
+
+  @doc """
+  Reset the API Key in case of suspected compromise.
+
+  """
+  def resetapikey(conn, %{"id" => id}) do
+    IO.inspect(id, label: "id:74")
+    app = App.get_app!(id)
+    IO.inspect(app, label: "app:76")
+
+    Enum.each(app.apikeys, fn k ->
+      IO.inspect(k, label: "apikey:78")
+      if k.status == 3 do
+        # soft delete the apikey
+        Auth.Apikey.update_apikey(Map.delete(k, :app), %{status: 6})
+      end
+    end)
+
+
+
+
+    # get the app again and render it:
+
+    render(conn, "show.html", app: app)
+  end
 end
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index c3b764f9..4e92621f 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -297,7 +297,7 @@ defmodule AuthWeb.AuthController do
       changeset: Auth.Person.password_new_changeset(%{email: email}),
       # so we can redirect after creatig a password
       state: state,
-      email: AuthWeb.ApikeyController.encrypt_encode(email)
+      email: Auth.Apikey.encrypt_encode(email)
     )
   end
 
@@ -312,7 +312,7 @@ defmodule AuthWeb.AuthController do
   def make_verify_link(conn, person, state) do
     AuthPlug.Helpers.get_baseurl_from_conn(conn) <>
       "/auth/verify?id=" <>
-      AuthWeb.ApikeyController.encrypt_encode(person.id) <>
+      Auth.Apikey.encrypt_encode(person.id) <>
       "&referer=" <> state
   end
 
@@ -322,7 +322,7 @@ defmodule AuthWeb.AuthController do
   #   |> render("password_create.html",
   #     changeset: Auth.Person.password_new_changeset(%{email: params["email"]}),
   #     state: params["state"], # so we can redirect after creatig a password
-  #     email: AuthWeb.ApikeyController.encrypt_encode(params["email"])
+  #     email: AuthWeb.Apikey.encrypt_encode(params["email"])
   #   )
   # end
 
@@ -394,7 +394,7 @@ defmodule AuthWeb.AuthController do
   end
 
   def verify_email(conn, params) do
-    id = AuthWeb.ApikeyController.decode_decrypt(params["id"])
+    id = Auth.Apikey.decode_decrypt(params["id"])
     person = Auth.Person.verify_person_by_id(id)
     redirect_or_render(conn, person, params["referer"])
   end
@@ -421,7 +421,7 @@ defmodule AuthWeb.AuthController do
   end
 
   def get_client_secret(client_id, state) do
-    person_id = AuthWeb.ApikeyController.decode_decrypt(client_id)
+    person_id = Auth.Apikey.decode_decrypt(client_id)
     # decode_decrypt fails with state 0
     if person_id == 0 do
       0
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index ea8b9b52..50df91e2 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -50,6 +50,7 @@ defmodule AuthWeb.Router do
     resources "/roles", RoleController
 
     resources "/permissions", PermissionController
+    get "/apps/:id/resetapikey", AppController, :resetapikey
     resources "/apps", AppController
     # resources "/settings/apikeys", ApikeyController
   end
diff --git a/test/auth/apikey_test.exs b/test/auth/apikey_test.exs
index 3e262bf8..c4361a80 100644
--- a/test/auth/apikey_test.exs
+++ b/test/auth/apikey_test.exs
@@ -1,32 +1,79 @@
 defmodule Auth.ApikeyTest do
-  # use Auth.DataCase
-  use AuthWeb.ConnCase
+  use Auth.DataCase
+  # use AuthWeb.ConnCase
+  use ExUnitProperties
   # alias Auth.Apikey
   @email System.get_env("ADMIN_EMAIL")
 
+  describe "Create an AUTH_API_KEY for a given person_id" do
+    test "encrypt_encode/1 returns a base58 we can decrypt" do
+      person_id = 1
+      key = Auth.Apikey.encrypt_encode(person_id)
+
+      decrypted =
+        key
+        |> Base58.decode()
+        |> Fields.AES.decrypt()
+        |> String.to_integer()
+
+      assert decrypted == person_id
+    end
+
+    test "decode_decrypt/1 reverses the operation of encrypt_encode/1" do
+      person_id = 4_869_234_521
+      key = Auth.Apikey.encrypt_encode(person_id)
+      id = Auth.Apikey.decode_decrypt(key)
+      assert person_id == id
+    end
+
+    test "create_api_key/1 creates an AUTH_API_KEY" do
+      person_id = 123_456_789
+      key = Auth.Apikey.create_api_key(person_id)
+      assert key =~ "/"
+      # parts = String.split(key, "/")
+      # assert decode_decrypt(List.first(parts)) == person_id
+    end
+
+    test "decrypt_api_key/1 decrypts an AUTH_API_KEY" do
+      person_id = 1234
+      key = Auth.Apikey.create_api_key(person_id)
+      decrypted = Auth.Apikey.decrypt_api_key(key)
+      assert decrypted == person_id
+    end
+
+    test "decode_decrypt/1 with invalid client_id" do
+      valid_key = Auth.Apikey.encrypt_encode(1)
+      person_id = Auth.Apikey.decode_decrypt(valid_key)
+      assert person_id == 1
+
+      invalid_key = String.slice(valid_key, 0..-2)
+      error = Auth.Apikey.decode_decrypt(invalid_key)
+      assert error == 0
+    end
+
+    property "Check a batch of int values can be decoded decode_decrypt/1" do
+      check all(int <- integer()) do
+        assert Auth.Apikey.decode_decrypt(
+                 Auth.Apikey.encrypt_encode(int)
+               ) == int
+      end
+    end
+  end
+
   test "list_apikeys_for_person/1 returns all apikeys person" do
     person = Auth.Person.get_person_by_email(@email)
 
     keys = Auth.Apikey.list_apikeys_for_person(person.id)
     assert length(keys) == 1
 
-    # Insert Two API keys:
-    params = %{
-      # "description" => "test key",
+    # Insert Another App (And API Key):
+    Auth.App.create_app(%{
       "name" => "My Amazing Key",
       "url" => "http://localhost:400",
-      "person_id" => person.id,
-      "client_secret" => AuthWeb.ApikeyController.encrypt_encode(person.id)
-    }
-
-    Auth.Apikey.create_apikey(params)
-
-    Map.merge(params, %{
-      "client_secret" => AuthWeb.ApikeyController.encrypt_encode(person.id)
+      "person_id" => person.id
     })
-    |> Auth.Apikey.create_apikey()
 
     keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) == 3
+    assert length(keys) == 2
   end
 end
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
index ddbdd1a0..6b43e185 100644
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ b/test/auth_web/controllers/apikey_controller_test.exs
@@ -1,6 +1,5 @@
 defmodule AuthWeb.ApikeyControllerTest do
   use AuthWeb.ConnCase
-  use ExUnitProperties
 
   # @email System.get_env("ADMIN_EMAIL")
   # @create_attrs %{
@@ -18,58 +17,7 @@ defmodule AuthWeb.ApikeyControllerTest do
   # }
   # @invalid_attrs %{client_secret: nil, description: nil, key_id: nil, name: nil, url: nil}
 
-  describe "Create an AUTH_API_KEY for a given person_id" do
-    test "encrypt_encode/1 returns a base58 we can decrypt" do
-      person_id = 1
-      key = AuthWeb.ApikeyController.encrypt_encode(person_id)
-
-      decrypted =
-        key
-        |> Base58.decode()
-        |> Fields.AES.decrypt()
-        |> String.to_integer()
-
-      assert decrypted == person_id
-    end
-
-    test "decode_decrypt/1 reverses the operation of encrypt_encode/1" do
-      person_id = 4_869_234_521
-      key = AuthWeb.ApikeyController.encrypt_encode(person_id)
-      id = AuthWeb.ApikeyController.decode_decrypt(key)
-      assert person_id == id
-    end
-
-    test "create_api_key/1 creates an AUTH_API_KEY" do
-      person_id = 123_456_789
-      key = AuthWeb.ApikeyController.create_api_key(person_id)
-      assert key =~ "/"
-    end
-
-    test "decrypt_api_key/1 decrypts an AUTH_API_KEY" do
-      person_id = 1234
-      key = AuthWeb.ApikeyController.create_api_key(person_id)
-      decrypted = AuthWeb.ApikeyController.decrypt_api_key(key)
-      assert decrypted == person_id
-    end
-
-    test "decode_decrypt/1 with invalid client_id" do
-      valid_key = AuthWeb.ApikeyController.encrypt_encode(1)
-      person_id = AuthWeb.ApikeyController.decode_decrypt(valid_key)
-      assert person_id == 1
-
-      invalid_key = String.slice(valid_key, 0..-2)
-      error = AuthWeb.ApikeyController.decode_decrypt(invalid_key)
-      assert error == 0
-    end
-
-    property "Check a batch of int values can be decoded decode_decrypt/1" do
-      check all(int <- integer()) do
-        assert AuthWeb.ApikeyController.decode_decrypt(
-                 AuthWeb.ApikeyController.encrypt_encode(int)
-               ) == int
-      end
-    end
-  end
+
 
   # describe "index" do
   #   test "lists all apikeys", %{conn: conn} do
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index b6f1eb29..e63c43d5 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -2,6 +2,13 @@ defmodule AuthWeb.AuthControllerTest do
   use AuthWeb.ConnCase
   # @email System.get_env("ADMIN_EMAIL")
 
+  @app_data %{
+    "name" => "example key",
+    "url" => "https://www.example.com",
+    "person_id" => 1,
+    "status" => 3
+  }
+
   test "GET /", %{conn: conn} do
     conn = get(conn, "/")
     assert html_response(conn, 200) =~ "Sign in"
@@ -52,23 +59,8 @@ defmodule AuthWeb.AuthControllerTest do
   end
 
   test "get_client_secret(client_id, state) gets the secret for the given client_id" do
-    person =
-      Auth.Person.create_person(%{
-        email: "alex@gmail.com",
-        auth_provider: "email"
-      })
-
-    app_data = %{
-      "name" => "example key",
-      "url" => "https://www.example.com",
-      "person_id" => person.id,
-      "status" => 3
-    }
-
-    {:ok, app} = Auth.App.create_app(app_data)
-    apikey_params = %{"app" => app}
-    key = AuthWeb.ApikeyController.make_apikey(apikey_params, person.id)
-    {:ok, key} = Auth.Apikey.create_apikey(key)
+    {:ok, app} = Auth.App.create_app(@app_data)
+    key = List.first(app.apikeys)
 
     state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
     secret = AuthWeb.AuthController.get_client_secret(key.client_id, state)
@@ -109,10 +101,8 @@ defmodule AuthWeb.AuthControllerTest do
   test "google_handler/2 show welcome page", %{conn: conn} do
     # Google Auth Mock makes the state https://www.example.com
     # so we need to create a new API_KEY with that url:
-    {:ok, key} =
-      %{"name" => "example key", "url" => "https://www.example.com"}
-      |> AuthWeb.ApikeyController.make_apikey(1)
-      |> Auth.Apikey.create_apikey()
+    {:ok, app} = Auth.App.create_app(@app_data)
+    key = List.first(app.apikeys)
 
     conn =
       get(conn, "/auth/google/callback", %{
@@ -295,7 +285,7 @@ defmodule AuthWeb.AuthControllerTest do
 
     params = %{
       "person" => %{
-        "email" => AuthWeb.ApikeyController.encrypt_encode("anabela@mail.com"),
+        "email" => Auth.Apikey.encrypt_encode("anabela@mail.com"),
         "password" => "thiswillbehashed"
       }
     }
@@ -307,7 +297,7 @@ defmodule AuthWeb.AuthControllerTest do
   test "password_create/2 display form when password not valid", %{conn: conn} do
     params = %{
       "person" => %{
-        "email" => AuthWeb.ApikeyController.encrypt_encode("anabela@mail.com"),
+        "email" => Auth.Apikey.encrypt_encode("anabela@mail.com"),
         "password" => "short"
       }
     }
@@ -348,7 +338,7 @@ defmodule AuthWeb.AuthControllerTest do
 
     params = %{
       "person" => %{
-        "email" => AuthWeb.ApikeyController.encrypt_encode(data.email),
+        "email" => Auth.Apikey.encrypt_encode(data.email),
         "password" => "thiswillbehashed",
         "state" => state
       }
@@ -374,7 +364,7 @@ defmodule AuthWeb.AuthControllerTest do
 
     params = %{
       "person" => %{
-        "email" => AuthWeb.ApikeyController.encrypt_encode(data.email),
+        "email" => Auth.Apikey.encrypt_encode(data.email),
         "password" => "fail",
         "state" => state
       }

From b0ff09fc337fd32fa3c341f07409d6ea8f3deac9 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 09:25:36 +0100
Subject: [PATCH 101/166] =?UTF-8?q?=F0=9F=94=AA=20DELETE=20apikey=5Fcontro?=
 =?UTF-8?q?ller.ex=20and=20apikey=5Fcontroller=5Ftest.exs=20#107?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/auth_web/controllers/apikey_controller.ex |  82 --------
 .../controllers/apikey_controller_test.exs    | 181 ------------------
 2 files changed, 263 deletions(-)
 delete mode 100644 lib/auth_web/controllers/apikey_controller.ex
 delete mode 100644 test/auth_web/controllers/apikey_controller_test.exs

diff --git a/lib/auth_web/controllers/apikey_controller.ex b/lib/auth_web/controllers/apikey_controller.ex
deleted file mode 100644
index 4b1f6502..00000000
--- a/lib/auth_web/controllers/apikey_controller.ex
+++ /dev/null
@@ -1,82 +0,0 @@
-defmodule AuthWeb.ApikeyController do
-  @moduledoc """
-  Defines API Key controller functions
-  """
-  use AuthWeb, :controller
-  alias Auth.Apikey
-
-  # def index(conn, _params) do
-  #   person_id = conn.assigns.person.id
-  #   apikeys = Apikey.list_apikeys_for_person(person_id)
-  #   render(conn, "index.html", apikeys: apikeys)
-  # end
-
-  # def new(conn, _params) do
-  #   changeset = Apikey.change_apikey(%Apikey{})
-  #   render(conn, "new.html", changeset: changeset)
-  # end
-
-  # def create(conn, %{"apikey" => apikey_params}) do
-  #   {:ok, apikey} =
-  #     apikey_params
-  #     |> make_apikey(conn.assigns.person.id)
-  #     |> Apikey.create_apikey()
-
-  #   conn
-  #   |> put_flash(:info, "Apikey created successfully.")
-  #   |> redirect(to: Routes.apikey_path(conn, :show, apikey))
-  # end
-
-  # def show(conn, %{"id" => id}) do
-  #   apikey = Apikey.get_apikey!(id)
-  #   # combined = apikey.client_id <> "/" <> apikey.client_secret
-  #   render(conn, "show.html", apikey: apikey)
-  # end
-
-  # def edit(conn, %{"id" => id}) do
-  #   apikey = Auth.Apikey.get_apikey!(id)
-
-  #   if apikey.person_id == conn.assigns.person.id do
-  #     changeset = Auth.Apikey.change_apikey(apikey)
-  #     render(conn, "edit.html", apikey: apikey, changeset: changeset)
-  #   else
-  #     AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
-  #   end
-  # end
-
-  # @doc """
-  #   `update/2` updates a given API Key. Checks if the person attempting
-  #   to update the key is the "owner" of the key before updating.
-  # """
-  # def update(conn, %{"id" => id, "apikey" => apikey_params}) do
-  #   apikey = Apikey.get_apikey!(id)
-  #   # check that the person attempting to update the key owns it!
-  #   if apikey.person_id == conn.assigns.person.id do
-  #     case Apikey.update_apikey(apikey, apikey_params) do
-  #       {:ok, apikey} ->
-  #         conn
-  #         |> put_flash(:info, "Apikey updated successfully.")
-  #         |> redirect(to: Routes.apikey_path(conn, :show, apikey))
-
-  #       {:error, %Ecto.Changeset{} = changeset} ->
-  #         render(conn, "edit.html", apikey: apikey, changeset: changeset)
-  #     end
-  #   else
-  #     AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
-  #   end
-  # end
-
-  # def delete(conn, %{"id" => id}) do
-  #   apikey = Apikey.get_apikey!(id)
-  #   # check that the person attempting to delete the key owns it!
-  #   if apikey.person_id == conn.assigns.person.id do
-  #     {:ok, _apikey} = Apikey.delete_apikey(apikey)
-
-  #     conn
-  #     |> put_flash(:info, "Apikey deleted successfully.")
-  #     |> redirect(to: Routes.apikey_path(conn, :index))
-  #   else
-  #     AuthWeb.AuthController.not_found(conn, "API KEY " <> id <> " not found.")
-  #   end
-  # end
-end
diff --git a/test/auth_web/controllers/apikey_controller_test.exs b/test/auth_web/controllers/apikey_controller_test.exs
deleted file mode 100644
index 6b43e185..00000000
--- a/test/auth_web/controllers/apikey_controller_test.exs
+++ /dev/null
@@ -1,181 +0,0 @@
-defmodule AuthWeb.ApikeyControllerTest do
-  use AuthWeb.ConnCase
-
-  # @email System.get_env("ADMIN_EMAIL")
-  # @create_attrs %{
-  #   description: "some description",
-  #   name: "some name", url: "localhost",
-  #   status: 3,
-  #   person_id: 1
-  # }
-  # @update_attrs %{
-  #   client_secret: "updated client sec",
-  #   description: "some updated desc",
-  #   name: "updated name",
-  #   url: "surl",
-  #   status: 3
-  # }
-  # @invalid_attrs %{client_secret: nil, description: nil, key_id: nil, name: nil, url: nil}
-
-
-
-  # describe "index" do
-  #   test "lists all apikeys", %{conn: conn} do
-  #     conn = admin_login(conn)
-  #     conn = get(conn, Routes.apikey_path(conn, :index))
-
-  #     assert html_response(conn, 200) =~ "Auth API Keys"
-  #   end
-  # end
-
-  # describe "new apikey" do
-  #   test "renders form", %{conn: conn} do
-  #     conn = admin_login(conn)
-  #     conn = get(conn, Routes.apikey_path(conn, :new))
-
-  #     assert html_response(conn, 200) =~ "New Apikey"
-  #   end
-  # end
-
-  # describe "create apikey" do
-  #   test "redirects to show when data is valid", %{conn: conn} do
-  #     {:ok, app} = Auth.App.create_app(@create_attrs)
-  #     IO.inspect(app, label: "app")
-  #     conn = admin_login(conn)
-  #     params = %{"app" => app}
-  #     conn = post(conn, Routes.apikey_path(conn, :create), apikey: params)
-
-  #     assert %{id: id} = redirected_params(conn)
-  #     IO.inspect(id, label: "id")
-  #     assert redirected_to(conn) == Routes.apikey_path(conn, :show, id)
-
-  #     conn = get(conn, Routes.apikey_path(conn, :show, id))
-  #     IO.inspect(conn, label: "conn")
-  #     # assert html_response(conn, 200) =~ "Your AUTH_API_KEY"
-  #   end
-  # end
-
-  # describe "edit apikey" do
-  #   test "renders form for editing chosen apikey", %{conn: conn} do
-  #     person = Auth.Person.get_person_by_email(@email)
-  #     conn = admin_login(conn)
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000"}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = get(conn, Routes.apikey_path(conn, :edit, key.id))
-  #     assert html_response(conn, 200) =~ "Edit Apikey"
-  #   end
-
-  #   test "attempt to edit a key I don't own > should 404", %{conn: conn} do
-  #     person = Auth.Person.get_person_by_email(@email)
-
-  #     wrong_person_data = %{
-  #       email: "wronger@gmail.com",
-  #       auth_provider: "email",
-  #       id: 42
-  #     }
-
-  #     Auth.Person.create_person(wrong_person_data)
-  #     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000"}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = get(conn, Routes.apikey_path(conn, :edit, key.id))
-  #     assert html_response(conn, 404) =~ "not found"
-  #   end
-  # end
-
-  # describe "update apikey" do
-  #   test "redirects when data is valid", %{conn: conn} do
-  #     person = Auth.Person.get_person_by_email(@email)
-  #     conn = AuthPlug.create_jwt_session(conn, %{id: person.id})
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000"}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
-  #     assert redirected_to(conn) == Routes.apikey_path(conn, :show, key)
-  #   end
-
-  #   test "renders errors when data is invalid", %{conn: conn} do
-  #     person = Auth.Person.get_person_by_email(@email)
-  #     conn = admin_login(conn)
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000"}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = put(conn, Routes.apikey_path(conn, :update, key), apikey: @invalid_attrs)
-  #     assert html_response(conn, 200) =~ "Edit Apikey"
-  #   end
-
-  #   test "attempt to UPDATE a key I don't own > should 404", %{conn: conn} do
-  #     person = Auth.Person.get_person_by_email(@email)
-  #     # create session with wrong person:
-  #     wrong_person_data = %{
-  #       email: "wronger@gmail.com",
-  #       auth_provider: "email",
-  #       id: 42
-  #     }
-
-  #     Auth.Person.create_person(wrong_person_data)
-  #     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000", "person_id" => person.id}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = put(conn, Routes.apikey_path(conn, :update, key.id), apikey: @update_attrs)
-  #     assert html_response(conn, 404) =~ "not found"
-  #   end
-  # end
-
-  # describe "delete apikey" do
-  #   test "deletes chosen apikey", %{conn: conn} do
-  #     person = Auth.Person.get_person_by_email(@email)
-  #     conn = admin_login(conn)
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000"}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = delete(conn, Routes.apikey_path(conn, :delete, key))
-  #     assert redirected_to(conn) == Routes.apikey_path(conn, :index)
-
-  #     assert_error_sent 404, fn ->
-  #       get(conn, Routes.apikey_path(conn, :show, key))
-  #     end
-  #   end
-
-  #   test "cannot delete a key belonging to someone else! 404", %{conn: conn} do
-  #     wrong_person_data = %{
-  #       email: "wronger@gmail.com",
-  #       auth_provider: "email",
-  #       id: 42
-  #     }
-
-  #     Auth.Person.create_person(wrong_person_data)
-  #     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
-  #     person = Auth.Person.get_person_by_email(@email)
-
-  #     {:ok, key} =
-  #       %{"name" => "test key", "url" => "http://localhost:4000"}
-  #       |> AuthWeb.ApikeyController.make_apikey(person.id)
-  #       |> Auth.Apikey.create_apikey()
-
-  #     conn = delete(conn, Routes.apikey_path(conn, :delete, key))
-  #     assert html_response(conn, 404) =~ "not found"
-  #   end
-  # end
-end

From f59cdf98e67dc72dae0c4a2c80dd35b64e47664a Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 09:59:46 +0100
Subject: [PATCH 102/166] all tests passing again after removing API Key UI
 #107

---
 lib/auth/apikey.ex                            | 46 -------------------
 lib/auth_web/controllers/app_controller.ex    | 15 +++---
 lib/auth_web/templates/app/show.html.eex      |  2 +
 .../controllers/app_controller_test.exs       | 10 ++++
 4 files changed, 18 insertions(+), 55 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index b9f039cf..75d180b7 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -55,18 +55,12 @@ defmodule Auth.Apikey do
     key |> String.split("/") |> List.first() |> decode_decrypt()
   end
 
-
-  @doc false
   def changeset(apikey, attrs) do
     apikey
     |> cast(attrs, [:client_id, :client_secret, :person_id, :status])
     |> put_assoc(:app, Map.get(attrs, "app"))
   end
 
-  # def change_apikey(%Apikey{} = apikey) do
-  #   Apikey.changeset(apikey, %{})
-  # end
-
   def create_apikey(app) do
     attrs = %{
       "client_secret" => encrypt_encode(app.person_id),
@@ -89,28 +83,6 @@ defmodule Auth.Apikey do
     |> Repo.preload(:app)
   end
 
-  @doc """
-  Gets a single apikey.
-
-  Raises `Ecto.NoResultsError` if the Apikey does not exist.
-
-  ## Examples
-
-      iex> get_apikey!(123)
-      %Apikey{}
-
-      iex> get_apikey!(456)
-      ** (Ecto.NoResultsError)
-
-  """
-  def get_apikey!(id) do
-    __MODULE__
-    # |> Repo.get!(id)
-    |> where([a], a.id == ^id and a.status != 6)
-    |> Repo.one()
-    |> Repo.preload(:app)
-  end
-
   @doc """
   Updates a apikey.
 
@@ -128,22 +100,4 @@ defmodule Auth.Apikey do
     |> changeset(attrs)
     |> Repo.update()
   end
-
-  @doc """
-  Deletes a apikey.
-
-  ## Examples
-
-      iex> delete_apikey(apikey)
-      {:ok, %Apikey{}}
-
-      iex> delete_apikey(apikey)
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def delete_apikey(%Apikey{} = apikey) do
-    # Repo.delete(apikey)
-    # "soft delete" for autiting purposes:
-    update_apikey(apikey, %{status: 6})
-  end
 end
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 3d166d7b..373f6a43 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -68,26 +68,23 @@ defmodule AuthWeb.AppController do
 
   @doc """
   Reset the API Key in case of suspected compromise.
-
   """
   def resetapikey(conn, %{"id" => id}) do
-    IO.inspect(id, label: "id:74")
     app = App.get_app!(id)
-    IO.inspect(app, label: "app:76")
 
     Enum.each(app.apikeys, fn k ->
-      IO.inspect(k, label: "apikey:78")
       if k.status == 3 do
-        # soft delete the apikey
+        # retire the apikey
         Auth.Apikey.update_apikey(Map.delete(k, :app), %{status: 6})
       end
     end)
 
-
-
+    # Create New API Key:
+    Auth.Apikey.create_apikey(app)
 
     # get the app again and render it:
-
-    render(conn, "show.html", app: app)
+    conn
+    |> put_flash(:info, "Your API Key has been successfully reset")
+    |> render("show.html", app: App.get_app!(id))
   end
 end
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index 6a15ee2a..4c73ffca 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -25,6 +25,7 @@
   </p>
 
   <%= for apikey <- @app.apikeys do %>
+    <%= if apikey.status != 6 do %>
     <p><strong>API KEY:</strong>
       <div style="font-size: 1.2em;
       overflow-wrap: break-word; font-family: monospace;
@@ -40,6 +41,7 @@
       export AUTH_API_KEY=<%= apikey.client_id %>/<%= apikey.client_secret %>
       </div>
     </p>
+    <% end %>
   <% end %>
 
 
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index ed31e260..ca7e659c 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -106,4 +106,14 @@ defmodule AuthWeb.AppControllerTest do
     app = fixture(:app)
     %{app: app}
   end
+
+  describe "reset apikey" do
+    setup [:create_app]
+
+    test "reset apikey for an app", %{conn: conn, app: app} do
+      conn = admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :resetapikey, app))
+      assert html_response(conn, 200) =~ "successfully reset"
+    end
+  end
 end

From e6b478a5684b5d878407c85546a81d5e67b2905c Mon Sep 17 00:00:00 2001
From: Nelson <194400+nelsonic@users.noreply.github.com>
Date: Thu, 10 Sep 2020 10:00:53 +0100
Subject: [PATCH 103/166] preload :apikeys in where macro

Co-authored-by: Tom Haines <tom@tomhaines.uk>
---
 lib/auth/app.ex | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index b3a03401..ddf40418 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -59,7 +59,9 @@ defmodule Auth.App do
   """
   def get_app!(id) do
     App
-    |> where([a], a.id == ^id and a.status != 6)
+    |> where([a], a.id == ^id and a.status != 6,
+         preload: [:apikeys]
+    )
     |> Repo.one()
     |> Repo.preload(:apikeys)
   end

From 3859c9fbd4b48e56eec16f54a9c0b37073854ae0 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 10:08:13 +0100
Subject: [PATCH 104/166] move environment variable lookup to module attribute
 in upsert_status/1 https://github.com/dwyl/auth/pull/85#discussion_r485536867

---
 lib/auth/status.ex | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/auth/status.ex b/lib/auth/status.ex
index 9bd4a9c2..c0e11886 100644
--- a/lib/auth/status.ex
+++ b/lib/auth/status.ex
@@ -4,6 +4,7 @@ defmodule Auth.Status do
   alias Auth.Repo
   # https://stackoverflow.com/a/47501059/1148249
   alias __MODULE__
+  @admin_email System.get_env("ADMIN_EMAIL")
 
   schema "status" do
     field :text, :string
@@ -31,9 +32,7 @@ defmodule Auth.Status do
     case Auth.Repo.get_by(__MODULE__, text: Map.get(attrs, "text")) do
       # create status
       nil ->
-        email = System.get_env("ADMIN_EMAIL")
-        person = Auth.Person.get_person_by_email(email)
-        create_status(attrs, person)
+        create_status(attrs, Auth.Person.get_person_by_email(@admin_email))
 
       status ->
         status

From 3c4e5a2d66a9a18c7e68b2c7eba75f1e1ee46d84 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 10:16:48 +0100
Subject: [PATCH 105/166] check for API Keys that are "deleted" in
 get_client_secret/2 #107 +  #106

---
 lib/auth/app.ex                             | 4 +---
 lib/auth_web/controllers/auth_controller.ex | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 6ea7e8c9..4b599721 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -59,9 +59,7 @@ defmodule Auth.App do
   """
   def get_app!(id) do
     App
-    |> where([a], a.id == ^id and a.status != 6,
-         preload: [:apikeys]
-    )
+    |> where([a], a.id == ^id and a.status != 6)
     |> Repo.one()
     |> Repo.preload(:apikeys)
   end
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 4e92621f..bc42dfc6 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -434,7 +434,7 @@ defmodule AuthWeb.AuthController do
           k.client_id == client_id
         else
           # check url matches the state for all other keys:
-          k.client_id == client_id and state =~ k.app.url
+          k.client_id == client_id and state =~ k.app.url and k.status != 6
         end
       end)
       |> List.first()

From 3190d72ffcedb4d41bb9ae8053fc566b4eb994f5 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 11:03:50 +0100
Subject: [PATCH 106/166] Restrict access to apps on all CRUD routes #99

---
 lib/auth/app.ex                               |  6 ++
 lib/auth_web/controllers/app_controller.ex    | 84 ++++++++++++-------
 .../controllers/app_controller_test.exs       | 40 ++++++++-
 test/test_helper.exs                          | 16 ++++
 4 files changed, 114 insertions(+), 32 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 4b599721..bfb67147 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -43,6 +43,12 @@ defmodule Auth.App do
     |> Repo.all()
   end
 
+  def list_apps(person_id) do
+    App
+    |> where([a], a.status != 6 and a.person_id == ^person_id)
+    |> Repo.all()
+  end
+
   @doc """
   Gets a single app.
 
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 373f6a43..99e81b1b 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -3,7 +3,11 @@ defmodule AuthWeb.AppController do
   alias Auth.App
 
   def index(conn, _params) do
-    apps = App.list_apps()
+    apps = if conn.assigns.person.id == 1 do
+      App.list_apps()
+    else
+      App.list_apps(conn.assigns.person.id)
+    end
     render(conn, "index.html", apps: apps)
   end
 
@@ -33,37 +37,54 @@ defmodule AuthWeb.AppController do
   def show(conn, %{"id" => id}) do
     app = App.get_app!(id)
     #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
-    render(conn, "show.html", app: app)
+    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
+    else
+      render(conn, "show.html", app: app)
+    end
   end
 
   def edit(conn, %{"id" => id}) do
     # IO.inspect(id, label: "edit id:36")
     app = App.get_app!(id)
-    changeset = App.change_app(app)
-    render(conn, "edit.html", app: app, changeset: changeset)
+    #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
+    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
+    else
+      changeset = App.change_app(app)
+      render(conn, "edit.html", app: app, changeset: changeset)
+    end
   end
 
   def update(conn, %{"id" => id, "app" => app_params}) do
     app = App.get_app!(id)
+    #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
+    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
+    else
+      case App.update_app(app, app_params) do
+        {:ok, app} ->
+          conn
+          |> put_flash(:info, "App updated successfully.")
+          |> redirect(to: Routes.app_path(conn, :show, app))
 
-    case App.update_app(app, app_params) do
-      {:ok, app} ->
-        conn
-        |> put_flash(:info, "App updated successfully.")
-        |> redirect(to: Routes.app_path(conn, :show, app))
-
-      {:error, %Ecto.Changeset{} = changeset} ->
-        render(conn, "edit.html", app: app, changeset: changeset)
+        {:error, %Ecto.Changeset{} = changeset} ->
+          render(conn, "edit.html", app: app, changeset: changeset)
+      end
     end
   end
 
   def delete(conn, %{"id" => id}) do
     app = App.get_app!(id)
-    {:ok, _app} = App.delete_app(app)
+    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
+    else
+      {:ok, _app} = App.delete_app(app)
 
-    conn
-    |> put_flash(:info, "App deleted successfully.")
-    |> redirect(to: Routes.app_path(conn, :index))
+      conn
+      |> put_flash(:info, "App deleted successfully.")
+      |> redirect(to: Routes.app_path(conn, :index))
+    end
   end
 
   @doc """
@@ -71,20 +92,25 @@ defmodule AuthWeb.AppController do
   """
   def resetapikey(conn, %{"id" => id}) do
     app = App.get_app!(id)
+    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
+    else
+      Enum.each(app.apikeys, fn k ->
+        if k.status == 3 do
+          # retire the apikey
+          Auth.Apikey.update_apikey(Map.delete(k, :app), %{status: 6})
+        end
+      end)
 
-    Enum.each(app.apikeys, fn k ->
-      if k.status == 3 do
-        # retire the apikey
-        Auth.Apikey.update_apikey(Map.delete(k, :app), %{status: 6})
-      end
-    end)
-
-    # Create New API Key:
-    Auth.Apikey.create_apikey(app)
+      # Create New API Key:
+      Auth.Apikey.create_apikey(app)
 
-    # get the app again and render it:
-    conn
-    |> put_flash(:info, "Your API Key has been successfully reset")
-    |> render("show.html", app: App.get_app!(id))
+      # get the app again and render it:
+      conn
+      |> put_flash(:info, "Your API Key has been successfully reset")
+      |> render("show.html", app: App.get_app!(id))
+    end
   end
+
+
 end
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index ca7e659c..0a0e856b 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -8,14 +8,14 @@ defmodule AuthWeb.AppControllerTest do
     end: ~N[2010-04-17 14:00:00],
     name: "some name",
     url: "some url",
-    status: 3
+    status: 3,
+    person_id: 1
   }
   @update_attrs %{
     desc: "some updated description",
     end: ~N[2011-05-18 15:01:01],
     name: "some updated name",
-    url: "some updated url",
-    status: 3
+    url: "some updated url"
   }
   @invalid_attrs %{description: nil, end: nil, name: nil, url: nil, person_id: nil}
 
@@ -59,6 +59,16 @@ defmodule AuthWeb.AppControllerTest do
     end
   end
 
+  describe "show app" do
+    setup [:create_app]
+
+    test "attempt to VIEW app you don't own > 404", %{conn: conn, app: app} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :show, app))
+      assert html_response(conn, 404) =~ "can't touch this."
+    end
+  end
+
   describe "edit app" do
     setup [:create_app]
 
@@ -67,6 +77,12 @@ defmodule AuthWeb.AppControllerTest do
       conn = get(conn, Routes.app_path(conn, :edit, app))
       assert html_response(conn, 200) =~ "Edit App"
     end
+
+    test "attempt to EDIT app you don't own > 404", %{conn: conn, app: app} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :edit, app))
+      assert html_response(conn, 404) =~ "can't touch this."
+    end
   end
 
   describe "update app" do
@@ -86,6 +102,12 @@ defmodule AuthWeb.AppControllerTest do
       conn = put(conn, Routes.app_path(conn, :update, app), app: @invalid_attrs)
       assert html_response(conn, 200) =~ "Edit App"
     end
+
+    test "attempt UPDATE app you don't own > 404", %{conn: conn, app: app} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :update, app))
+      assert html_response(conn, 404) =~ "can't touch this."
+    end
   end
 
   describe "delete app" do
@@ -100,6 +122,12 @@ defmodule AuthWeb.AppControllerTest do
         get(conn, Routes.app_path(conn, :show, app))
       end
     end
+
+    test "attempt DELETE app you don't own > 404", %{conn: conn, app: app} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :delete, app))
+      assert html_response(conn, 404) =~ "can't touch this."
+    end
   end
 
   defp create_app(_) do
@@ -115,5 +143,11 @@ defmodule AuthWeb.AppControllerTest do
       conn = get(conn, Routes.app_path(conn, :resetapikey, app))
       assert html_response(conn, 200) =~ "successfully reset"
     end
+
+    test "attempt reset apikey you don't own > 404", %{conn: conn, app: app} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :resetapikey, app))
+      assert html_response(conn, 404) =~ "can't touch this."
+    end
   end
 end
diff --git a/test/test_helper.exs b/test/test_helper.exs
index 368e8cf5..1f9a98e9 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -21,4 +21,20 @@ defmodule AuthTest do
     # IO.inspect(person, label: "person")
     AuthPlug.create_jwt_session(conn, data)
   end
+
+  def non_admin_login(conn) do
+    person = Auth.Person.upsert_person(%{
+      email: "alex@gmail.com",
+      auth_provider: "email",
+      password: "thiswillbehashed"
+    })
+
+    data = %{
+      id: person.id,
+      email: person.email,
+      auth_provider: person.auth_provider
+    }
+
+    AuthPlug.create_jwt_session(conn, data)
+  end
 end

From f45a850a3d8b112ee32fad9d07fa4b1c3406143c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 12:00:45 +0100
Subject: [PATCH 107/166] add test for "deleted" API Key #106

---
 .../controllers/app_controller_test.exs         | 10 ++++++++++
 .../controllers/auth_controller_test.exs        | 17 +++++++++++++++--
 test/test_helper.exs                            |  8 ++++++--
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 0a0e856b..8a2f4152 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -25,11 +25,21 @@ defmodule AuthWeb.AppControllerTest do
   end
 
   describe "index" do
+    setup [:create_app]
+
     test "lists all apps", %{conn: conn} do
       conn = admin_login(conn)
       conn = get(conn, Routes.app_path(conn, :index))
       assert html_response(conn, 200) =~ "Apps"
     end
+
+    test "non-admin cannot see admin apps", %{conn: conn, app: app} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :index))
+      assert html_response(conn, 200) =~ "Apps"
+      # the non-admin cannot see the app created in setup:
+      assert not String.contains?(conn.resp_body, app.name)
+    end
   end
 
   describe "new app" do
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index e63c43d5..3c0ab1c4 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -61,13 +61,26 @@ defmodule AuthWeb.AuthControllerTest do
   test "get_client_secret(client_id, state) gets the secret for the given client_id" do
     {:ok, app} = Auth.App.create_app(@app_data)
     key = List.first(app.apikeys)
-
     state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
     secret = AuthWeb.AuthController.get_client_secret(key.client_id, state)
-
     assert secret == key.client_secret
   end
 
+  test "get_client_secret(client_id, state) for 'deleted' apikey (non-admin)" do
+    person = non_admin_person()
+    {:ok, app} = Auth.App.create_app(Map.merge(@app_data, %{"person_id" => person.id}))
+    key = List.first(app.apikeys)
+    Auth.Apikey.update_apikey(Map.delete(key, :app), %{status: 6})
+    state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
+    # Note: not sure what to assert here ... ¯\_(ツ)_/¯
+    # The API Key is "deleted" so it won't be found in the lookup
+    try do
+      AuthWeb.AuthController.get_client_secret(key.client_id, state)
+    rescue
+      e in BadMapError -> assert e == %BadMapError{term: nil}
+    end
+  end
+
   test "github_handler/2 github auth callback", %{conn: conn} do
     baseurl = AuthPlug.Helpers.get_baseurl_from_conn(conn)
 
diff --git a/test/test_helper.exs b/test/test_helper.exs
index 1f9a98e9..7a2ee5c7 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -22,12 +22,16 @@ defmodule AuthTest do
     AuthPlug.create_jwt_session(conn, data)
   end
 
-  def non_admin_login(conn) do
-    person = Auth.Person.upsert_person(%{
+  def non_admin_person() do
+    Auth.Person.upsert_person(%{
       email: "alex@gmail.com",
       auth_provider: "email",
       password: "thiswillbehashed"
     })
+  end
+
+  def non_admin_login(conn) do
+    person = non_admin_person()
 
     data = %{
       id: person.id,

From 8ec766965f9d6c9470fb77658fcb18c6b1bb97e6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 12:06:48 +0100
Subject: [PATCH 108/166] update test methods to put/delete instead of get for
 #99;

---
 test/auth_web/controllers/app_controller_test.exs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 8a2f4152..74462b10 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -115,7 +115,7 @@ defmodule AuthWeb.AppControllerTest do
 
     test "attempt UPDATE app you don't own > 404", %{conn: conn, app: app} do
       conn = non_admin_login(conn)
-      conn = get(conn, Routes.app_path(conn, :update, app))
+      conn = put(conn, Routes.app_path(conn, :update, app), app: @update_attrs)
       assert html_response(conn, 404) =~ "can't touch this."
     end
   end
@@ -135,7 +135,7 @@ defmodule AuthWeb.AppControllerTest do
 
     test "attempt DELETE app you don't own > 404", %{conn: conn, app: app} do
       conn = non_admin_login(conn)
-      conn = get(conn, Routes.app_path(conn, :delete, app))
+      conn = delete(conn, Routes.app_path(conn, :delete, app))
       assert html_response(conn, 404) =~ "can't touch this."
     end
   end

From 5a21c74592e545f249f517dba013a3fee3181e78 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 12:11:30 +0100
Subject: [PATCH 109/166] address code issues noted by @sourcelevel-bot in
 https://github.com/dwyl/auth/pull/85#pullrequestreview-485821477 for #104

---
 lib/auth/apikey.ex                         |  4 ++--
 lib/auth_web/controllers/app_controller.ex | 26 +++++++++++++---------
 priv/repo/seeds.exs                        |  2 ++
 test/auth/apikey_test.exs                  |  4 +---
 4 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 75d180b7..60cd77c0 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -19,14 +19,13 @@ defmodule Auth.Apikey do
     timestamps()
   end
 
-
   @doc """
   `encrypt_encode/1` does exactly what it's name suggests,
   AES Encrypts a string of plaintext and then Base58 encodes it.
   We encode it using Base58 so it's human-friendly (readable).
   """
   def encrypt_encode(plaintext) do
-    Fields.AES.encrypt(plaintext) |> Base58.encode()
+    plaintext |> Fields.AES.encrypt() |> Base58.encode()
   end
 
   @doc """
@@ -69,6 +68,7 @@ defmodule Auth.Apikey do
       "status" => 3,
       "app" => app
     }
+
     %Apikey{}
     |> Apikey.changeset(attrs)
     |> Repo.insert()
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 99e81b1b..2239a8f8 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -3,11 +3,13 @@ defmodule AuthWeb.AppController do
   alias Auth.App
 
   def index(conn, _params) do
-    apps = if conn.assigns.person.id == 1 do
-      App.list_apps()
-    else
-      App.list_apps(conn.assigns.person.id)
-    end
+    apps =
+      if conn.assigns.person.id == 1 do
+        App.list_apps()
+      else
+        App.list_apps(conn.assigns.person.id)
+      end
+
     render(conn, "index.html", apps: apps)
   end
 
@@ -18,10 +20,12 @@ defmodule AuthWeb.AppController do
 
   def create(conn, %{"app" => app_params}) do
     # IO.inspect(app_params, label: "app_params:16")
-    attrs = Map.merge(app_params, %{
-    "person_id" => conn.assigns.person.id,
-    "status" => 3
-    })
+    attrs =
+      Map.merge(app_params, %{
+        "person_id" => conn.assigns.person.id,
+        "status" => 3
+      })
+
     case App.create_app(attrs) do
       {:ok, app} ->
         # IO.inspect(app, label: "app:23")
@@ -76,6 +80,7 @@ defmodule AuthWeb.AppController do
 
   def delete(conn, %{"id" => id}) do
     app = App.get_app!(id)
+
     if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
       AuthWeb.AuthController.not_found(conn, "can't touch this.")
     else
@@ -92,6 +97,7 @@ defmodule AuthWeb.AppController do
   """
   def resetapikey(conn, %{"id" => id}) do
     app = App.get_app!(id)
+
     if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
       AuthWeb.AuthController.not_found(conn, "can't touch this.")
     else
@@ -111,6 +117,4 @@ defmodule AuthWeb.AppController do
       |> render("show.html", app: App.get_app!(id))
     end
   end
-
-
 end
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index ee2bd031..2946e7a4 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -112,6 +112,7 @@ defmodule SeedData do
 
   def create_default_roles do
     json = get_json("/priv/repo/default_roles.json")
+
     Enum.each(json, fn role ->
       Role.create_role(role)
     end)
@@ -119,6 +120,7 @@ defmodule SeedData do
 
   def insert_statuses do
     json = get_json("/priv/repo/statuses.json")
+
     Enum.each(json, fn s ->
       Status.upsert_status(s)
     end)
diff --git a/test/auth/apikey_test.exs b/test/auth/apikey_test.exs
index c4361a80..bcab3c53 100644
--- a/test/auth/apikey_test.exs
+++ b/test/auth/apikey_test.exs
@@ -53,9 +53,7 @@ defmodule Auth.ApikeyTest do
 
     property "Check a batch of int values can be decoded decode_decrypt/1" do
       check all(int <- integer()) do
-        assert Auth.Apikey.decode_decrypt(
-                 Auth.Apikey.encrypt_encode(int)
-               ) == int
+        assert Auth.Apikey.decode_decrypt(Auth.Apikey.encrypt_encode(int)) == int
       end
     end
   end

From cb45d3805e12bf962a088fc22402832d7aa07614 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 10 Sep 2020 12:38:29 +0100
Subject: [PATCH 110/166] update faulty logic for restricted apps resources #99

---
 lib/auth_web/controllers/app_controller.ex | 26 ++++++++++++----------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 2239a8f8..ec09ed22 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -40,11 +40,13 @@ defmodule AuthWeb.AppController do
 
   def show(conn, %{"id" => id}) do
     app = App.get_app!(id)
+    # IO.inspect(app, label: "app:43")
+    # IO.inspect(conn.assigns.person, label: "conn.assigns.person:44")
     #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
-    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
-      AuthWeb.AuthController.not_found(conn, "can't touch this.")
-    else
+    if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       render(conn, "show.html", app: app)
+    else
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
     end
   end
 
@@ -52,20 +54,18 @@ defmodule AuthWeb.AppController do
     # IO.inspect(id, label: "edit id:36")
     app = App.get_app!(id)
     #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
-    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
-      AuthWeb.AuthController.not_found(conn, "can't touch this.")
-    else
+    if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       changeset = App.change_app(app)
       render(conn, "edit.html", app: app, changeset: changeset)
+    else
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
     end
   end
 
   def update(conn, %{"id" => id, "app" => app_params}) do
     app = App.get_app!(id)
     #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
-    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
-      AuthWeb.AuthController.not_found(conn, "can't touch this.")
-    else
+    if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       case App.update_app(app, app_params) do
         {:ok, app} ->
           conn
@@ -75,20 +75,22 @@ defmodule AuthWeb.AppController do
         {:error, %Ecto.Changeset{} = changeset} ->
           render(conn, "edit.html", app: app, changeset: changeset)
       end
+    else
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
     end
   end
 
   def delete(conn, %{"id" => id}) do
     app = App.get_app!(id)
 
-    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
-      AuthWeb.AuthController.not_found(conn, "can't touch this.")
-    else
+    if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       {:ok, _app} = App.delete_app(app)
 
       conn
       |> put_flash(:info, "App deleted successfully.")
       |> redirect(to: Routes.app_path(conn, :index))
+    else
+      AuthWeb.AuthController.not_found(conn, "can't touch this.")
     end
   end
 

From bebb9398fe55454622720b0190066f01a7464b11 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 11 Sep 2020 13:14:52 +0100
Subject: [PATCH 111/166] add :app_id field to :roles schema. tests still pass
 #108

---
 lib/auth/role.ex                                     |  1 +
 lib/auth_web/controllers/app_controller.ex           |  7 +++----
 priv/repo/migrations/20200722175850_create_roles.exs |  2 ++
 priv/repo/seeds.exs                                  | 11 +++++------
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 951f1369..71d2c04b 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -13,6 +13,7 @@ defmodule Auth.Role do
     field :desc, :string
     field :name, :string
     field :person_id, :id
+    field :app_id, :id
     # many_to_many :roles, Auth.Role, join_through: Auth.PeopleRoles
 
     timestamps()
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index ec09ed22..5a066474 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -5,6 +5,7 @@ defmodule AuthWeb.AppController do
   def index(conn, _params) do
     apps =
       if conn.assigns.person.id == 1 do
+        # IO.inspect(conn.assigns.person, label: "conn.assigns.person")
         App.list_apps()
       else
         App.list_apps(conn.assigns.person.id)
@@ -40,8 +41,6 @@ defmodule AuthWeb.AppController do
 
   def show(conn, %{"id" => id}) do
     app = App.get_app!(id)
-    # IO.inspect(app, label: "app:43")
-    # IO.inspect(conn.assigns.person, label: "conn.assigns.person:44")
     #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
     if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       render(conn, "show.html", app: app)
@@ -53,7 +52,7 @@ defmodule AuthWeb.AppController do
   def edit(conn, %{"id" => id}) do
     # IO.inspect(id, label: "edit id:36")
     app = App.get_app!(id)
-    #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
+    #  restrict editing to owner||admin https://github.com/dwyl/auth/issues/99
     if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       changeset = App.change_app(app)
       render(conn, "edit.html", app: app, changeset: changeset)
@@ -64,7 +63,7 @@ defmodule AuthWeb.AppController do
 
   def update(conn, %{"id" => id, "app" => app_params}) do
     app = App.get_app!(id)
-    #  restrict viewership to owner||admin https://github.com/dwyl/auth/issues/99
+    #  restrict updating to owner||admin https://github.com/dwyl/auth/issues/99
     if conn.assigns.person.id == app.person_id || conn.assigns.person.id == 1 do
       case App.update_app(app, app_params) do
         {:ok, app} ->
diff --git a/priv/repo/migrations/20200722175850_create_roles.exs b/priv/repo/migrations/20200722175850_create_roles.exs
index c393b64d..1586d0be 100644
--- a/priv/repo/migrations/20200722175850_create_roles.exs
+++ b/priv/repo/migrations/20200722175850_create_roles.exs
@@ -6,10 +6,12 @@ defmodule Auth.Repo.Migrations.CreateRoles do
       add :name, :string
       add :desc, :string
       add :person_id, references(:people, on_delete: :nothing)
+      add :app_id, references(:apps, on_delete: :nothing)
 
       timestamps()
     end
 
     create index(:roles, [:person_id])
+    create index(:roles, [:app_id])
   end
 end
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 2946e7a4..7fd72a56 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -111,17 +111,13 @@ defmodule SeedData do
   end
 
   def create_default_roles do
-    json = get_json("/priv/repo/default_roles.json")
-
-    Enum.each(json, fn role ->
+    Enum.each(get_json("/priv/repo/default_roles.json"), fn role ->
       Role.create_role(role)
     end)
   end
 
   def insert_statuses do
-    json = get_json("/priv/repo/statuses.json")
-
-    Enum.each(json, fn s ->
+    Enum.each(get_json("/priv/repo/statuses.json"), fn s ->
       Status.upsert_status(s)
     end)
   end
@@ -132,6 +128,9 @@ SeedData.insert_statuses()
 Auth.Seeds.create_admin()
 |> Auth.Seeds.create_apikey_for_admin()
 
+# Update status of Admin to "Verified"
+Auth.Person.verify_person_by_id(1)
+
 SeedData.create_default_roles()
 # grant superadmin role to app owner:
 Auth.PeopleRoles.insert(1, 1, 1)

From 930ad6eb21f97ce90c80ae1d9d664a4b0165b0e8 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 11 Sep 2020 15:48:09 +0100
Subject: [PATCH 112/166] add app <select> to New Role form (and update tests)
 https://github.com/dwyl/auth/issues/108#issuecomment-691134591

---
 lib/auth/role.ex                              |  2 +-
 lib/auth_web/controllers/people_controller.ex |  2 +-
 lib/auth_web/controllers/role_controller.ex   | 19 +++++++--
 lib/auth_web/templates/role/form.html.eex     | 13 ++++--
 lib/auth_web/templates/role/index.html.eex    | 40 +++++++++++++------
 lib/auth_web/templates/role/new.html.eex      |  9 ++++-
 lib/auth_web/views/role_view.ex               |  8 ++++
 .../controllers/people_controller_test.exs    |  4 +-
 .../controllers/role_controller_test.exs      |  2 +-
 9 files changed, 73 insertions(+), 26 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 71d2c04b..c428ad2d 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -22,7 +22,7 @@ defmodule Auth.Role do
   @doc false
   def changeset(role, attrs) do
     role
-    |> cast(attrs, [:name, :desc, :person_id])
+    |> cast(attrs, [:name, :desc, :person_id, :app_id])
     |> validate_required([:name, :desc])
   end
 
diff --git a/lib/auth_web/controllers/people_controller.ex b/lib/auth_web/controllers/people_controller.ex
index 1a7dc42e..cae13949 100644
--- a/lib/auth_web/controllers/people_controller.ex
+++ b/lib/auth_web/controllers/people_controller.ex
@@ -18,7 +18,7 @@ defmodule AuthWeb.PeopleController do
 
       # Note: this can easily be refactored to save on DB queries. #HelpWanted
     else
-      AuthWeb.AuthController.unauthorized(conn)
+      AuthWeb.AuthController.not_found(conn, "Only admins can see people ... for now!")
     end
   end
 
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 0271f048..b8270cc0 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -9,9 +9,17 @@ defmodule AuthWeb.RoleController do
     render(conn, "index.html", roles: roles)
   end
 
+  defp list_apps(person_id) do
+    case person_id == 1 do
+      true -> Auth.App.list_apps()
+      false -> Auth.App.list_apps(person_id)
+    end
+  end
+
   def new(conn, _params) do
     changeset = Role.change_role(%Role{})
-    render(conn, "new.html", changeset: changeset)
+    apps = list_apps(conn.assigns.person.id)
+    render(conn, "new.html", changeset: changeset, apps: apps)
   end
 
   def create(conn, %{"role" => role_params}) do
@@ -22,7 +30,8 @@ defmodule AuthWeb.RoleController do
         |> redirect(to: Routes.role_path(conn, :show, role))
 
       {:error, %Ecto.Changeset{} = changeset} ->
-        render(conn, "new.html", changeset: changeset)
+        apps = list_apps(conn.assigns.person.id)
+        render(conn, "new.html", changeset: changeset, apps: apps)
     end
   end
 
@@ -34,7 +43,8 @@ defmodule AuthWeb.RoleController do
   def edit(conn, %{"id" => id}) do
     role = Role.get_role!(id)
     changeset = Role.change_role(role)
-    render(conn, "edit.html", role: role, changeset: changeset)
+    apps = list_apps(conn.assigns.person.id)
+    render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
   end
 
   def update(conn, %{"id" => id, "role" => role_params}) do
@@ -47,7 +57,8 @@ defmodule AuthWeb.RoleController do
         |> redirect(to: Routes.role_path(conn, :show, role))
 
       {:error, %Ecto.Changeset{} = changeset} ->
-        render(conn, "edit.html", role: role, changeset: changeset)
+        apps = list_apps(conn.assigns.person.id)
+        render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
     end
   end
 
diff --git a/lib/auth_web/templates/role/form.html.eex b/lib/auth_web/templates/role/form.html.eex
index 1339ceb1..a3972100 100644
--- a/lib/auth_web/templates/role/form.html.eex
+++ b/lib/auth_web/templates/role/form.html.eex
@@ -6,14 +6,21 @@
   <% end %>
 
   <%= label f, :name %>
-  <%= text_input f, :name %>
+  <%= text_input f, :name, class: "db w-100 mt2 pa2 mb2 ba b--dark-grey" %>
   <%= error_tag f, :name %>
 
   <%= label f, :desc %>
-  <%= text_input f, :desc %>
+  <%= text_input f, :desc, class: "db w-100 mt2 pa2 mb2 ba b--dark-grey" %>
   <%= error_tag f, :desc %>
 
+  <%= label f, :app_id %>
+  <%= select f, :app_id, Enum.map(@apps, &{&1.name, &1.id}), 
+  class: "w-100 f3 pa2 mt2 mb2 bg-white b--black-20"%>
+  <%= error_tag f, :app_id %>
+
   <div>
-    <%= submit "Save" %>
+    <%= submit "Save", 
+    class: "fr pointer br2 ba b--dark-green bg-green white pv2 ph3 ml1 mv1 f4
+    shadow-hover bg-animate hover-bg-dark-green border-box no-underline" %>
   </div>
 <% end %>
diff --git a/lib/auth_web/templates/role/index.html.eex b/lib/auth_web/templates/role/index.html.eex
index 4920d942..ebc2a3c4 100644
--- a/lib/auth_web/templates/role/index.html.eex
+++ b/lib/auth_web/templates/role/index.html.eex
@@ -1,28 +1,42 @@
-<h1>Listing Roles</h1>
+<h1 class="tc">Listing Roles</h1>
 
-<table>
+<table class="center w-90 mh2 f4">
   <thead>
     <tr>
-      <th>Name</th>
-      <th>Desc</th>
-
+      <th class="fw6 bb b--black-20 tl pb3 pr3">id</th>
+      <th class="fw6 bb b--black-20 tl pb3 pr3">Name</th>
+      <th class="fw6 bb b--black-20 tl pb3 pr3">Description</th>
+      <th class="fw6 bb b--black-20 tc pb3 pr3 w-10">app id</th>
+      <th class="fw6 bb b--black-20 tl pb3 pr3"><!-- Controls --></th>
       <th></th>
     </tr>
   </thead>
   <tbody>
 <%= for role <- @roles do %>
     <tr>
-      <td><%= role.name %></td>
-      <td><%= role.desc %></td>
-
-      <td>
-        <span><%= link "Show", to: Routes.role_path(@conn, :show, role) %></span>
-        <span><%= link "Edit", to: Routes.role_path(@conn, :edit, role) %></span>
-        <span><%= link "Delete", to: Routes.role_path(@conn, :delete, role), method: :delete, data: [confirm: "Are you sure?"] %></span>
+      <td class="bb b--black-20 pa2"><%= role.id %></td>
+      <td class="bb b--black-20 pa2"><%= role.name %></td>
+      <td class="bb b--black-20 w-50 pa2"><%= role.desc %></td>
+      <td class="bb b--black-20 pa2 no-underline tc"><%= raw app_link(role.app_id) %></td>
+      <td class="bb b--black-20 w-30">
+        <span><%= link "Show", to: Routes.role_path(@conn, :show, role), 
+                  class: "pointer br2 ba b--dark-blue bg-blue white pa1 ml1 mv1 f4
+                  bg-animate hover-bg-dark-blue border-box no-underline" %></span>
+        <span><%= link "Edit", to: Routes.role_path(@conn, :edit, role), 
+                  class: "pointer br2 ba b--orange bg-gold white pa1 ml1 mv1 f4
+                  bg-animate hover-bg-orange border-box no-underline" %></span>
+        <span><%= link "Delete", to: Routes.role_path(@conn, :delete, role), method: :delete, 
+                  data: [confirm: "Are you sure you want to delete this role?"],
+                  class: "pointer br2 ba b--dark-red bg-red white pa1 ml1 mv1 f4
+                            bg-animate hover-bg-dark-red border-box no-underline" %></span>
       </td>
     </tr>
 <% end %>
   </tbody>
 </table>
 
-<span><%= link "New Role", to: Routes.role_path(@conn, :new) %></span>
+<span class="mt3">
+<%= link "New Role", to: Routes.role_path(@conn, :new), 
+  class: "pointer br2 ba b--dark-green bg-green white pa3 fr mr5 mv1 f3
+  shadow-hover bg-animate hover-bg-dark-green border-box no-underline" %>
+</span>
diff --git a/lib/auth_web/templates/role/new.html.eex b/lib/auth_web/templates/role/new.html.eex
index 79e26f37..0375ff30 100644
--- a/lib/auth_web/templates/role/new.html.eex
+++ b/lib/auth_web/templates/role/new.html.eex
@@ -1,5 +1,12 @@
+<div class="f3 w-70 center">
 <h1>New Role</h1>
 
 <%= render "form.html", Map.put(assigns, :action, Routes.role_path(@conn, :create)) %>
 
-<span><%= link "Back", to: Routes.role_path(@conn, :index) %></span>
+<span><%= link "< Back", to: Routes.role_path(@conn, :index),
+  class: "fl pointer br2 ba b--orange bg-gold white pv2 ph3 f4 mt1
+  shadow-hover bg-animate hover-bg-orange border-box no-underline",
+  data:
+   [confirm: "Are you sure you want to disguard this form?
+    (The data cannot be recovered!)"] %></span>
+</div>
\ No newline at end of file
diff --git a/lib/auth_web/views/role_view.ex b/lib/auth_web/views/role_view.ex
index 1aff1f86..be6f865f 100644
--- a/lib/auth_web/views/role_view.ex
+++ b/lib/auth_web/views/role_view.ex
@@ -1,3 +1,11 @@
 defmodule AuthWeb.RoleView do
   use AuthWeb, :view
+
+
+  def app_link(app_id) do
+    case is_nil(app_id) do
+      true -> "all"
+      false -> "<a href='/apps/#{app_id}'> #{app_id} </a>"
+    end
+  end
 end
diff --git a/test/auth_web/controllers/people_controller_test.exs b/test/auth_web/controllers/people_controller_test.exs
index 95e27a1f..cf720348 100644
--- a/test/auth_web/controllers/people_controller_test.exs
+++ b/test/auth_web/controllers/people_controller_test.exs
@@ -12,7 +12,7 @@ defmodule AuthWeb.PeopleControllerTest do
     assert conn.status == 302
   end
 
-  test "Attempt to GET /people without admin role should 401", %{conn: conn} do
+  test "Attempt to GET /people without admin role should 404", %{conn: conn} do
     wrong_person_data = %{
       email: "not_admin@gmail.com",
       auth_provider: "email",
@@ -23,7 +23,7 @@ defmodule AuthWeb.PeopleControllerTest do
     conn = AuthPlug.create_jwt_session(conn, wrong_person_data)
 
     conn = get(conn, "/people")
-    assert conn.status == 401
+    assert conn.status == 404
   end
 
   test "GET /people/:person_id displays person", %{conn: conn} do
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index acb32cf7..0e4f5e33 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -3,7 +3,7 @@ defmodule AuthWeb.RoleControllerTest do
 
   alias Auth.Role
 
-  @create_attrs %{desc: "some desc", name: "some name"}
+  @create_attrs %{desc: "some desc", name: "some name", app_id: 1}
   @update_attrs %{desc: "some updated desc", name: "some updated name"}
   @invalid_attrs %{desc: nil, name: nil}
 

From b56b84036634202b776079c0dfb37b4b0194191d Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 11 Sep 2020 15:53:07 +0100
Subject: [PATCH 113/166] =?UTF-8?q?add=20tests=20for=20=F0=9F=92=AF=20#108?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 test/auth_web/controllers/role_controller_test.exs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 0e4f5e33..24867a06 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -18,6 +18,13 @@ defmodule AuthWeb.RoleControllerTest do
       conn = get(conn, Routes.role_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Roles"
     end
+
+    test "non-admin can see all system and owned roles", %{conn: conn} do
+      conn = non_admin_login(conn)
+      conn = post(conn, Routes.role_path(conn, :create), role: @create_attrs)
+      conn = get(conn, Routes.role_path(conn, :index))
+      assert html_response(conn, 200) =~ "Listing Roles"
+    end
   end
 
   describe "new role" do
@@ -26,6 +33,12 @@ defmodule AuthWeb.RoleControllerTest do
       conn = get(conn, Routes.role_path(conn, :new))
       assert html_response(conn, 200) =~ "New Role"
     end
+
+    test "non-admin person create role", %{conn: conn} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.role_path(conn, :new))
+      assert html_response(conn, 200) =~ "New Role"
+    end
   end
 
   describe "create role" do

From ec389abeb13f14548f0e0e1f3a1f03bfe097d837 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Fri, 11 Sep 2020 16:26:06 +0100
Subject: [PATCH 114/166] =?UTF-8?q?=F0=9F=92=84=20improve=20layout=20of=20?=
 =?UTF-8?q?show=20+=20edit=20for=20roles=20https://github.com/dwyl/auth/is?=
 =?UTF-8?q?sues/108#issuecomment-691161411?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/auth_web/templates/app/edit.html.eex      |  5 ++-
 lib/auth_web/templates/app/show.html.eex      |  4 +--
 lib/auth_web/templates/role/edit.html.eex     |  8 +++--
 lib/auth_web/templates/role/show.html.eex     | 36 ++++++++++++-------
 lib/auth_web/views/role_view.ex               |  1 -
 .../controllers/role_controller_test.exs      |  2 +-
 6 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/lib/auth_web/templates/app/edit.html.eex b/lib/auth_web/templates/app/edit.html.eex
index 7358a21d..d81cd11d 100644
--- a/lib/auth_web/templates/app/edit.html.eex
+++ b/lib/auth_web/templates/app/edit.html.eex
@@ -1,8 +1,7 @@
 <div class="f3 w-60 center">
-<h1>Edit App</h1>
-
-<%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :update, @app)) %>
+  <h1>Edit App</h1>
 
+  <%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :update, @app)) %>
 
   <span><%= link "< All Apps", to: Routes.app_path(@conn, :index),
   class: "fl pointer br2 ba b--orange bg-gold white pa3 f4 mt3
diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index 4c73ffca..ae3dde00 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -1,8 +1,6 @@
 <div class="f3 w-70 center">
   <h1 class="tc">Your App</h1>
-
-
-
+  
   <p>
     <strong>Name:</strong>
     <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
diff --git a/lib/auth_web/templates/role/edit.html.eex b/lib/auth_web/templates/role/edit.html.eex
index f5527cf7..08c3e1fd 100644
--- a/lib/auth_web/templates/role/edit.html.eex
+++ b/lib/auth_web/templates/role/edit.html.eex
@@ -1,5 +1,9 @@
-<h1>Edit Role</h1>
+<div class="f3 w-60 center">
+<h1 class="tc">Edit Role</h1>
 
 <%= render "form.html", Map.put(assigns, :action, Routes.role_path(@conn, :update, @role)) %>
 
-<span><%= link "Back", to: Routes.role_path(@conn, :index) %></span>
+<span><%= link "< Cancel Edit", to: Routes.role_path(@conn, :index), 
+  class: "fl pointer br2 ba b--orange bg-gold white pv2 ph3 f4 mt1
+  shadow-hover bg-animate hover-bg-orange border-box no-underline" %></span>
+<div>
\ No newline at end of file
diff --git a/lib/auth_web/templates/role/show.html.eex b/lib/auth_web/templates/role/show.html.eex
index 98f82c6e..48c0cdb5 100644
--- a/lib/auth_web/templates/role/show.html.eex
+++ b/lib/auth_web/templates/role/show.html.eex
@@ -1,18 +1,28 @@
-<h1>Show Role</h1>
+<div class="f3 w-70 center">
+  <h1 class="tc">Role</h1>
 
-<ul>
+  <ul>
 
-  <li>
-    <strong>Name:</strong>
-    <%= @role.name %>
-  </li>
+    <p>
+      <strong>Name:</strong>
+      <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
+        <%= @role.name %>
+      </span>
+    </p>
 
-  <li>
-    <strong>Desc:</strong>
-    <%= @role.desc %>
-  </li>
+    <p>
+      <strong>Description:</strong>
+      <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
+        <%= @role.desc %>
+      </span>
+    </p>
 
-</ul>
+  </ul>
 
-<span><%= link "Edit", to: Routes.role_path(@conn, :edit, @role) %></span>
-<span><%= link "Back", to: Routes.role_path(@conn, :index) %></span>
+  <span><%= link "< All Roles", to: Routes.role_path(@conn, :index),
+   class: "fl pointer br2 ba b--dark-blue bg-blue white pa3 ml1 mv1 f4
+  shadow-hover bg-animate hover-bg-dark-blue border-box no-underline" %></span>
+  <span><%= link "Edit", to: Routes.role_path(@conn, :edit, @role),
+  class: "fr pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
+  shadow-hover bg-animate hover-bg-dark-green border-box no-underline" %></span>
+</div>
\ No newline at end of file
diff --git a/lib/auth_web/views/role_view.ex b/lib/auth_web/views/role_view.ex
index be6f865f..30860687 100644
--- a/lib/auth_web/views/role_view.ex
+++ b/lib/auth_web/views/role_view.ex
@@ -1,7 +1,6 @@
 defmodule AuthWeb.RoleView do
   use AuthWeb, :view
 
-
   def app_link(app_id) do
     case is_nil(app_id) do
       true -> "all"
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 24867a06..0b25158a 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -50,7 +50,7 @@ defmodule AuthWeb.RoleControllerTest do
       assert redirected_to(conn) == Routes.role_path(conn, :show, id)
 
       conn = get(conn, Routes.role_path(conn, :show, id))
-      assert html_response(conn, 200) =~ "Show Role"
+      assert html_response(conn, 200) =~ @create_attrs.name
     end
 
     test "renders errors when data is invalid", %{conn: conn} do

From 59560c0ac10ab2e1536053cae49abc11e9a122f6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 07:12:13 +0100
Subject: [PATCH 115/166] create upsert_role/1 proxy function #95

---
 lib/auth/role.ex                             | 24 ++++++++++++++++++++
 lib/auth_web/controllers/app_controller.ex   |  3 +--
 lib/auth_web/templates/auth/welcome.html.eex |  2 ++
 priv/repo/default_roles.json                 |  7 ++++++
 priv/repo/seeds.exs                          |  4 ++--
 test/auth/role_test.exs                      | 19 ++++++++++++++++
 6 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index c428ad2d..29f92e9a 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -91,6 +91,30 @@ defmodule Auth.Role do
     |> Repo.update()
   end
 
+  def upsert_role(role) do
+    id = Map.get(role, :id)
+    # if the role Map has no "id" field its not a DB record
+    if is_nil(id) do
+      create_role(role)
+    else
+      case Repo.get_by(__MODULE__, id: id) do
+        # record does not exist so create it:
+        nil ->
+          create_role(role)
+
+        # record exists, lets update it:
+        existing_role ->
+          update_role(existing_role, strip_meta(role))
+      end
+    end
+  end
+
+  defp strip_meta(struct) do
+    struct
+    |> Map.delete(:__meta__)
+    |> Map.delete(:__struct__)
+  end
+
   @doc """
   Deletes a role.
 
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 5a066474..9483dafb 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -98,8 +98,7 @@ defmodule AuthWeb.AppController do
   """
   def resetapikey(conn, %{"id" => id}) do
     app = App.get_app!(id)
-
-    if conn.assigns.person.id != app.person_id || conn.assigns.person.id !== 1 do
+    if conn.assigns.person.id != app.person_id && conn.assigns.person.id != 1 do
       AuthWeb.AuthController.not_found(conn, "can't touch this.")
     else
       Enum.each(app.apikeys, fn k ->
diff --git a/lib/auth_web/templates/auth/welcome.html.eex b/lib/auth_web/templates/auth/welcome.html.eex
index 64b149a4..8259a390 100644
--- a/lib/auth_web/templates/auth/welcome.html.eex
+++ b/lib/auth_web/templates/auth/welcome.html.eex
@@ -13,4 +13,6 @@
   shadow-hover bg-animate hover-dwyl-teal-darkest no-underline">
   Manage Apps
   </a>
+
+  <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/otCpCn0l4Wo?start=15" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
 </section>
diff --git a/priv/repo/default_roles.json b/priv/repo/default_roles.json
index 0bbcadae..96ba103d 100644
--- a/priv/repo/default_roles.json
+++ b/priv/repo/default_roles.json
@@ -47,5 +47,12 @@
     "person_id": "1",
     "id": "7",
     "permissions": "view_content, view_profile, delete_own_content, delete_own_profile"
+  },
+  {
+    "name": "app_admin", 
+    "desc": "Can manage their own App(s).", 
+    "person_id": "1",
+    "id": "8",
+    "permissions": "manage_apps, create_content, upload_images, edit_own_content, delete_own_content, invite_people"
   }
 ]
\ No newline at end of file
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 7fd72a56..9c71eaaf 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -117,8 +117,8 @@ defmodule SeedData do
   end
 
   def insert_statuses do
-    Enum.each(get_json("/priv/repo/statuses.json"), fn s ->
-      Status.upsert_status(s)
+    Enum.each(get_json("/priv/repo/statuses.json"), fn status ->
+      Status.upsert_status(status)
     end)
   end
 end
diff --git a/test/auth/role_test.exs b/test/auth/role_test.exs
index bc7e2266..ae2e4bb4 100644
--- a/test/auth/role_test.exs
+++ b/test/auth/role_test.exs
@@ -61,6 +61,25 @@ defmodule Auth.RoleTest do
       role = role_fixture()
       assert %Ecto.Changeset{} = Role.change_role(role)
     end
+
+    test "upsert_role/1 inserts or updates a role" do
+      # role without :id -> create_role
+      assert {:ok, %Role{} = role} = Role.upsert_role(@valid_attrs)
+      assert role.desc == "some desc"
+      assert role.name == "some name"
+
+      # existing role with id -> update_role
+      updated_role = Map.merge(role, @update_attrs)
+      assert {:ok, %Role{} = role} = Role.upsert_role(updated_role)
+      assert role.desc == "some updated desc"
+      assert role.name == "some updated name"
+
+      # attempt to "upsert" a role that does not exist:
+      non_existent_role = %{name: "hello", desc: "world", id: 1492}
+      assert {:ok, %Role{} = role} = Role.upsert_role(non_existent_role)
+      assert role.name == "hello"
+      assert role.id != non_existent_role.id
+    end
   end
 
   describe "permissions" do

From 063e3624eabf9ac5fd4230bbe84cc42627067471 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 07:13:03 +0100
Subject: [PATCH 116/166] use Role.upsert_role/1 in seeds.exs #95

---
 priv/repo/seeds.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 9c71eaaf..fa81debb 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -112,7 +112,7 @@ defmodule SeedData do
 
   def create_default_roles do
     Enum.each(get_json("/priv/repo/default_roles.json"), fn role ->
-      Role.create_role(role)
+      Role.upsert_role(role)
     end)
   end
 

From 64c88e802a8b222057fe77a62c2b2acf15f241a2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 07:34:52 +0100
Subject: [PATCH 117/166] add app.id and app.person_id (both hyperlinked) to
 apps index template #95

---
 lib/auth_web/templates/app/index.html.eex    | 4 ++++
 lib/auth_web/templates/auth/welcome.html.eex | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/auth_web/templates/app/index.html.eex b/lib/auth_web/templates/app/index.html.eex
index 570131a1..8cab2589 100644
--- a/lib/auth_web/templates/app/index.html.eex
+++ b/lib/auth_web/templates/app/index.html.eex
@@ -3,6 +3,8 @@
   <table class="w-100 f3">
     <thead>
       <tr class="f3">
+        <th>id</th>
+         <th>Owner</th>
         <th>Name</th>
         <th>Description</th>
         <th>Url</th>
@@ -11,6 +13,8 @@
   <tbody>
 <%= for app <- @apps do %>
     <tr>
+      <td><a href="/apps/<%= app.id %>" class="no-underline blue"><%= app.id %></a></td>
+      <td><a href="/people/<%= app.person_id %>" class="no-underline blue"><%= app.person_id %></a></td>
       <td><%= app.name %></td>
       <td><%= app.desc %></td>
       <td><%= app.url %></td>
diff --git a/lib/auth_web/templates/auth/welcome.html.eex b/lib/auth_web/templates/auth/welcome.html.eex
index 8259a390..f1b93fd2 100644
--- a/lib/auth_web/templates/auth/welcome.html.eex
+++ b/lib/auth_web/templates/auth/welcome.html.eex
@@ -14,5 +14,5 @@
   Manage Apps
   </a>
 
-  <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/otCpCn0l4Wo?start=15" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+  <!-- <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/otCpCn0l4Wo?start=15" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> -->
 </section>

From 93e7292ea25d0e0dc446b60392d9c81f1a3f6cd9 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 09:14:29 +0100
Subject: [PATCH 118/166] refactor apikey to use app_id instead of person_id
 fixes #111 for #95 https://youtu.be/MdAAuvodeWM

---
 lib/auth/apikey.ex                            | 16 +++++-----
 lib/auth_web/controllers/auth_controller.ex   | 31 +++++++++----------
 test/auth/apikey_test.exs                     | 28 +++--------------
 .../controllers/auth_controller_test.exs      | 12 ++++++-
 4 files changed, 38 insertions(+), 49 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 60cd77c0..46854a77 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -33,8 +33,8 @@ defmodule Auth.Apikey do
   that is just two strings joined with a forwardslash ("/").
   This allows us to use a *single* environment variable.
   """
-  def create_api_key(person_id) do
-    encrypt_encode(person_id) <> "/" <> encrypt_encode(person_id)
+  def create_api_key(id) do
+    encrypt_encode(id) <> "/" <> encrypt_encode(id)
   end
 
   @doc """
@@ -56,14 +56,14 @@ defmodule Auth.Apikey do
 
   def changeset(apikey, attrs) do
     apikey
-    |> cast(attrs, [:client_id, :client_secret, :person_id, :status])
+    |> cast(attrs, [:client_id, :client_secret, :status, :person_id])
     |> put_assoc(:app, Map.get(attrs, "app"))
   end
 
   def create_apikey(app) do
     attrs = %{
-      "client_secret" => encrypt_encode(app.person_id),
-      "client_id" => encrypt_encode(app.person_id),
+      "client_secret" => encrypt_encode(app.id),
+      "client_id" => encrypt_encode(app.id),
       "person_id" => app.person_id,
       "status" => 3,
       "app" => app
@@ -74,12 +74,12 @@ defmodule Auth.Apikey do
     |> Repo.insert()
   end
 
-  def list_apikeys_for_person(person_id) do
+  def get_apikey_by_app_id(app_id) do
     from(
       a in __MODULE__,
-      where: a.person_id == ^person_id
+      where: a.app_id == ^app_id
     )
-    |> Repo.all()
+    |> Repo.one()
     |> Repo.preload(:app)
   end
 
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index bc42dfc6..00e8ef98 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -190,7 +190,7 @@ defmodule AuthWeb.AuthController do
     |> halt()
   end
 
-  # refactor this to render a template with a nice layout?
+  # refactor this to render a template with a nice layout? #HelpWanted
   def not_found(conn, message) do
     conn
     |> put_resp_content_type("text/html")
@@ -421,24 +421,23 @@ defmodule AuthWeb.AuthController do
   end
 
   def get_client_secret(client_id, state) do
-    person_id = Auth.Apikey.decode_decrypt(client_id)
-    # decode_decrypt fails with state 0
-    if person_id == 0 do
+    app_id = Auth.Apikey.decode_decrypt(client_id)
+    # decode_decrypt fails with 0:
+    if app_id == 0 do
       0
     else
-      apikeys = Auth.Apikey.list_apikeys_for_person(person_id)
+      apikey = Auth.Apikey.get_apikey_by_app_id(app_id)
 
-      Enum.filter(apikeys, fn k ->
-        # if the API Key belongs to Super Admin, don't check URL as it's the "setup key":
-        if person_id == 1 do
-          k.client_id == client_id
-        else
-          # check url matches the state for all other keys:
-          k.client_id == client_id and state =~ k.app.url and k.status != 6
-        end
-      end)
-      |> List.first()
-      |> Map.get(:client_secret)
+      cond do
+        apikey.app.person_id == 1 ->
+          apikey.client_secret
+
+        # all other keys require matching the app url and status to not be "deleted":
+        apikey.client_id == client_id && state =~ apikey.app.url && apikey.status != 6 ->
+          apikey.client_secret
+
+        true -> 0
+      end
     end
   end
 
diff --git a/test/auth/apikey_test.exs b/test/auth/apikey_test.exs
index bcab3c53..b0832a3b 100644
--- a/test/auth/apikey_test.exs
+++ b/test/auth/apikey_test.exs
@@ -1,9 +1,6 @@
 defmodule Auth.ApikeyTest do
   use Auth.DataCase
-  # use AuthWeb.ConnCase
   use ExUnitProperties
-  # alias Auth.Apikey
-  @email System.get_env("ADMIN_EMAIL")
 
   describe "Create an AUTH_API_KEY for a given person_id" do
     test "encrypt_encode/1 returns a base58 we can decrypt" do
@@ -27,11 +24,11 @@ defmodule Auth.ApikeyTest do
     end
 
     test "create_api_key/1 creates an AUTH_API_KEY" do
-      person_id = 123_456_789
-      key = Auth.Apikey.create_api_key(person_id)
+      app_id = 123_456_789
+      key = Auth.Apikey.create_api_key(app_id)
       assert key =~ "/"
-      # parts = String.split(key, "/")
-      # assert decode_decrypt(List.first(parts)) == person_id
+      parts = String.split(key, "/")
+      assert Auth.Apikey.decode_decrypt(List.first(parts)) == app_id
     end
 
     test "decrypt_api_key/1 decrypts an AUTH_API_KEY" do
@@ -57,21 +54,4 @@ defmodule Auth.ApikeyTest do
       end
     end
   end
-
-  test "list_apikeys_for_person/1 returns all apikeys person" do
-    person = Auth.Person.get_person_by_email(@email)
-
-    keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) == 1
-
-    # Insert Another App (And API Key):
-    Auth.App.create_app(%{
-      "name" => "My Amazing Key",
-      "url" => "http://localhost:400",
-      "person_id" => person.id
-    })
-
-    keys = Auth.Apikey.list_apikeys_for_person(person.id)
-    assert length(keys) == 2
-  end
 end
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 3c0ab1c4..21d6032d 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -66,12 +66,22 @@ defmodule AuthWeb.AuthControllerTest do
     assert secret == key.client_secret
   end
 
+  test "get_client_secret/2 for non_admin key" do
+    person = non_admin_person()
+    app_data = Map.merge(@app_data, %{ "person_id" => person.id})
+    {:ok, app} = Auth.App.create_app(app_data)
+    key = List.first(app.apikeys)
+    state = "#{app.url}/profile?auth_client_id=#{key.client_id}"
+    secret = AuthWeb.AuthController.get_client_secret(key.client_id, state)
+    assert secret == key.client_secret
+  end
+
   test "get_client_secret(client_id, state) for 'deleted' apikey (non-admin)" do
     person = non_admin_person()
     {:ok, app} = Auth.App.create_app(Map.merge(@app_data, %{"person_id" => person.id}))
     key = List.first(app.apikeys)
     Auth.Apikey.update_apikey(Map.delete(key, :app), %{status: 6})
-    state = "https://www.example.com/profile?auth_client_id=#{key.client_id}"
+    state = "#{app.url}/profile?auth_client_id=#{key.client_id}"
     # Note: not sure what to assert here ... ¯\_(ツ)_/¯
     # The API Key is "deleted" so it won't be found in the lookup
     try do

From d8b7e0f478804d2d13a2736f51ecbdd8eb13d98c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 09:16:34 +0100
Subject: [PATCH 119/166] mix format

---
 lib/auth_web/controllers/app_controller.ex         | 1 +
 lib/auth_web/controllers/auth_controller.ex        | 3 ++-
 test/auth_web/controllers/auth_controller_test.exs | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 9483dafb..d35cafb7 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -98,6 +98,7 @@ defmodule AuthWeb.AppController do
   """
   def resetapikey(conn, %{"id" => id}) do
     app = App.get_app!(id)
+
     if conn.assigns.person.id != app.person_id && conn.assigns.person.id != 1 do
       AuthWeb.AuthController.not_found(conn, "can't touch this.")
     else
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 00e8ef98..42a757ec 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -436,7 +436,8 @@ defmodule AuthWeb.AuthController do
         apikey.client_id == client_id && state =~ apikey.app.url && apikey.status != 6 ->
           apikey.client_secret
 
-        true -> 0
+        true ->
+          0
       end
     end
   end
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 21d6032d..08b7906d 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -68,7 +68,7 @@ defmodule AuthWeb.AuthControllerTest do
 
   test "get_client_secret/2 for non_admin key" do
     person = non_admin_person()
-    app_data = Map.merge(@app_data, %{ "person_id" => person.id})
+    app_data = Map.merge(@app_data, %{"person_id" => person.id})
     {:ok, app} = Auth.App.create_app(app_data)
     key = List.first(app.apikeys)
     state = "#{app.url}/profile?auth_client_id=#{key.client_id}"

From e5d8c5e19306f7c07c0856b12e175df99056810f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 10:37:31 +0100
Subject: [PATCH 120/166] require app before displaying /roles/new fixe #112

---
 lib/auth_web/controllers/app_controller.ex         |  8 ++++++++
 lib/auth_web/controllers/role_controller.ex        | 11 ++++++++++-
 lib/auth_web/router.ex                             |  2 +-
 test/auth_web/controllers/role_controller_test.exs | 13 +++++++++++++
 test/test_helper.exs                               |  3 ++-
 5 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index d35cafb7..74ab0b90 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -118,4 +118,12 @@ defmodule AuthWeb.AppController do
       |> render("show.html", app: App.get_app!(id))
     end
   end
+
+
+  # @doc """
+  # approles/2 Return the (JSON) List of Roles for a given App based on apikey.client_id
+  # """
+  # def approles(conn, %{"client_id" => client_id}) do
+
+  # end
 end
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index b8270cc0..4077ad81 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -19,7 +19,16 @@ defmodule AuthWeb.RoleController do
   def new(conn, _params) do
     changeset = Role.change_role(%Role{})
     apps = list_apps(conn.assigns.person.id)
-    render(conn, "new.html", changeset: changeset, apps: apps)
+    # Roles Ref/Require Apps: https://github.com/dwyl/auth/issues/112
+    # Check if the person already has apps:
+    if length(apps) > 0 do
+      render(conn, "new.html", changeset: changeset, apps: apps)
+    else
+      # No apps, instruct them to create an App before Role(s):
+      conn
+      |> put_flash(:info, "Please create an App before attempting to create Roles")
+      |> redirect(to: Routes.app_path(conn, :new))
+    end
   end
 
   def create(conn, %{"role" => role_params}) do
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 50df91e2..35d7896d 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -27,7 +27,7 @@ defmodule AuthWeb.Router do
     # get "/auth/password/new", AuthController, :password_input
     post "/auth/password/create", AuthController, :password_create
     post "/auth/password/verify", AuthController, :password_prompt
-
+    # get "/approles/:client_id", AppController, :approles
     # https://github.com/dwyl/ping
     get "/ping", PingController, :ping
   end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 0b25158a..d116409e 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -34,8 +34,21 @@ defmodule AuthWeb.RoleControllerTest do
       assert html_response(conn, 200) =~ "New Role"
     end
 
+    test "attempt to /roles/new without App redirects to /apps/new", %{conn: conn} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.role_path(conn, :new))
+      assert html_response(conn, 302) =~ "redirected"
+    end
+
     test "non-admin person create role", %{conn: conn} do
       conn = non_admin_login(conn)
+      {:ok, _app} = Auth.App.create_app(%{
+        "name" => "default system app",
+        "desc" => "Demo App",
+        "url" => "localhost:4000",
+        "person_id" => conn.assigns.person.id,
+        "status" => 3
+      })
       conn = get(conn, Routes.role_path(conn, :new))
       assert html_response(conn, 200) =~ "New Role"
     end
diff --git a/test/test_helper.exs b/test/test_helper.exs
index 7a2ee5c7..5dc978a9 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -23,8 +23,9 @@ defmodule AuthTest do
   end
 
   def non_admin_person() do
+    rand = :rand.uniform(1000000)
     Auth.Person.upsert_person(%{
-      email: "alex@gmail.com",
+      email: "alex+#{rand}@gmail.com",
       auth_provider: "email",
       password: "thiswillbehashed"
     })

From a199c9ecdadc0ef8404b2392623175483a52df4e Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 13:53:33 +0100
Subject: [PATCH 121/166] address sourcelevel issues noted in PR #85 #104

---
 lib/auth_web/controllers/app_controller.ex      |  1 -
 lib/auth_web/controllers/auth_controller.ex     |  2 ++
 priv/repo/default_roles.json                    |  2 +-
 .../controllers/auth_controller_test.exs        | 10 ++++++++++
 .../controllers/role_controller_test.exs        | 17 ++++++++++-------
 test/test_helper.exs                            |  4 +++-
 6 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 74ab0b90..140c9dd2 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -119,7 +119,6 @@ defmodule AuthWeb.AppController do
     end
   end
 
-
   # @doc """
   # approles/2 Return the (JSON) List of Roles for a given App based on apikey.client_id
   # """
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 42a757ec..f2e0332f 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -176,6 +176,8 @@ defmodule AuthWeb.AuthController do
 
       # display welcome page on Auth site:
       false ->
+        # Grant app_admin role to person who authenticated directly on auth app
+        # Auth.PeopleRoles.insert(1, person.id, 8)
         conn
         |> AuthPlug.create_jwt_session(person)
         |> render(:welcome, person: person)
diff --git a/priv/repo/default_roles.json b/priv/repo/default_roles.json
index 96ba103d..ba2e29c9 100644
--- a/priv/repo/default_roles.json
+++ b/priv/repo/default_roles.json
@@ -53,6 +53,6 @@
     "desc": "Can manage their own App(s).", 
     "person_id": "1",
     "id": "8",
-    "permissions": "manage_apps, create_content, upload_images, edit_own_content, delete_own_content, invite_people"
+    "permissions": "manage_own_apps, create_content, upload_images, edit_own_content, delete_own_content, invite_people"
   }
 ]
\ No newline at end of file
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 08b7906d..a6fbd0b8 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -91,6 +91,16 @@ defmodule AuthWeb.AuthControllerTest do
     end
   end
 
+  # test "redirect_or_render assigns app_admin role if direct auth", %{conn: conn} do
+  #   conn = non_admin_login(conn)
+  #   IO.inspect(conn, label: "conn:96")
+  #   person = conn.assigns.person
+  #   IO.inspect(person, label: "person:98")
+
+  #   AuthWeb.AuthController.redirect_or_render(conn, person, "")
+  #   IO.inspect(conn, label: "conn:100")
+  # end
+
   test "github_handler/2 github auth callback", %{conn: conn} do
     baseurl = AuthPlug.Helpers.get_baseurl_from_conn(conn)
 
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index d116409e..a9149e32 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -42,13 +42,16 @@ defmodule AuthWeb.RoleControllerTest do
 
     test "non-admin person create role", %{conn: conn} do
       conn = non_admin_login(conn)
-      {:ok, _app} = Auth.App.create_app(%{
-        "name" => "default system app",
-        "desc" => "Demo App",
-        "url" => "localhost:4000",
-        "person_id" => conn.assigns.person.id,
-        "status" => 3
-      })
+
+      {:ok, _app} =
+        Auth.App.create_app(%{
+          "name" => "default system app",
+          "desc" => "Demo App",
+          "url" => "localhost:4000",
+          "person_id" => conn.assigns.person.id,
+          "status" => 3
+        })
+
       conn = get(conn, Routes.role_path(conn, :new))
       assert html_response(conn, 200) =~ "New Role"
     end
diff --git a/test/test_helper.exs b/test/test_helper.exs
index 5dc978a9..b4942153 100644
--- a/test/test_helper.exs
+++ b/test/test_helper.exs
@@ -23,9 +23,11 @@ defmodule AuthTest do
   end
 
   def non_admin_person() do
-    rand = :rand.uniform(1000000)
+    rand = :rand.uniform(1_000_000)
+
     Auth.Person.upsert_person(%{
       email: "alex+#{rand}@gmail.com",
+      givenName: "Alexander McAwesome",
       auth_provider: "email",
       password: "thiswillbehashed"
     })

From 5b8d32e4c3807a78b0498959312c7047c27498e2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 19:47:28 +0100
Subject: [PATCH 122/166] creating plumbing for /approles/:client_id request
 https://github.com/dwyl/auth/issues/110#issuecomment-691529753

---
 lib/auth/role.ex                                |  2 +-
 lib/auth_web/controllers/app_controller.ex      | 15 ++++++++++-----
 lib/auth_web/router.ex                          | 17 +++++++++--------
 .../controllers/app_controller_test.exs         |  8 ++++++++
 4 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 29f92e9a..5bae5490 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -109,7 +109,7 @@ defmodule Auth.Role do
     end
   end
 
-  defp strip_meta(struct) do
+  def strip_meta(struct) do
     struct
     |> Map.delete(:__meta__)
     |> Map.delete(:__struct__)
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 140c9dd2..4ec22c99 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -119,10 +119,15 @@ defmodule AuthWeb.AppController do
     end
   end
 
-  # @doc """
-  # approles/2 Return the (JSON) List of Roles for a given App based on apikey.client_id
-  # """
-  # def approles(conn, %{"client_id" => client_id}) do
+  @doc """
+  approles/2 Return the (JSON) List of Roles for a given App based on apikey.client_id
+  """
+  def approles(conn, %{"client_id" => client_id}) do
+    IO.inspect(client_id)
+    # return empty JSON list with 401 status if client_id is invalid
 
-  # end
+    roles = Auth.Role.list_roles()
+    roles = Enum.map(roles, fn role -> Auth.Role.strip_meta(role) end)
+    json(conn, roles)
+  end
 end
diff --git a/lib/auth_web/router.ex b/lib/auth_web/router.ex
index 35d7896d..16b97a79 100644
--- a/lib/auth_web/router.ex
+++ b/lib/auth_web/router.ex
@@ -12,10 +12,6 @@ defmodule AuthWeb.Router do
     plug :put_secure_browser_headers
   end
 
-  # pipeline :api do
-  #   plug :accepts, ["json"]
-  # end
-
   scope "/", AuthWeb do
     pipe_through :browser
 
@@ -27,7 +23,6 @@ defmodule AuthWeb.Router do
     # get "/auth/password/new", AuthController, :password_input
     post "/auth/password/create", AuthController, :password_create
     post "/auth/password/verify", AuthController, :password_prompt
-    # get "/approles/:client_id", AppController, :approles
     # https://github.com/dwyl/ping
     get "/ping", PingController, :ping
   end
@@ -55,8 +50,14 @@ defmodule AuthWeb.Router do
     # resources "/settings/apikeys", ApikeyController
   end
 
+  pipeline :api do
+    plug :accepts, ["json"]
+  end
+
   # Other scopes may use custom stacks.
-  # scope "/api", AuthWeb do
-  #   pipe_through :api
-  # end
+  scope "/", AuthWeb do
+    pipe_through :api
+
+    get "/approles/:client_id", AppController, :approles
+  end
 end
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 74462b10..468be80f 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -160,4 +160,12 @@ defmodule AuthWeb.AppControllerTest do
       assert html_response(conn, 404) =~ "can't touch this."
     end
   end
+
+  describe "GET /approles/:client_id" do
+    test "returns (JSON) list of roles", %{conn: conn, app: app} do
+      conn = admin_login(conn)
+      conn = get(conn, Routes.app_path(conn, :approles, app.apikey))
+      assert html_response(conn, 200) =~ "successfully reset"
+    end
+  end
 end

From f09a184d9e787550d3662d382c0b13ea48ee96c4 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 19:59:56 +0100
Subject: [PATCH 123/166] [WiP] create GET /approles/:client_id test outline
 for #110

---
 .../auth_web/controllers/app_controller_test.exs | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 468be80f..90f78f4a 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -162,10 +162,20 @@ defmodule AuthWeb.AppControllerTest do
   end
 
   describe "GET /approles/:client_id" do
+    setup [:create_app]
+
     test "returns (JSON) list of roles", %{conn: conn, app: app} do
-      conn = admin_login(conn)
-      conn = get(conn, Routes.app_path(conn, :approles, app.apikey))
-      assert html_response(conn, 200) =~ "successfully reset"
+      key = List.first(app.apikeys)
+      IO.inspect(app, label: "app")
+      conn = conn
+      |> admin_login()
+      |> put_req_header("accept", "application/json")
+      |> get("/approles/#{key.client_id}")
+
+      assert conn.status == 200
+      {:ok, json} = Jason.decode(conn.resp_body)
+      IO.inspect(json)
+      # assert html_response(conn, 200) =~ "successfully reset"
     end
   end
 end

From 568c770fa63d27a3681ccd0d75911ddf61b81192 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 22:40:55 +0100
Subject: [PATCH 124/166] create loooong test for checking access to approles
 is restricted by app_id or "default" #110

---
 lib/auth/apikey.ex                            |  2 +
 lib/auth/role.ex                              |  6 ++
 lib/auth_web/controllers/app_controller.ex    | 15 +++--
 test/auth/apikey_test.exs                     | 16 ++---
 .../controllers/app_controller_test.exs       | 65 ++++++++++++++++++-
 5 files changed, 89 insertions(+), 15 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 46854a77..8e0e783f 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -47,6 +47,8 @@ defmodule Auth.Apikey do
     rescue
       ArgumentError ->
         0
+      ArithmeticError ->
+        0
     end
   end
 
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 5bae5490..86ec4580 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -39,6 +39,12 @@ defmodule Auth.Role do
     Repo.all(__MODULE__)
   end
 
+  def list_roles_for_app(app_id) do
+    __MODULE__
+    |> where([r], r.app_id == ^app_id or is_nil(r.app_id)) # and a.status != 6)
+    |> Repo.all()
+  end
+
   @doc """
   Gets a single role.
 
diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 4ec22c99..6fe48e03 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -123,11 +123,18 @@ defmodule AuthWeb.AppController do
   approles/2 Return the (JSON) List of Roles for a given App based on apikey.client_id
   """
   def approles(conn, %{"client_id" => client_id}) do
-    IO.inspect(client_id)
+    IO.inspect(client_id, label: "client_id:126")
     # return empty JSON list with 401 status if client_id is invalid
+    app_id = Auth.Apikey.decode_decrypt(client_id)
+    IO.inspect(app_id, label: "app_id:129")
 
-    roles = Auth.Role.list_roles()
-    roles = Enum.map(roles, fn role -> Auth.Role.strip_meta(role) end)
-    json(conn, roles)
+    if app_id == 0 or is_nil(app_id) do
+      # invalid client_id > 401
+      AuthWeb.AuthController.unauthorized(conn)
+    else
+      roles = Auth.Role.list_roles_for_app(app_id)
+      roles = Enum.map(roles, fn role -> Auth.Role.strip_meta(role) end)
+      json(conn, roles)
+    end
   end
 end
diff --git a/test/auth/apikey_test.exs b/test/auth/apikey_test.exs
index b0832a3b..c100228a 100644
--- a/test/auth/apikey_test.exs
+++ b/test/auth/apikey_test.exs
@@ -17,10 +17,10 @@ defmodule Auth.ApikeyTest do
     end
 
     test "decode_decrypt/1 reverses the operation of encrypt_encode/1" do
-      person_id = 4_869_234_521
-      key = Auth.Apikey.encrypt_encode(person_id)
+      app_id = 4_869_234_521
+      key = Auth.Apikey.encrypt_encode(app_id)
       id = Auth.Apikey.decode_decrypt(key)
-      assert person_id == id
+      assert app_id == id
     end
 
     test "create_api_key/1 creates an AUTH_API_KEY" do
@@ -32,16 +32,16 @@ defmodule Auth.ApikeyTest do
     end
 
     test "decrypt_api_key/1 decrypts an AUTH_API_KEY" do
-      person_id = 1234
-      key = Auth.Apikey.create_api_key(person_id)
+      app_id = 1234
+      key = Auth.Apikey.create_api_key(app_id)
       decrypted = Auth.Apikey.decrypt_api_key(key)
-      assert decrypted == person_id
+      assert decrypted == app_id
     end
 
     test "decode_decrypt/1 with invalid client_id" do
       valid_key = Auth.Apikey.encrypt_encode(1)
-      person_id = Auth.Apikey.decode_decrypt(valid_key)
-      assert person_id == 1
+      app_id = Auth.Apikey.decode_decrypt(valid_key)
+      assert app_id == 1
 
       invalid_key = String.slice(valid_key, 0..-2)
       error = Auth.Apikey.decode_decrypt(invalid_key)
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 90f78f4a..86d8d980 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -1,7 +1,7 @@
 defmodule AuthWeb.AppControllerTest do
   use AuthWeb.ConnCase
 
-  alias Auth.App
+  alias Auth.{App, Role}
 
   @create_attrs %{
     desc: "some description",
@@ -164,9 +164,18 @@ defmodule AuthWeb.AppControllerTest do
   describe "GET /approles/:client_id" do
     setup [:create_app]
 
+    test "returns 401 if client_id is invalid", %{conn: conn} do
+      conn = conn
+      |> put_req_header("accept", "application/json")
+      |> get("/approles/invalid")
+
+      assert html_response(conn, 401) =~ "invalid"
+    end
+
     test "returns (JSON) list of roles", %{conn: conn, app: app} do
+      roles = Auth.Role.list_roles_for_app(app.id)
       key = List.first(app.apikeys)
-      IO.inspect(app, label: "app")
+      # IO.inspect(app, label: "app")
       conn = conn
       |> admin_login()
       |> put_req_header("accept", "application/json")
@@ -174,8 +183,58 @@ defmodule AuthWeb.AppControllerTest do
 
       assert conn.status == 200
       {:ok, json} = Jason.decode(conn.resp_body)
-      IO.inspect(json)
+      # IO.inspect(json)
+      assert length(roles) == length(json)
       # assert html_response(conn, 200) =~ "successfully reset"
     end
+
+    test "returns only relevant roles", %{conn: conn, app: app} do
+      roles = Role.list_roles_for_app(app.id)
+      # admin create role:
+      admin_role = %{desc: "admin role", name: "new admin role", app_id: app.id}
+      {:ok, %Role{} = admin_role} = Role.create_role(admin_role)
+      # check that the new role was added to the admin app role list:
+      roles2 = Role.list_roles_for_app(app.id)
+      assert length(roles) < length(roles2)
+      last = List.last(roles2)
+      assert last.name == admin_role.name
+
+
+      # login as non-admin person
+      conn2 = non_admin_login(conn)
+
+      # create non-admin app (to get API Key)
+      {:ok, non_admin_app} = Auth.App.create_app(%{
+        "name" => "default system app",
+        "desc" => "Demo App",
+        "url" => "localhost:4000",
+        "person_id" => conn2.assigns.person.id,
+        "status" => 3
+      })
+      # create non-admin role:
+      role_data = %{
+        desc: "non-admin role", name: "non-admin role",
+        app_id: non_admin_app.id
+      }
+      {:ok, %Role{} = role2} = Role.create_role(role_data)
+      key = List.first(non_admin_app.apikeys)
+
+      conn3 = conn2
+      |> admin_login()
+      |> put_req_header("accept", "application/json")
+      |> get("/approles/#{key.client_id}")
+
+      assert conn3.status == 200
+      {:ok, json} = Jason.decode(conn3.resp_body)
+      last_role = List.last(json)
+      # confirm the last role in the list is the new non-admin role:
+      assert Map.get(last_role, "name") == role2.name
+
+      # confirm the admin_role is NOT in the JSON reponse:
+      should_be_empty = Enum.filter(json, fn r ->
+        Map.get(r, "name") == admin_role.name
+      end)
+      assert length(should_be_empty) == 0
+    end
   end
 end

From 5c12cf610431f672156ce79d8e7cd04337408ccb Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 22:42:08 +0100
Subject: [PATCH 125/166] tidy up approles/2 for #110

---
 lib/auth_web/controllers/app_controller.ex | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 6fe48e03..3f5a90d3 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -123,13 +123,10 @@ defmodule AuthWeb.AppController do
   approles/2 Return the (JSON) List of Roles for a given App based on apikey.client_id
   """
   def approles(conn, %{"client_id" => client_id}) do
-    IO.inspect(client_id, label: "client_id:126")
-    # return empty JSON list with 401 status if client_id is invalid
     app_id = Auth.Apikey.decode_decrypt(client_id)
-    IO.inspect(app_id, label: "app_id:129")
 
+    # return empty JSON list with 401 status if client_id is invalid
     if app_id == 0 or is_nil(app_id) do
-      # invalid client_id > 401
       AuthWeb.AuthController.unauthorized(conn)
     else
       roles = Auth.Role.list_roles_for_app(app_id)

From 607f775254c55a625fbbeb63dd62aca750176bd6 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 23:33:13 +0100
Subject: [PATCH 126/166] fix @sourceleve-bot issues in #110

---
 test/auth_web/controllers/app_controller_test.exs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index 86d8d980..fa4b52f6 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -1,7 +1,7 @@
 defmodule AuthWeb.AppControllerTest do
   use AuthWeb.ConnCase
-
-  alias Auth.{App, Role}
+  alias Auth.App
+  alias Auth.Role
 
   @create_attrs %{
     desc: "some description",
@@ -199,7 +199,6 @@ defmodule AuthWeb.AppControllerTest do
       last = List.last(roles2)
       assert last.name == admin_role.name
 
-
       # login as non-admin person
       conn2 = non_admin_login(conn)
 
@@ -234,7 +233,7 @@ defmodule AuthWeb.AppControllerTest do
       should_be_empty = Enum.filter(json, fn r ->
         Map.get(r, "name") == admin_role.name
       end)
-      assert length(should_be_empty) == 0
+      assert should_be_empty == []
     end
   end
 end

From f261c85439b9b3f76e60feb4a6961d5c590b04d4 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sat, 12 Sep 2020 23:50:32 +0100
Subject: [PATCH 127/166] reduce length of keys in conn.assigns.person #113

---
 lib/auth_web/controllers/auth_controller.ex  | 12 ++++++------
 lib/auth_web/templates/auth/welcome.html.eex |  6 +++---
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index f2e0332f..f89dbd3e 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -446,13 +446,13 @@ defmodule AuthWeb.AuthController do
 
   def add_jwt_url_param(person, state, client_secret) do
     data = %{
-      auth_provider: person.auth_provider,
-      givenName: person.givenName,
+      aup: person.auth_provider,
+      n: person.givenName,
       id: person.id,
-      picture: person.picture,
-      status: person.status,
-      email: person.email,
-      roles: RBAC.transform_role_list_to_string(person.roles)
+      pic: person.picture,
+      s: person.status,
+      e: person.email,
+      r: RBAC.transform_role_list_to_string(person.roles)
     }
 
     jwt = AuthPlug.Token.generate_jwt!(data, client_secret)
diff --git a/lib/auth_web/templates/auth/welcome.html.eex b/lib/auth_web/templates/auth/welcome.html.eex
index f1b93fd2..79edefaf 100644
--- a/lib/auth_web/templates/auth/welcome.html.eex
+++ b/lib/auth_web/templates/auth/welcome.html.eex
@@ -1,10 +1,10 @@
 <section class="w-100 center ph3 tc">
-  <h1> Welcome <%= @conn.assigns.person.givenName %>!
+  <h1> Welcome <%= @conn.assigns.person.n %>!
   </h1>
-  <img width="128px" src="<%= @conn.assigns.person.picture %>"
+  <img width="128px" src="<%= @conn.assigns.person.pic %>"
     class="center db br2"/>
   <p class="f3"> You are <strong>signed in</strong>
-    with your <strong><%= String.capitalize(@conn.assigns.person.auth_provider) %> account</strong>.
+    with your <strong><%= String.capitalize(@conn.assigns.person.aup) %> account</strong>.
   <p/>
 
   <br />

From fdab8cff8e03e5bf56fa628a7e9aa99ef6e69ac2 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 00:11:47 +0100
Subject: [PATCH 128/166] revert data changes #113

---
 lib/auth_web/controllers/auth_controller.ex        | 12 ++++++------
 lib/auth_web/templates/auth/welcome.html.eex       |  6 +++---
 test/auth_web/controllers/auth_controller_test.exs |  4 +---
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index f89dbd3e..f2e0332f 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -446,13 +446,13 @@ defmodule AuthWeb.AuthController do
 
   def add_jwt_url_param(person, state, client_secret) do
     data = %{
-      aup: person.auth_provider,
-      n: person.givenName,
+      auth_provider: person.auth_provider,
+      givenName: person.givenName,
       id: person.id,
-      pic: person.picture,
-      s: person.status,
-      e: person.email,
-      r: RBAC.transform_role_list_to_string(person.roles)
+      picture: person.picture,
+      status: person.status,
+      email: person.email,
+      roles: RBAC.transform_role_list_to_string(person.roles)
     }
 
     jwt = AuthPlug.Token.generate_jwt!(data, client_secret)
diff --git a/lib/auth_web/templates/auth/welcome.html.eex b/lib/auth_web/templates/auth/welcome.html.eex
index 79edefaf..f1b93fd2 100644
--- a/lib/auth_web/templates/auth/welcome.html.eex
+++ b/lib/auth_web/templates/auth/welcome.html.eex
@@ -1,10 +1,10 @@
 <section class="w-100 center ph3 tc">
-  <h1> Welcome <%= @conn.assigns.person.n %>!
+  <h1> Welcome <%= @conn.assigns.person.givenName %>!
   </h1>
-  <img width="128px" src="<%= @conn.assigns.person.pic %>"
+  <img width="128px" src="<%= @conn.assigns.person.picture %>"
     class="center db br2"/>
   <p class="f3"> You are <strong>signed in</strong>
-    with your <strong><%= String.capitalize(@conn.assigns.person.aup) %> account</strong>.
+    with your <strong><%= String.capitalize(@conn.assigns.person.auth_provider) %> account</strong>.
   <p/>
 
   <br />
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index a6fbd0b8..0997f6ac 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -29,7 +29,6 @@ defmodule AuthWeb.AuthControllerTest do
     }
 
     person = Auth.Person.create_person(data)
-
     conn =
       AuthPlug.create_jwt_session(conn, Map.merge(data, %{id: person.id}))
       |> get("/profile", %{})
@@ -158,7 +157,6 @@ defmodule AuthWeb.AuthControllerTest do
     }
 
     Auth.Person.upsert_person(data)
-
     conn =
       AuthPlug.create_jwt_session(conn, data)
       |> get("/auth/google/callback", %{"code" => "234", "state" => nil})
@@ -313,7 +311,7 @@ defmodule AuthWeb.AuthControllerTest do
   end
 
   test "password_create/2 create a new password", %{conn: conn} do
-    %{email: "anabela@mail.com", auth_provider: "email"}
+    %{email: "anabela@mail.com", auth_provider: "email", givenName: "timmy"}
     |> Auth.Person.upsert_person()
 
     params = %{

From e9c63cd60aa8ec4bfc376c76313766cb265b9c6f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 01:00:58 +0100
Subject: [PATCH 129/166] add app_id to people schema #108

---
 lib/auth/person.ex                            |  4 +-
 lib/auth_web/controllers/auth_controller.ex   | 37 +++++++++++--------
 .../20200912235027_add_app_id_people.exs      |  9 +++++
 3 files changed, 34 insertions(+), 16 deletions(-)
 create mode 100644 priv/repo/migrations/20200912235027_add_app_id_people.exs

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 83a2969d..9a9eb1fb 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -24,6 +24,7 @@ defmodule Auth.Person do
     field :status, :id
     field :tag, :id
     field :key_id, :integer
+    field :app_id, :integer
     # many_to_many :roles, Auth.Role, join_through: "people_roles"
     # has_many :roles, through: [:people_roles, :role]
     many_to_many :roles, Auth.Role, join_through: Auth.PeopleRoles
@@ -54,7 +55,8 @@ defmodule Auth.Person do
       :picture,
       :username,
       :auth_provider,
-      :status
+      :status,
+      :app_id
     ])
     |> validate_required([:email])
     |> put_email_hash()
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index f2e0332f..fa5afdee 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -44,13 +44,6 @@ defmodule AuthWeb.AuthController do
         nil
       end
 
-    # TODO: add friendly error message when email address is invalid
-    # errors = if not is_nil(email) and not Fields.Validate.email(email) do
-    #   [email: "email address is invalid"]
-    # else
-    #   []
-    # end
-
     state =
       if not is_nil(params_person) and
            not is_nil(Map.get(params_person, "state")) do
@@ -118,13 +111,24 @@ defmodule AuthWeb.AuthController do
   """
   def github_handler(conn, %{"code" => code, "state" => state}) do
     {:ok, profile} = ElixirAuthGithub.github_auth(code)
+    app_id = get_app_id(state)
+
     # save profile to people:
-    person = Person.create_github_person(profile)
+    person = Person.create_github_person(Map.merge(profile, %{app_id: app_id}))
 
     # render or redirect:
     handler(conn, person, state)
   end
 
+  def get_app_id(state) do
+    client_id = get_client_secret_from_state(state)
+    app_id = Auth.Apikey.decode_decrypt(client_id)
+    case app_id == 0 do
+      true -> 1
+      false -> app_id
+    end
+  end
+
   @doc """
   `google_handler/2` handles the callback from Google Auth API redirect.
   """
@@ -132,7 +136,8 @@ defmodule AuthWeb.AuthController do
     {:ok, token} = ElixirAuthGoogle.get_token(code, conn)
     {:ok, profile} = ElixirAuthGoogle.get_user_profile(token.access_token)
     # save profile to people:
-    person = Person.create_google_person(profile)
+    app_id = get_app_id(state)
+    person = Person.create_google_person(Map.merge(profile, %{app_id: app_id}))
 
     # render or redirect:
     handler(conn, person, state)
@@ -376,9 +381,6 @@ defmodule AuthWeb.AuthController do
         msg = """
         That password is incorrect.
         """
-
-        # log password incorrect
-
         user_agent = get_user_agent(conn)
         ip_address = get_ip_address(conn)
 
@@ -401,6 +403,11 @@ defmodule AuthWeb.AuthController do
     redirect_or_render(conn, person, params["referer"])
   end
 
+  def get_client_id_from_state(state) do
+    query = URI.decode_query(List.last(String.split(state, "?")))
+    Map.get(query, "auth_client_id")
+  end
+
   @doc """
   `get_client_secret_from_state/1` gets the client_id from state,
   attempts to decode_decrypt it and then look it up in apikeys
@@ -408,8 +415,7 @@ defmodule AuthWeb.AuthController do
   All other failure conditions return a 0 (zero) which results in a 401.
   """
   def get_client_secret_from_state(state) do
-    query = URI.decode_query(List.last(String.split(state, "?")))
-    client_id = Map.get(query, "auth_client_id")
+    client_id = get_client_id_from_state(state)
 
     case not is_nil(client_id) do
       # Lookup client_id in apikeys table
@@ -452,7 +458,8 @@ defmodule AuthWeb.AuthController do
       picture: person.picture,
       status: person.status,
       email: person.email,
-      roles: RBAC.transform_role_list_to_string(person.roles)
+      roles: RBAC.transform_role_list_to_string(person.roles),
+      app_id: person.app_id
     }
 
     jwt = AuthPlug.Token.generate_jwt!(data, client_secret)
diff --git a/priv/repo/migrations/20200912235027_add_app_id_people.exs b/priv/repo/migrations/20200912235027_add_app_id_people.exs
new file mode 100644
index 00000000..c517717f
--- /dev/null
+++ b/priv/repo/migrations/20200912235027_add_app_id_people.exs
@@ -0,0 +1,9 @@
+defmodule Auth.Repo.Migrations.AddAppIdPeople do
+  use Ecto.Migration
+
+  def change do
+    alter table(:people) do
+      add :app_id, references(:apps, on_delete: :nothing)
+    end
+  end
+end

From 943ad03f2912ef4d88197b165c781148a85d39e1 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 21:24:42 +0100
Subject: [PATCH 130/166] (maintenance) update fields to 2.7.0
 https://github.com/dwyl/fields/issues/74

---
 mix.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mix.exs b/mix.exs
index f0dd52ea..48056af5 100644
--- a/mix.exs
+++ b/mix.exs
@@ -67,7 +67,7 @@ defmodule Auth.Mixfile do
       {:rbac, "~> 0.3.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
-      {:fields, "~> 2.6.0"},
+      {:fields, "~> 2.7.0"},
       # Base58 Encodeing: https://github.com/dwyl/base58
       {:B58, "~> 1.0", hex: :b58},
 

From 2b877975cb8b5ce18207b3de1de3d1c0630e4ec4 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 21:36:15 +0100
Subject: [PATCH 131/166] update elixir+erlang version in .travis.yml #114

---
 .travis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 48d8f989..0d5e1937 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,8 +1,8 @@
 language: elixir
 elixir:
-  - 1.10.2
+  - 1.10.4
 otp_release:
-  - 22.1.8
+  - 23.0.4
 services:
   - postgresql
 env:

From 1de4a08cb60556e9ecb1d67cb457d05d9e6d6195 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 22:47:04 +0100
Subject: [PATCH 132/166] check for Mix.env() == :prod in seeds.exs for
 https://github.com/dwyl/auth/issues/114#issuecomment-691720862

---
 mix.exs             |  2 +-
 mix.lock            | 34 +++++++++++++++++-----------------
 priv/repo/seeds.exs | 15 ++++++++++-----
 3 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/mix.exs b/mix.exs
index 48056af5..905c75e7 100644
--- a/mix.exs
+++ b/mix.exs
@@ -5,7 +5,7 @@ defmodule Auth.Mixfile do
     [
       app: :auth,
       version: "1.2.4",
-      elixir: "~> 1.10",
+      elixir: "~> 1.10.4",
       elixirc_paths: elixirc_paths(Mix.env()),
       compilers: [:phoenix, :gettext] ++ Mix.compilers(),
       test_coverage: [tool: ExCoveralls],
diff --git a/mix.lock b/mix.lock
index 222db618..31b70591 100644
--- a/mix.lock
+++ b/mix.lock
@@ -10,50 +10,50 @@
   "cowlib": {:hex, :cowlib, "2.9.1", "61a6c7c50cf07fdd24b2f45b89500bb93b6686579b069a89f88cb211e1125c78", [:rebar3], [], "hexpm", "e4175dc240a70d996156160891e1c62238ede1729e45740bdd38064dad476170"},
   "credo": {:hex, :credo, "1.4.0", "92339d4cbadd1e88b5ee43d427b639b68a11071b6f73854e33638e30a0ea11f5", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "1fd3b70dce216574ce3c18bdf510b57e7c4c85c2ec9cad4bff854abaf7e58658"},
   "db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"},
-  "decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"},
+  "decimal": {:hex, :decimal, "1.9.0", "83e8daf59631d632b171faabafb4a9f4242c514b0a06ba3df493951c08f64d07", [:mix], [], "hexpm", "b1f2343568eed6928f3e751cf2dffde95bfaa19dd95d09e8a9ea92ccfd6f7d85"},
   "dialyxir": {:hex, :dialyxir, "1.0.0", "6a1fa629f7881a9f5aaf3a78f094b2a51a0357c843871b8bc98824e7342d00a5", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "aeb06588145fac14ca08d8061a142d52753dbc2cf7f0d00fc1013f53f8654654"},
-  "earmark": {:hex, :earmark, "1.4.4", "4821b8d05cda507189d51f2caeef370cf1e18ca5d7dfb7d31e9cafe6688106a4", [:mix], [], "hexpm", "1f93aba7340574847c0f609da787f0d79efcab51b044bb6e242cae5aca9d264d"},
-  "ecto": {:hex, :ecto, "3.4.5", "2bcd262f57b2c888b0bd7f7a28c8a48aa11dc1a2c6a858e45dd8f8426d504265", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8c6d1d4d524559e9b7a062f0498e2c206122552d63eacff0a6567ffe7a8e8691"},
+  "earmark": {:hex, :earmark, "1.4.10", "bddce5e8ea37712a5bfb01541be8ba57d3b171d3fa4f80a0be9bcf1db417bcaf", [:mix], [{:earmark_parser, ">= 1.4.10", [hex: :earmark_parser, repo: "hexpm", optional: false]}], "hexpm", "12dbfa80810478e521d3ffb941ad9fbfcbbd7debe94e1341b4c4a1b2411c1c27"},
+  "earmark_parser": {:hex, :earmark_parser, "1.4.10", "6603d7a603b9c18d3d20db69921527f82ef09990885ed7525003c7fe7dc86c56", [:mix], [], "hexpm", "8e2d5370b732385db2c9b22215c3f59c84ac7dda7ed7e544d7c459496ae519c0"},
+  "ecto": {:hex, :ecto, "3.4.6", "08f7afad3257d6eb8613309af31037e16c36808dfda5a3cd0cb4e9738db030e4", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "6f13a9e2a62e75c2dcfc7207bfc65645ab387af8360db4c89fee8b5a4bf3f70b"},
   "ecto_sql": {:hex, :ecto_sql, "3.4.5", "30161f81b167d561a9a2df4329c10ae05ff36eca7ccc84628f2c8b9fa1e43323", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0 or ~> 0.4.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.0", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "31990c6a3579b36a3c0841d34a94c275e727de8b84f58509da5f1b2032c98ac2"},
   "elixir_auth_github": {:hex, :elixir_auth_github, "1.4.0", "fa6b4f52812201380213d49bbe09d8706dc97eacf9962c9e8d34d95aec3ad33c", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:poison, "~> 4.0.1", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm", "7c6ec4e8c73cef5c810a70e308505f67b56805a72b6fe9841ea81e8d24b91c7e"},
   "elixir_auth_google": {:hex, :elixir_auth_google, "1.3.0", "b3a7843ccc004888f2dd1478b3ca5a102751138657ee2fd68fdbbf43e44fb138", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:poison, "~> 4.0.1", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm", "d2fb766ca4f6fcbf8f1f4128dcf2a35c7cd0c702ab62e3110458acd8038d0267"},
-  "elixir_make": {:hex, :elixir_make, "0.6.0", "38349f3e29aff4864352084fc736fa7fa0f2995a819a737554f7ebd28b85aaab", [:mix], [], "hexpm", "d522695b93b7f0b4c0fcb2dfe73a6b905b1c301226a5a55cb42e5b14d509e050"},
+  "elixir_make": {:hex, :elixir_make, "0.6.1", "8faa29a5597faba999aeeb72bbb9c91694ef8068f0131192fb199f98d32994ef", [:mix], [], "hexpm", "35d33270680f8d839a4003c3e9f43afb595310a592405a00afc12de4c7f55a18"},
   "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},
   "ex_doc": {:hex, :ex_doc, "0.21.3", "857ec876b35a587c5d9148a2512e952e24c24345552259464b98bfbb883c7b42", [:mix], [{:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}], "hexpm", "0db1ee8d1547ab4877c5b5dffc6604ef9454e189928d5ba8967d4a58a801f161"},
-  "exbase58": {:hex, :exbase58, "1.0.2", "2caa5df4d769b5c555cde11b85e93199037ed8b41f1da23e812619c10e3a3424", [:mix], [], "hexpm", "fe6b6b465750bdc1bd01c7b33b265902dabd63061f7db24e663509b45b4bba3c"},
   "excoveralls": {:hex, :excoveralls, "0.12.3", "2142be7cb978a3ae78385487edda6d1aff0e482ffc6123877bb7270a8ffbcfe0", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "568a3e616c264283f5dea5b020783ae40eef3f7ee2163f7a67cbd7b35bcadada"},
-  "fields": {:hex, :fields, "2.6.0", "bbbc32f3a49895b447996b993ebc380d5ea488ab76604ff1bb7390c49fab17ae", [:mix], [{:argon2_elixir, "~> 2.3.0", [hex: :argon2_elixir, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:html_sanitize_ex, "~> 1.4", [hex: :html_sanitize_ex, repo: "hexpm", optional: false]}], "hexpm", "a72a49cdf26cca05f56eb3de708af6e5744829e844aff6e89b71617c3a3309f9"},
+  "fields": {:hex, :fields, "2.7.0", "1524662e5fddf2541cf4b561e59f4237d24c3647a65af5c1d057e11d375a3074", [:mix], [{:argon2_elixir, "~> 2.3.0", [hex: :argon2_elixir, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.6", [hex: :ecto, repo: "hexpm", optional: false]}, {:html_sanitize_ex, "~> 1.4.1", [hex: :html_sanitize_ex, repo: "hexpm", optional: false]}], "hexpm", "b9563fc12c26ce2673d0b4e2c60057ed4b307648be21306c194cb5ef489d6d8f"},
   "file_system": {:hex, :file_system, "0.2.8", "f632bd287927a1eed2b718f22af727c5aeaccc9a98d8c2bd7bff709e851dc986", [:mix], [], "hexpm", "97a3b6f8d63ef53bd0113070102db2ce05352ecf0d25390eb8d747c2bde98bca"},
-  "gettext": {:hex, :gettext, "0.18.0", "406d6b9e0e3278162c2ae1de0a60270452c553536772167e2d701f028116f870", [:mix], [], "hexpm", "c3f850be6367ebe1a08616c2158affe4a23231c70391050bf359d5f92f66a571"},
+  "gettext": {:hex, :gettext, "0.18.1", "89e8499b051c7671fa60782faf24409b5d2306aa71feb43d79648a8bc63d0522", [:mix], [], "hexpm", "e70750c10a5f88cb8dc026fc28fa101529835026dec4a06dba3b614f2a99c7a9"},
   "hackney": {:hex, :hackney, "1.16.0", "5096ac8e823e3a441477b2d187e30dd3fff1a82991a806b2003845ce72ce2d84", [:rebar3], [{:certifi, "2.5.2", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.1", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.0", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.6", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "3bf0bebbd5d3092a3543b783bf065165fa5d3ad4b899b836810e513064134e18"},
-  "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.4.0", "0310d27d7bafb662f30bff22ec732a72414799c83eaf44239781fd23b96216c0", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm", "c5d79626be0b6e50c19ecdfb783ee26e85bd3a77436b488379ce6dc104ec4593"},
+  "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.4.1", "e8a67da405fe9f0d1be121a40a60f70811192033a5b8d00a95dddd807f5e053e", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm", "68d92656f47cd73598c45ad2394561f025c8c65d146001b955fd7b517858962a"},
   "httpoison": {:hex, :httpoison, "1.7.0", "abba7d086233c2d8574726227b6c2c4f6e53c4deae7fe5f6de531162ce9929a0", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "975cc87c845a103d3d1ea1ccfd68a2700c211a434d8428b10c323dc95dc5b980"},
   "idna": {:hex, :idna, "6.0.1", "1d038fb2e7668ce41fbf681d2c45902e52b3cb9e9c77b55334353b222c2ee50c", [:rebar3], [{:unicode_util_compat, "0.5.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a02c8a1c4fd601215bb0b0324c8a6986749f807ce35f25449ec9e69758708122"},
-  "jason": {:hex, :jason, "1.2.1", "12b22825e22f468c02eb3e4b9985f3d0cb8dc40b9bd704730efa11abd2708c44", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "b659b8571deedf60f79c5a608e15414085fa141344e2716fbd6988a084b5f993"},
+  "jason": {:hex, :jason, "1.2.2", "ba43e3f2709fd1aa1dce90aaabfd039d000469c05c56f0b8e31978e03fa39052", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "18a228f5f0058ee183f29f9eae0805c6e59d61c3b006760668d8d18ff0d12179"},
   "joken": {:hex, :joken, "2.2.0", "2daa1b12be05184aff7b5ace1d43ca1f81345962285fff3f88db74927c954d3a", [:mix], [{:jose, "~> 1.9", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "b4f92e30388206f869dd25d1af628a1d99d7586e5cf0672f64d4df84c4d2f5e9"},
   "jose": {:hex, :jose, "1.10.1", "16d8e460dae7203c6d1efa3f277e25b5af8b659febfc2f2eb4bacf87f128b80a", [:mix, :rebar3], [], "hexpm", "3c7ddc8a9394b92891db7c2771da94bf819834a1a4c92e30857b7d582e2f8257"},
-  "makeup": {:hex, :makeup, "1.0.1", "82f332e461dc6c79dbd82fbe2a9c10d48ed07146f0a478286e590c83c52010b5", [:mix], [{:nimble_parsec, "~> 0.5.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "49736fe5b66a08d8575bf5321d716bac5da20c8e6b97714fec2bcd6febcfa1f8"},
-  "makeup_elixir": {:hex, :makeup_elixir, "0.14.0", "cf8b7c66ad1cff4c14679698d532f0b5d45a3968ffbcbfd590339cb57742f1ae", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "d4b316c7222a85bbaa2fd7c6e90e37e953257ad196dc229505137c5e505e9eff"},
+  "makeup": {:hex, :makeup, "1.0.3", "e339e2f766d12e7260e6672dd4047405963c5ec99661abdc432e6ec67d29ef95", [:mix], [{:nimble_parsec, "~> 0.5", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "2e9b4996d11832947731f7608fed7ad2f9443011b3b479ae288011265cdd3dad"},
+  "makeup_elixir": {:hex, :makeup_elixir, "0.14.1", "4f0e96847c63c17841d42c08107405a005a2680eb9c7ccadfd757bd31dabccfb", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "f2438b1a80eaec9ede832b5c41cd4f373b38fd7aa33e3b22d9db79e640cbde11"},
   "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
-  "mime": {:hex, :mime, "1.3.1", "30ce04ab3175b6ad0bdce0035cba77bba68b813d523d1aac73d9781b4d193cf8", [:mix], [], "hexpm", "6cbe761d6a0ca5a31a0931bf4c63204bceb64538e664a8ecf784a9a6f3b875f1"},
+  "mime": {:hex, :mime, "1.4.0", "5066f14944b470286146047d2f73518cf5cca82f8e4815cf35d196b58cf07c47", [:mix], [], "hexpm", "75fa42c4228ea9a23f70f123c74ba7cece6a03b1fd474fe13f6a7a85c6ea4ff6"},
   "mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm", "f278585650aa581986264638ebf698f8bb19df297f66ad91b18910dfc6e19323"},
   "mochiweb": {:hex, :mochiweb, "2.20.1", "e4dbd0ed716f076366ecf62ada5755a844e1d95c781e8c77df1d4114be868cdf", [:rebar3], [], "hexpm", "d1aeee7870470d2fa9eae0b3d5ab6c33801aa2d82b10e9dade885c5c921b36aa"},
-  "nimble_parsec": {:hex, :nimble_parsec, "0.5.3", "def21c10a9ed70ce22754fdeea0810dafd53c2db3219a0cd54cf5526377af1c6", [:mix], [], "hexpm", "589b5af56f4afca65217a1f3eb3fee7e79b09c40c742fddc1c312b3ac0b3399f"},
+  "nimble_parsec": {:hex, :nimble_parsec, "0.6.0", "32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263", [:mix], [], "hexpm", "27eac315a94909d4dc68bc07a4a83e06c8379237c5ea528a9acff4ca1c873c52"},
   "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
-  "phoenix": {:hex, :phoenix, "1.5.3", "bfe0404e48ea03dfe17f141eff34e1e058a23f15f109885bbdcf62be303b49ff", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 2.13", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.1.2 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8e16febeb9640d8b33895a691a56481464b82836d338bb3a23125cd7b6157c25"},
+  "phoenix": {:hex, :phoenix, "1.5.4", "0fca9ce7e960f9498d6315e41fcd0c80bfa6fbeb5fa3255b830c67fdfb7e703f", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 2.13", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.1.2 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "4e516d131fde87b568abd62e1b14aa07ba7d5edfd230bab4e25cc9dedbb39135"},
   "phoenix_ecto": {:hex, :phoenix_ecto, "4.1.0", "a044d0756d0464c5a541b4a0bf4bcaf89bffcaf92468862408290682c73ae50d", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c5e666a341ff104d0399d8f0e4ff094559b2fde13a5985d4cb5023b2c2ac558b"},
   "phoenix_html": {:hex, :phoenix_html, "2.14.2", "b8a3899a72050f3f48a36430da507dd99caf0ac2d06c77529b1646964f3d563e", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "58061c8dfd25da5df1ea0ca47c972f161beb6c875cd293917045b92ffe1bf617"},
-  "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.2", "38d94c30df5e2ef11000697a4fbe2b38d0fbf79239d492ff1be87bbc33bc3a84", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "a3dec3d28ddb5476c96a7c8a38ea8437923408bc88da43e5c45d97037b396280"},
+  "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.4", "940c0344b1d66a2e46eef02af3a70e0c5bb45a4db0bf47917add271b76cd3914", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "38f9308357dea4cc77f247e216da99fcb0224e05ada1469167520bed4cb8cccd"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.0.0", "a1ae76717bb168cdeb10ec9d92d1480fec99e3080f011402c0a2d68d47395ffb", [:mix], [], "hexpm", "c52d948c4f261577b9c6fa804be91884b381a7f8f18450c5045975435350f771"},
   "ping": {:hex, :ping, "1.0.1", "1f44c7b7151af18627edbd7946a376935871f285fc9c11e9f16ddb1555ea65b5", [:mix], [{:plug, "~> 1.10.1", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c1421bebcb6601e7fb1158700ca99eb2dc0976b45fe2a26023db5a9318aadfa6"},
-  "plug": {:hex, :plug, "1.10.3", "c9cebe917637d8db0e759039cc106adca069874e1a9034fd6e3fdd427fd3c283", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "01f9037a2a1de1d633b5a881101e6a444bcabb1d386ca1e00bb273a1f1d9d939"},
+  "plug": {:hex, :plug, "1.10.4", "41eba7d1a2d671faaf531fa867645bd5a3dce0957d8e2a3f398ccff7d2ef017f", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ad1e233fe73d2eec56616568d260777b67f53148a999dc2d048f4eb9778fe4a0"},
   "plug_cowboy": {:hex, :plug_cowboy, "2.3.0", "149a50e05cb73c12aad6506a371cd75750c0b19a32f81866e1a323dda9e0e99d", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "bc595a1870cef13f9c1e03df56d96804db7f702175e4ccacdb8fc75c02a7b97e"},
   "plug_crypto": {:hex, :plug_crypto, "1.1.2", "bdd187572cc26dbd95b87136290425f2b580a116d3fb1f564216918c9730d227", [:mix], [], "hexpm", "6b8b608f895b6ffcfad49c37c7883e8df98ae19c6a28113b02aa1e9c5b22d6b5"},
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"},
   "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
   "rbac": {:hex, :rbac, "0.3.0", "81ef1f898da2da61ed3b054822b98915005b1b07ed1b7d32071d41cd3ce93d84", [:mix], [], "hexpm", "ccba5f1bd58c351e58596ca3fbfd1e49391e4e6aedfac0ae08f54baea43a66dc"},
-  "sobelow": {:hex, :sobelow, "0.10.2", "00e91208046d3b434f9f08779fe0ca7c6d6595b7fa33b289e792dffa6dde8081", [:mix], [], "hexpm", "e30fc994330cf6f485c1c4f2fb7c4b2d403557d0e101c6e5329fd17a58e55a7e"},
+  "sobelow": {:hex, :sobelow, "0.10.4", "44ba642da120d84fedb9e85473375084034330c8f15a992351dd164a82963103", [:mix], [], "hexpm", "fea62a94a4112de45ee9c9d076fd636fbbc10b7c7c2ea99a928e7c289b8498d1"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "stream_data": {:hex, :stream_data, "0.4.3", "62aafd870caff0849a5057a7ec270fad0eb86889f4d433b937d996de99e3db25", [:mix], [], "hexpm", "7dafd5a801f0bc897f74fcd414651632b77ca367a7ae4568778191fc3bf3a19a"},
   "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"},
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index fa81debb..6a023da2 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -1,3 +1,4 @@
+require Logger
 # Script for populating the database. You can run it as:
 #
 # mix run priv/repo/seeds.exs
@@ -54,11 +55,15 @@ defmodule Auth.Seeds do
 
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
-    if(Mix.env() == :test) do
-      System.put_env("AUTH_API_KEY", api_key)
-    else
-      # update the AUTH_API_KEY in the .env file:
-      write_env("AUTH_API_KEY", api_key)
+    IO.inspect(Mix.env(), label: "Mix.env()")
+    case Mix.env() do
+      :test ->
+        System.put_env("AUTH_API_KEY", api_key)
+      :prod ->
+        Logger.info("export AUTH_API_KEY=#{api_key}")
+      _ ->
+        # update the AUTH_API_KEY in the .env file on dev/localhost:
+        write_env("AUTH_API_KEY", api_key)
     end
   end
 

From 231d10ae5575c3ea2965d2e14c9277f39cbcf4d7 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 22:49:24 +0100
Subject: [PATCH 133/166] use Elixir 1.10.4 and OTP/Erlang 23.0.4 in
 elixir_buildpack.config for #114

---
 elixir_buildpack.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/elixir_buildpack.config b/elixir_buildpack.config
index e650d238..2d8b2d3f 100644
--- a/elixir_buildpack.config
+++ b/elixir_buildpack.config
@@ -1,8 +1,8 @@
 # Elixir version
-elixir_version=1.10
+elixir_version=1.10.4
 
 # Erlang version
 # available versions https://github.com/HashNuke/heroku-buildpack-elixir-otp-builds/blob/master/otp-versions
-erlang_version=22.2.7
+erlang_version=23.0.4
 
 # always_rebuild=true

From ef2fa1185e04862aedb28680b3c0dff17d14adb4 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Sun, 13 Sep 2020 22:57:29 +0100
Subject: [PATCH 134/166] downgrade from Erlang 23.0.4 to 23.0.3 see:
 https://github.com/dwyl/auth/issues/114#issuecomment-691731167

---
 .travis.yml             | 2 +-
 elixir_buildpack.config | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 0d5e1937..a993fe6b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,7 +2,7 @@ language: elixir
 elixir:
   - 1.10.4
 otp_release:
-  - 23.0.4
+  - 23.0.3
 services:
   - postgresql
 env:
diff --git a/elixir_buildpack.config b/elixir_buildpack.config
index 2d8b2d3f..488a1dc3 100644
--- a/elixir_buildpack.config
+++ b/elixir_buildpack.config
@@ -3,6 +3,6 @@ elixir_version=1.10.4
 
 # Erlang version
 # available versions https://github.com/HashNuke/heroku-buildpack-elixir-otp-builds/blob/master/otp-versions
-erlang_version=23.0.4
+erlang_version=23.0.3
 
 # always_rebuild=true

From cbd51a5901a52e9d979df15977df12a4f73a5cc7 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 00:01:35 +0100
Subject: [PATCH 135/166] update dependencies to latest versions

---
 mix.exs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mix.exs b/mix.exs
index 905c75e7..f8f72657 100644
--- a/mix.exs
+++ b/mix.exs
@@ -47,7 +47,7 @@ defmodule Auth.Mixfile do
       # Phoenix core:
       {:phoenix, "~> 1.5.3"},
       {:phoenix_pubsub, "~> 2.0"},
-      {:phoenix_ecto, "~> 4.1.0"},
+      {:phoenix_ecto, "~> 4.2.0"},
       {:ecto_sql, "~> 3.4.5"},
       {:postgrex, ">= 0.0.0"},
       {:phoenix_html, "~> 2.14.2"},
@@ -62,12 +62,12 @@ defmodule Auth.Mixfile do
       # https://github.com/dwyl/elixir-auth-google
       {:elixir_auth_google, "~> 1.3.0"},
       # https://github.com/dwyl/auth_plug
-      {:auth_plug, "1.2.0"},
+      {:auth_plug, "1.2.1"},
       # https://github.com/dwyl/rbac
       {:rbac, "~> 0.3.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
-      {:fields, "~> 2.7.0"},
+      {:fields, "~> 2.7.1"},
       # Base58 Encodeing: https://github.com/dwyl/base58
       {:B58, "~> 1.0", hex: :b58},
 

From c9de4a5ca2929e4878305b2b2cde6cd583b99129 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 09:53:50 +0100
Subject: [PATCH 136/166] add RBAC.init_roles_cache
 https://github.com/dwyl/auth/issues/110

---
 lib/auth/application.ex | 4 ++++
 mix.exs                 | 2 +-
 mix.lock                | 8 ++++----
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/auth/application.ex b/lib/auth/application.ex
index 9c41f202..c0458546 100644
--- a/lib/auth/application.ex
+++ b/lib/auth/application.ex
@@ -6,6 +6,10 @@ defmodule Auth.Application do
   use Application
 
   def start(_type, _args) do
+    RBAC.init_roles_cache(
+      "https://dwylauth.herokuapp.com",
+      AuthPlug.Token.client_id()
+    )
     # List all child processes to be supervised
     children = [
       # Start the Ecto repository
diff --git a/mix.exs b/mix.exs
index f8f72657..2e3696fa 100644
--- a/mix.exs
+++ b/mix.exs
@@ -64,7 +64,7 @@ defmodule Auth.Mixfile do
       # https://github.com/dwyl/auth_plug
       {:auth_plug, "1.2.1"},
       # https://github.com/dwyl/rbac
-      {:rbac, "~> 0.3.0"},
+      {:rbac, "~> 0.4.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
       {:fields, "~> 2.7.1"},
diff --git a/mix.lock b/mix.lock
index 31b70591..9bb1fd17 100644
--- a/mix.lock
+++ b/mix.lock
@@ -1,7 +1,7 @@
 %{
   "B58": {:hex, :b58, "1.0.1", "db9443361d2597ea60559ab5ef29a461f0da9698727e68d1ce2d5366644ebc1f", [:mix], [], "hexpm", "f0de289ba02513c8e966b3137b32c50826281e0ac2e11c22e2e7a0e810b4202d"},
   "argon2_elixir": {:hex, :argon2_elixir, "2.3.0", "e251bdafd69308e8c1263e111600e6d68bd44f23d2cccbe43fcb1a417a76bc8e", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "28ccb63bff213aecec1f7f3dde9648418b031f822499973281d8f494b9d5a3b3"},
-  "auth_plug": {:hex, :auth_plug, "1.2.0", "ae7fe3fb8532ed527baa16979d85be17dcc01d0069d9a3732637c99d7114d193", [:mix], [{:joken, "~> 2.2.0", [hex: :joken, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "3fd700fcd761fb8c128d1ebb480c578d04171bc4a4a49c7131667a97e0bb5e25"},
+  "auth_plug": {:hex, :auth_plug, "1.2.1", "7b8af3bc119452b0da01e1f9c848d17ce62e96893c5c3c1b4eb36f3fc986c990", [:mix], [{:joken, "~> 2.2.0", [hex: :joken, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "6004562a15294f36df3fd844d1c63b776807d5c1509faa9be02d5f8e8bb123d9"},
   "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"},
   "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"},
   "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
@@ -22,7 +22,7 @@
   "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},
   "ex_doc": {:hex, :ex_doc, "0.21.3", "857ec876b35a587c5d9148a2512e952e24c24345552259464b98bfbb883c7b42", [:mix], [{:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}], "hexpm", "0db1ee8d1547ab4877c5b5dffc6604ef9454e189928d5ba8967d4a58a801f161"},
   "excoveralls": {:hex, :excoveralls, "0.12.3", "2142be7cb978a3ae78385487edda6d1aff0e482ffc6123877bb7270a8ffbcfe0", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "568a3e616c264283f5dea5b020783ae40eef3f7ee2163f7a67cbd7b35bcadada"},
-  "fields": {:hex, :fields, "2.7.0", "1524662e5fddf2541cf4b561e59f4237d24c3647a65af5c1d057e11d375a3074", [:mix], [{:argon2_elixir, "~> 2.3.0", [hex: :argon2_elixir, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.6", [hex: :ecto, repo: "hexpm", optional: false]}, {:html_sanitize_ex, "~> 1.4.1", [hex: :html_sanitize_ex, repo: "hexpm", optional: false]}], "hexpm", "b9563fc12c26ce2673d0b4e2c60057ed4b307648be21306c194cb5ef489d6d8f"},
+  "fields": {:hex, :fields, "2.7.1", "8e388bce46877c25607100caae686d6ea3cd88182d8c100169484a7744b1b502", [:mix], [{:argon2_elixir, "~> 2.3.0", [hex: :argon2_elixir, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.6", [hex: :ecto, repo: "hexpm", optional: false]}, {:html_sanitize_ex, "~> 1.4.1", [hex: :html_sanitize_ex, repo: "hexpm", optional: false]}], "hexpm", "8ec6545e50128a1a8e77009b51de46d121011bb04449d99ab3e7592ea21ce636"},
   "file_system": {:hex, :file_system, "0.2.8", "f632bd287927a1eed2b718f22af727c5aeaccc9a98d8c2bd7bff709e851dc986", [:mix], [], "hexpm", "97a3b6f8d63ef53bd0113070102db2ce05352ecf0d25390eb8d747c2bde98bca"},
   "gettext": {:hex, :gettext, "0.18.1", "89e8499b051c7671fa60782faf24409b5d2306aa71feb43d79648a8bc63d0522", [:mix], [], "hexpm", "e70750c10a5f88cb8dc026fc28fa101529835026dec4a06dba3b614f2a99c7a9"},
   "hackney": {:hex, :hackney, "1.16.0", "5096ac8e823e3a441477b2d187e30dd3fff1a82991a806b2003845ce72ce2d84", [:rebar3], [{:certifi, "2.5.2", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.1", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.0", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.6", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "3bf0bebbd5d3092a3543b783bf065165fa5d3ad4b899b836810e513064134e18"},
@@ -41,7 +41,7 @@
   "nimble_parsec": {:hex, :nimble_parsec, "0.6.0", "32111b3bf39137144abd7ba1cce0914533b2d16ef35e8abc5ec8be6122944263", [:mix], [], "hexpm", "27eac315a94909d4dc68bc07a4a83e06c8379237c5ea528a9acff4ca1c873c52"},
   "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
   "phoenix": {:hex, :phoenix, "1.5.4", "0fca9ce7e960f9498d6315e41fcd0c80bfa6fbeb5fa3255b830c67fdfb7e703f", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 2.13", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.1.2 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "4e516d131fde87b568abd62e1b14aa07ba7d5edfd230bab4e25cc9dedbb39135"},
-  "phoenix_ecto": {:hex, :phoenix_ecto, "4.1.0", "a044d0756d0464c5a541b4a0bf4bcaf89bffcaf92468862408290682c73ae50d", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c5e666a341ff104d0399d8f0e4ff094559b2fde13a5985d4cb5023b2c2ac558b"},
+  "phoenix_ecto": {:hex, :phoenix_ecto, "4.2.0", "4ac3300a22240a37ed54dfe6c0be1b5623304385d1a2c210a70f011d9e7af7ac", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14.2 or ~> 2.15", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "59e7e2a550d7ea082a665c0fc29485f06f55d1a51dd02f513aafdb9d16fc72c4"},
   "phoenix_html": {:hex, :phoenix_html, "2.14.2", "b8a3899a72050f3f48a36430da507dd99caf0ac2d06c77529b1646964f3d563e", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "58061c8dfd25da5df1ea0ca47c972f161beb6c875cd293917045b92ffe1bf617"},
   "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.4", "940c0344b1d66a2e46eef02af3a70e0c5bb45a4db0bf47917add271b76cd3914", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "38f9308357dea4cc77f247e216da99fcb0224e05ada1469167520bed4cb8cccd"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.0.0", "a1ae76717bb168cdeb10ec9d92d1480fec99e3080f011402c0a2d68d47395ffb", [:mix], [], "hexpm", "c52d948c4f261577b9c6fa804be91884b381a7f8f18450c5045975435350f771"},
@@ -52,7 +52,7 @@
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"},
   "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
-  "rbac": {:hex, :rbac, "0.3.0", "81ef1f898da2da61ed3b054822b98915005b1b07ed1b7d32071d41cd3ce93d84", [:mix], [], "hexpm", "ccba5f1bd58c351e58596ca3fbfd1e49391e4e6aedfac0ae08f54baea43a66dc"},
+  "rbac": {:hex, :rbac, "0.4.0", "809fb2d1857fd2ffccc6d2e86e8f5df2961d9fc03258bf66663b48efd407d063", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jason, "~> 1.2.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4a97e39642cacccd09e5834c8982f86e77b1572afce58e21a89143d5da3274f"},
   "sobelow": {:hex, :sobelow, "0.10.4", "44ba642da120d84fedb9e85473375084034330c8f15a992351dd164a82963103", [:mix], [], "hexpm", "fea62a94a4112de45ee9c9d076fd636fbbc10b7c7c2ea99a928e7c289b8498d1"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "stream_data": {:hex, :stream_data, "0.4.3", "62aafd870caff0849a5057a7ec270fad0eb86889f4d433b937d996de99e3db25", [:mix], [], "hexpm", "7dafd5a801f0bc897f74fcd414651632b77ca367a7ae4568778191fc3bf3a19a"},

From f7cb9a116a5d34d4972ea2ccaf75036ca7ef90d1 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 12:59:13 +0100
Subject: [PATCH 137/166] avoid overwriting .env file in seeds.exs

---
 lib/auth/application.ex |  4 ---
 priv/repo/seeds.exs     | 55 +++++++++++++++++------------------------
 2 files changed, 23 insertions(+), 36 deletions(-)

diff --git a/lib/auth/application.ex b/lib/auth/application.ex
index c0458546..9c41f202 100644
--- a/lib/auth/application.ex
+++ b/lib/auth/application.ex
@@ -6,10 +6,6 @@ defmodule Auth.Application do
   use Application
 
   def start(_type, _args) do
-    RBAC.init_roles_cache(
-      "https://dwylauth.herokuapp.com",
-      AuthPlug.Token.client_id()
-    )
     # List all child processes to be supervised
     children = [
       # Start the Ecto repository
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 6a023da2..bc7bd72d 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -10,10 +10,10 @@ require Logger
 # mix ecto.setup
 defmodule Auth.Seeds do
   alias Auth.{Person, Repo, Status}
-  # put_assoc
-  # import Ecto.Changeset
+  import Ecto.Changeset
 
   def create_admin do
+    load_env()
     email = System.get_env("ADMIN_EMAIL")
 
     person =
@@ -49,9 +49,15 @@ defmodule Auth.Seeds do
       }
       |> Auth.App.create_app()
 
-    # API Key is automatically created by create_app/1
-    # https://github.com/dwyl/auth/issues/97
-    key = List.first(app.apikeys)
+    # set the api key to AUTH_API_KEY in env:
+    update_attrs = %{
+      "client_id" => AuthPlug.Token.client_id(),
+      "client_secret" => AuthPlug.Token.client_secret()
+    }
+
+    {:ok, key} = Auth.Apikey.get_apikey_by_app_id(app.id)
+      |> cast(update_attrs, [:client_id, :client_secret])
+      |> Repo.update()
 
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
@@ -62,44 +68,29 @@ defmodule Auth.Seeds do
       :prod ->
         Logger.info("export AUTH_API_KEY=#{api_key}")
       _ ->
-        # update the AUTH_API_KEY in the .env file on dev/localhost:
-        write_env("AUTH_API_KEY", api_key)
+        nil
     end
   end
 
-  # write the key:value pair to project .env file
-  def write_env(key, value) do
-    # IO.inspect(File.cwd!, label: "cwd")
+  # load the .env file
+  def load_env() do
     path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
     {:ok, data} = File.read(path)
-    # IO.inspect(data)
-
-    lines =
-      String.split(data, "\n")
-      |> Enum.filter(fn line ->
-        not String.contains?(line, key)
-      end)
-
-    # |> IO.inspect
-    str = "export #{key}=#{value}"
-    vars = lines ++ [str]
-    content = Enum.join(vars, "\n")
-    File.write!(path, content) |> File.close()
-    env(vars)
-  end
 
-  # export all the environment variables during app excution/tests
-  def env(vars) do
-    Enum.map(vars, fn line ->
-      parts =
+    Enum.map(String.split(data, "\n"), fn line ->
+      line =
         line
         |> String.replace("export ", "")
         |> String.replace("'", "")
-        |> String.split("=")
 
-      # IO.inspect(List.last(parts), label: List.first(parts))
-      System.put_env(List.first(parts), List.last(parts))
+      # this part is convoluted because some .env values can contain "=" chacter:
+      {index, _} = :binary.match(line, "=")
+      len = String.length(line)
+      value = String.slice(line, index + 1, len)
+      [key | _rest] = String.split(line, "=")
+      # IO.inspect(value, label: key)
+      System.put_env(key, value)
     end)
   end
 end

From 6cd4495144b7bd6b4f7e1797686cc7e4fa93f27e Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 13:12:36 +0100
Subject: [PATCH 138/166] add case for where .env file dont exist e.g. heroko

---
 priv/repo/seeds.exs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index bc7bd72d..246844a8 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -76,7 +76,10 @@ defmodule Auth.Seeds do
   def load_env() do
     path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
-    {:ok, data} = File.read(path)
+    data = case File.read(path) do
+      {:ok, data} -> data
+      {:error, _} -> "export MIX_ENV=test"
+    end
 
     Enum.map(String.split(data, "\n"), fn line ->
       line =

From 297b93ae6bfb1bbb7903815b20c948f74226774c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 13:21:59 +0100
Subject: [PATCH 139/166] catch MatchError in seeds.exs

---
 priv/repo/seeds.exs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 246844a8..81b69c37 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -76,9 +76,12 @@ defmodule Auth.Seeds do
   def load_env() do
     path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
-    data = case File.read(path) do
-      {:ok, data} -> data
-      {:error, _} -> "export MIX_ENV=test"
+    data = try do
+      {:ok, data} = File.read(path)
+      data
+    rescue
+      MatchError ->
+       "export MIX_ENV=test"
     end
 
     Enum.map(String.split(data, "\n"), fn line ->

From 5ca7ebc5252eafb735239e945702c6d4820ceb48 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 13:42:12 +0100
Subject: [PATCH 140/166] =?UTF-8?q?even=20more=20error=20handling=20for=20?=
 =?UTF-8?q?no=20.env=20on=20travis=20...=20=F0=9F=99=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 priv/repo/seeds.exs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 81b69c37..29191bf5 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -77,8 +77,10 @@ defmodule Auth.Seeds do
     path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
     data = try do
-      {:ok, data} = File.read(path)
-      data
+      case File.read(path) do
+      {:ok, data} -> data
+      _ -> "export MIX_ENV=test"
+      end
     rescue
       MatchError ->
        "export MIX_ENV=test"

From ca5fcfa70382914bcef89e14e24b8547f519e851 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 13:51:38 +0100
Subject: [PATCH 141/166] check for TRAVIS env var
 https://travis-ci.com/github/dwyl/auth/jobs/384604718#L621

---
 priv/repo/seeds.exs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 29191bf5..29715c31 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -13,7 +13,9 @@ defmodule Auth.Seeds do
   import Ecto.Changeset
 
   def create_admin do
-    load_env()
+    if is_nil(System.get_env("TRAVIS")) do
+      load_env()
+    end
     email = System.get_env("ADMIN_EMAIL")
 
     person =

From 5242c6b0f8e123cafe05a606c38883a6322c897c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 14:01:06 +0100
Subject: [PATCH 142/166] remove excess error checking code as not running
 env() on travis

---
 priv/repo/seeds.exs | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 29715c31..92e3d896 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -78,15 +78,7 @@ defmodule Auth.Seeds do
   def load_env() do
     path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
-    data = try do
-      case File.read(path) do
-      {:ok, data} -> data
-      _ -> "export MIX_ENV=test"
-      end
-    rescue
-      MatchError ->
-       "export MIX_ENV=test"
-    end
+    {:ok, data} -> File.read(path)
 
     Enum.map(String.split(data, "\n"), fn line ->
       line =

From 7849d5e40289c5d71467729a86cfead6e497366e Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 14:03:25 +0100
Subject: [PATCH 143/166] fix code error

---
 priv/repo/seeds.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 92e3d896..3c842b7b 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -78,7 +78,7 @@ defmodule Auth.Seeds do
   def load_env() do
     path = File.cwd!() <> "/.env"
     IO.inspect(path, label: ".env file path")
-    {:ok, data} -> File.read(path)
+    {:ok, data} = File.read(path)
 
     Enum.map(String.split(data, "\n"), fn line ->
       line =

From 839534560cc64f977944b7d77e07bcaa3805887e Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 21:26:22 +0100
Subject: [PATCH 144/166] hide irrelevant nav links #115

---
 lib/auth_web/templates/layout/nav.html.eex | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/auth_web/templates/layout/nav.html.eex b/lib/auth_web/templates/layout/nav.html.eex
index 8a8165a3..28c46c49 100644
--- a/lib/auth_web/templates/layout/nav.html.eex
+++ b/lib/auth_web/templates/layout/nav.html.eex
@@ -13,21 +13,27 @@
        </a>
      </li>
 
+     <%= if Map.has_key?(@conn.assigns, :person) do %>
      <li class="di-l pl6 tl pt5-m pb2-m">
        <a href="/apps" class="white link">Apps</a>
      </li>
+     <% end %>
+     <%= if Map.has_key?(@conn.assigns, :person) and @conn.assigns.person.id == 1 do %>
      <li class="pl5 pl6-m di-l tl pb2-m">
        <a href="/people" class="white link">People</a>
      </li>
+     <% end %>
+     <%= if Map.has_key?(@conn.assigns, :person) do %>
      <li class="pl5 pl6-m di-l tl pb2-m">
-       <a href="/roles" id="contact-link" class="white link">Roles</a>
+       <a href="/roles" class="white link">Roles</a>
      </li>
-
+     <% end %>
+     <!-- 
      <li class="pl6-m tl dn-l pb3">
        <a href="https://youtu.be/dQw4w9WgXcQ"
          class="white link">S'up?</a>
      </li>
-
+    -->
    </ul>
  </nav>
 

From 131efdeb940dc17595733ea04c7abe8cbd31d3a0 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 21:28:00 +0100
Subject: [PATCH 145/166] simplify app/show.html.eex template #115

---
 lib/auth_web/templates/app/show.html.eex | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index ae3dde00..84bddf49 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -1,19 +1,6 @@
 <div class="f3 w-70 center">
-  <h1 class="tc">Your App</h1>
-  
-  <p>
-    <strong>Name:</strong>
-    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
-      <%= @app.name %>
-    </span>
-  </p>
-
-  <p>
-    <strong>Description:</strong>
-    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
-      <%= @app.desc %>
-    </span>
-  </p>
+  <h1 class="tc"><%= @app.name %></h1>
+  <p class="tc w-100"><%= @app.desc %></p>
 
   <p>
     <strong>URL:</strong>

From d57d17a2adfa8f84193bf25c335e221564be515b Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 21:41:54 +0100
Subject: [PATCH 146/166] display "New App" button if the person does not have
 any apps on /profile (welcome) page fixes #115

---
 lib/auth_web/controllers/auth_controller.ex  |  6 ++++--
 lib/auth_web/templates/app/edit.html.eex     |  2 +-
 lib/auth_web/templates/auth/welcome.html.eex | 21 +++++++++++++-------
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index fa5afdee..36600806 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -4,11 +4,13 @@ defmodule AuthWeb.AuthController do
   """
   use AuthWeb, :controller
   alias Auth.Person
+  alias Auth.App
 
   # https://github.com/dwyl/auth/issues/46
   def admin(conn, _params) do
+    apps = App.list_apps(conn.assigns.person.id)
     conn
-    |> render(:welcome)
+    |> render(:welcome, apps: apps)
   end
 
   defp get_user_agent_string(conn) do
@@ -185,7 +187,7 @@ defmodule AuthWeb.AuthController do
         # Auth.PeopleRoles.insert(1, person.id, 8)
         conn
         |> AuthPlug.create_jwt_session(person)
-        |> render(:welcome, person: person)
+        |> render(:welcome, person: person, apps: App.list_apps(person.id))
     end
   end
 
diff --git a/lib/auth_web/templates/app/edit.html.eex b/lib/auth_web/templates/app/edit.html.eex
index d81cd11d..143d468d 100644
--- a/lib/auth_web/templates/app/edit.html.eex
+++ b/lib/auth_web/templates/app/edit.html.eex
@@ -1,5 +1,5 @@
 <div class="f3 w-60 center">
-  <h1>Edit App</h1>
+  <h1 class="tc">Edit App</h1>
 
   <%= render "form.html", Map.put(assigns, :action, Routes.app_path(@conn, :update, @app)) %>
 
diff --git a/lib/auth_web/templates/auth/welcome.html.eex b/lib/auth_web/templates/auth/welcome.html.eex
index f1b93fd2..59024008 100644
--- a/lib/auth_web/templates/auth/welcome.html.eex
+++ b/lib/auth_web/templates/auth/welcome.html.eex
@@ -5,14 +5,21 @@
     class="center db br2"/>
   <p class="f3"> You are <strong>signed in</strong>
     with your <strong><%= String.capitalize(@conn.assigns.person.auth_provider) %> account</strong>.
-  <p/>
+  </p>
 
   <br />
-  <a href="/apps"
-  class="pointer ba border-box dwyl-bg-mint white pa3 ml1 mv1 f3
-  shadow-hover bg-animate hover-dwyl-teal-darkest no-underline">
-  Manage Apps
-  </a>
+  <%= if length(@apps) == 0 do %>
+    <span class="w-20 mt4 center">
+      <%= link "New App", to: Routes.app_path(@conn, :new),
+      class: "pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f3
+      shadow-hover bg-animate hover-bg-dark-green border-box no-underline" %>
+    </span>
 
-  <!-- <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/otCpCn0l4Wo?start=15" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> -->
+  <% else %>
+    <a href="/apps"
+      class="pointer ba border-box dwyl-bg-mint white pa3 ml1 mv1 f3
+      shadow-hover bg-animate hover-dwyl-teal-darkest no-underline">
+      Manage Apps
+    </a>
+  <% end %>
 </section>

From 6c947450708165b9aa59cf60886133871b309baf Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 21:44:44 +0100
Subject: [PATCH 147/166] address @sourcelevel-bot issues noted in PR #85

---
 lib/auth/apikey.ex                            |  1 +
 lib/auth/role.ex                              |  3 +-
 lib/auth_web/controllers/auth_controller.ex   |  8 +--
 priv/repo/seeds.exs                           |  7 ++-
 .../controllers/app_controller_test.exs       | 53 +++++++++++--------
 .../controllers/auth_controller_test.exs      |  2 +
 6 files changed, 46 insertions(+), 28 deletions(-)

diff --git a/lib/auth/apikey.ex b/lib/auth/apikey.ex
index 8e0e783f..ac24d043 100644
--- a/lib/auth/apikey.ex
+++ b/lib/auth/apikey.ex
@@ -47,6 +47,7 @@ defmodule Auth.Apikey do
     rescue
       ArgumentError ->
         0
+
       ArithmeticError ->
         0
     end
diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 86ec4580..05a2f973 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -41,7 +41,8 @@ defmodule Auth.Role do
 
   def list_roles_for_app(app_id) do
     __MODULE__
-    |> where([r], r.app_id == ^app_id or is_nil(r.app_id)) # and a.status != 6)
+    # and a.status != 6)
+    |> where([r], r.app_id == ^app_id or is_nil(r.app_id))
     |> Repo.all()
   end
 
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
index 36600806..1ad8cd62 100644
--- a/lib/auth_web/controllers/auth_controller.ex
+++ b/lib/auth_web/controllers/auth_controller.ex
@@ -3,14 +3,12 @@ defmodule AuthWeb.AuthController do
   Defines AuthController and all functions for authenticaiton
   """
   use AuthWeb, :controller
-  alias Auth.Person
   alias Auth.App
+  alias Auth.Person
 
   # https://github.com/dwyl/auth/issues/46
   def admin(conn, _params) do
-    apps = App.list_apps(conn.assigns.person.id)
-    conn
-    |> render(:welcome, apps: apps)
+    render(conn, :welcome, apps: App.list_apps(conn.assigns.person.id))
   end
 
   defp get_user_agent_string(conn) do
@@ -125,6 +123,7 @@ defmodule AuthWeb.AuthController do
   def get_app_id(state) do
     client_id = get_client_secret_from_state(state)
     app_id = Auth.Apikey.decode_decrypt(client_id)
+
     case app_id == 0 do
       true -> 1
       false -> app_id
@@ -383,6 +382,7 @@ defmodule AuthWeb.AuthController do
         msg = """
         That password is incorrect.
         """
+
         user_agent = get_user_agent(conn)
         ip_address = get_ip_address(conn)
 
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 3c842b7b..c8d599be 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -16,6 +16,7 @@ defmodule Auth.Seeds do
     if is_nil(System.get_env("TRAVIS")) do
       load_env()
     end
+
     email = System.get_env("ADMIN_EMAIL")
 
     person =
@@ -57,18 +58,22 @@ defmodule Auth.Seeds do
       "client_secret" => AuthPlug.Token.client_secret()
     }
 
-    {:ok, key} = Auth.Apikey.get_apikey_by_app_id(app.id)
+    {:ok, key} =
+      Auth.Apikey.get_apikey_by_app_id(app.id)
       |> cast(update_attrs, [:client_id, :client_secret])
       |> Repo.update()
 
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
     IO.inspect(Mix.env(), label: "Mix.env()")
+
     case Mix.env() do
       :test ->
         System.put_env("AUTH_API_KEY", api_key)
+
       :prod ->
         Logger.info("export AUTH_API_KEY=#{api_key}")
+
       _ ->
         nil
     end
diff --git a/test/auth_web/controllers/app_controller_test.exs b/test/auth_web/controllers/app_controller_test.exs
index fa4b52f6..8db828d5 100644
--- a/test/auth_web/controllers/app_controller_test.exs
+++ b/test/auth_web/controllers/app_controller_test.exs
@@ -165,9 +165,10 @@ defmodule AuthWeb.AppControllerTest do
     setup [:create_app]
 
     test "returns 401 if client_id is invalid", %{conn: conn} do
-      conn = conn
-      |> put_req_header("accept", "application/json")
-      |> get("/approles/invalid")
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/approles/invalid")
 
       assert html_response(conn, 401) =~ "invalid"
     end
@@ -176,10 +177,11 @@ defmodule AuthWeb.AppControllerTest do
       roles = Auth.Role.list_roles_for_app(app.id)
       key = List.first(app.apikeys)
       # IO.inspect(app, label: "app")
-      conn = conn
-      |> admin_login()
-      |> put_req_header("accept", "application/json")
-      |> get("/approles/#{key.client_id}")
+      conn =
+        conn
+        |> admin_login()
+        |> put_req_header("accept", "application/json")
+        |> get("/approles/#{key.client_id}")
 
       assert conn.status == 200
       {:ok, json} = Jason.decode(conn.resp_body)
@@ -203,25 +205,30 @@ defmodule AuthWeb.AppControllerTest do
       conn2 = non_admin_login(conn)
 
       # create non-admin app (to get API Key)
-      {:ok, non_admin_app} = Auth.App.create_app(%{
-        "name" => "default system app",
-        "desc" => "Demo App",
-        "url" => "localhost:4000",
-        "person_id" => conn2.assigns.person.id,
-        "status" => 3
-      })
+      {:ok, non_admin_app} =
+        Auth.App.create_app(%{
+          "name" => "default system app",
+          "desc" => "Demo App",
+          "url" => "localhost:4000",
+          "person_id" => conn2.assigns.person.id,
+          "status" => 3
+        })
+
       # create non-admin role:
       role_data = %{
-        desc: "non-admin role", name: "non-admin role",
+        desc: "non-admin role",
+        name: "non-admin role",
         app_id: non_admin_app.id
       }
+
       {:ok, %Role{} = role2} = Role.create_role(role_data)
       key = List.first(non_admin_app.apikeys)
 
-      conn3 = conn2
-      |> admin_login()
-      |> put_req_header("accept", "application/json")
-      |> get("/approles/#{key.client_id}")
+      conn3 =
+        conn2
+        |> admin_login()
+        |> put_req_header("accept", "application/json")
+        |> get("/approles/#{key.client_id}")
 
       assert conn3.status == 200
       {:ok, json} = Jason.decode(conn3.resp_body)
@@ -230,9 +237,11 @@ defmodule AuthWeb.AppControllerTest do
       assert Map.get(last_role, "name") == role2.name
 
       # confirm the admin_role is NOT in the JSON reponse:
-      should_be_empty = Enum.filter(json, fn r ->
-        Map.get(r, "name") == admin_role.name
-      end)
+      should_be_empty =
+        Enum.filter(json, fn r ->
+          Map.get(r, "name") == admin_role.name
+        end)
+
       assert should_be_empty == []
     end
   end
diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
index 0997f6ac..9e84c486 100644
--- a/test/auth_web/controllers/auth_controller_test.exs
+++ b/test/auth_web/controllers/auth_controller_test.exs
@@ -29,6 +29,7 @@ defmodule AuthWeb.AuthControllerTest do
     }
 
     person = Auth.Person.create_person(data)
+
     conn =
       AuthPlug.create_jwt_session(conn, Map.merge(data, %{id: person.id}))
       |> get("/profile", %{})
@@ -157,6 +158,7 @@ defmodule AuthWeb.AuthControllerTest do
     }
 
     Auth.Person.upsert_person(data)
+
     conn =
       AuthPlug.create_jwt_session(conn, data)
       |> get("/auth/google/callback", %{"code" => "234", "state" => nil})

From 80d3f6eb1870d8274a93aaac8419ef362f636a98 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 22:24:48 +0100
Subject: [PATCH 148/166] tidy up app/show template for consistency #115

---
 lib/auth_web/templates/app/show.html.eex | 45 +++++++++++-------------
 1 file changed, 21 insertions(+), 24 deletions(-)

diff --git a/lib/auth_web/templates/app/show.html.eex b/lib/auth_web/templates/app/show.html.eex
index 84bddf49..ca980777 100644
--- a/lib/auth_web/templates/app/show.html.eex
+++ b/lib/auth_web/templates/app/show.html.eex
@@ -4,7 +4,7 @@
 
   <p>
     <strong>URL:</strong>
-    <span class="db ba b--black-80 pa2 bg-light-gray w-100 mt2">
+    <span class="db ba b--black-80 pa2 bg-light-gray w-70 mt2">
       <%= @app.url %>
     </span>
   </p>
@@ -29,28 +29,25 @@
     <% end %>
   <% end %>
 
-
-
-
-<span>
-  <%= link "< All Apps", to: Routes.app_path(@conn, :index),
-  class: "fl pointer br2 ba b--dark-blue bg-blue white pa3 ml1 mv1 f4
-  shadow-hover bg-animate hover-bg-dark-blue border-box no-underline"
-  %>
-</span>
-
-<span>
-  <%= link "Edit", to: Routes.app_path(@conn, :edit, @app),
-  class: "fr pointer br2 ba b--dark-green bg-green white pa3 ml1 mv1 f4
-  shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
-  %>
-</span>
-
-<span>
-  <%= link "Reset API Key", to: Routes.app_path(@conn, :resetapikey, @app),
-  class: "fl ml5 pointer br2 ba b--orange bg-gold white pa3 ml1 mv1 f4
-  shadow-hover bg-animate hover-bg-orange border-box no-underline"
-  %>
-</span>
+  <span>
+    <%= link "< All Apps", to: Routes.app_path(@conn, :index),
+    class: "fl pointer br2 ba b--dark-blue bg-blue white pv2 ph3 ml1 mv1 f4
+    shadow-hover bg-animate hover-bg-dark-blue border-box no-underline"
+    %>
+  </span>
+
+  <span>
+    <%= link "Edit", to: Routes.app_path(@conn, :edit, @app),
+    class: "fr pointer br2 ba b--dark-green bg-green white pv2 ph3 ml1 mv1 f4
+    shadow-hover bg-animate hover-bg-dark-green border-box no-underline"
+    %>
+  </span>
+
+  <span>
+    <%= link "Reset API Key", to: Routes.app_path(@conn, :resetapikey, @app),
+    class: "fl ml5 pointer br2 ba b--orange bg-gold white pv2 ph3 ml1 mv1 f4
+    shadow-hover bg-animate hover-bg-orange border-box no-underline"
+    %>
+  </span>
 
 </div>

From f27ce54fb08a7a7f6db804221cfe21cfad435439 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Mon, 14 Sep 2020 22:38:50 +0100
Subject: [PATCH 149/166] remove "Phoenix Framework" from page title (noise)

---
 lib/auth_web/templates/layout/app.html.eex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/auth_web/templates/layout/app.html.eex b/lib/auth_web/templates/layout/app.html.eex
index daaae4dd..93c27abe 100644
--- a/lib/auth_web/templates/layout/app.html.eex
+++ b/lib/auth_web/templates/layout/app.html.eex
@@ -4,7 +4,7 @@
     <meta charset="utf-8"/>
     <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <title><%= assigns[:page_title] || "Auth · Phoenix Framework" %></title>
+    <title><%= assigns[:page_title] || "Auth App" %></title>
     <link rel="stylesheet" href="<%= Routes.static_path(@conn, "/css/app.css") %>"/>
     <%= csrf_meta_tag() %>
     <link rel="stylesheet" href="https://unpkg.com/tachyons@4.12.0/css/tachyons.min.css"/>

From 818bba2754d95b4e46716fad39385e4b967e3794 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 15:12:32 +0100
Subject: [PATCH 150/166] insert statuses before creating admin apikey in
 seeds.exs

---
 lib/auth/person.ex  | 10 ++++++++--
 mix.exs             |  2 +-
 mix.lock            |  2 +-
 priv/repo/seeds.exs |  6 +++---
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/lib/auth/person.ex b/lib/auth/person.ex
index 9a9eb1fb..a48adff1 100644
--- a/lib/auth/person.ex
+++ b/lib/auth/person.ex
@@ -229,13 +229,19 @@ defmodule Auth.Person do
   @doc """
   `get_person_by_email/1` returns the person based on email address.
   """
-  def get_person_by_email(email) do
+  def get_person_by_email(email) when not is_nil(email) do
     __MODULE__
     |> Repo.get_by(email_hash: email)
-    |> Repo.preload(:roles)
     |> Repo.preload([:statuses, :roles])
   end
 
+  # def get_person_by_email(email) do
+  #   IO.inspect(email, label: "email")
+  #   __MODULE__
+  #   |> Repo.get_by(email_hash: email)
+  #   |> Repo.preload([:statuses, :roles])
+  # end
+
   @doc """
   `upsert_person/1` inserts or updates a person record.
   """
diff --git a/mix.exs b/mix.exs
index 2e3696fa..7accd1f1 100644
--- a/mix.exs
+++ b/mix.exs
@@ -64,7 +64,7 @@ defmodule Auth.Mixfile do
       # https://github.com/dwyl/auth_plug
       {:auth_plug, "1.2.1"},
       # https://github.com/dwyl/rbac
-      {:rbac, "~> 0.4.0"},
+      {:rbac, "~> 0.5.0"},
 
       # Field Validation and Encryption: github.com/dwyl/fields
       {:fields, "~> 2.7.1"},
diff --git a/mix.lock b/mix.lock
index 9bb1fd17..e269e191 100644
--- a/mix.lock
+++ b/mix.lock
@@ -52,7 +52,7 @@
   "poison": {:hex, :poison, "4.0.1", "bcb755a16fac91cad79bfe9fc3585bb07b9331e50cfe3420a24bcc2d735709ae", [:mix], [], "hexpm", "ba8836feea4b394bb718a161fc59a288fe0109b5006d6bdf97b6badfcf6f0f25"},
   "postgrex": {:hex, :postgrex, "0.15.5", "aec40306a622d459b01bff890fa42f1430dac61593b122754144ad9033a2152f", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "ed90c81e1525f65a2ba2279dbcebf030d6d13328daa2f8088b9661eb9143af7f"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
-  "rbac": {:hex, :rbac, "0.4.0", "809fb2d1857fd2ffccc6d2e86e8f5df2961d9fc03258bf66663b48efd407d063", [:mix], [{:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jason, "~> 1.2.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4a97e39642cacccd09e5834c8982f86e77b1572afce58e21a89143d5da3274f"},
+  "rbac": {:hex, :rbac, "0.5.0", "49b34b40f4845e2521f1e4f6e0b187d71d3bb98aafd51b2db340fdb9b60e59cd", [:mix], [{:auth_plug, "~> 1.2", [hex: :auth_plug, repo: "hexpm", optional: false]}, {:httpoison, "~> 1.7.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jason, "~> 1.2.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "985e6a6c7c50b12e9b1876669432741b690b971463e68f09320e5ef7b3248869"},
   "sobelow": {:hex, :sobelow, "0.10.4", "44ba642da120d84fedb9e85473375084034330c8f15a992351dd164a82963103", [:mix], [], "hexpm", "fea62a94a4112de45ee9c9d076fd636fbbc10b7c7c2ea99a928e7c289b8498d1"},
   "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "stream_data": {:hex, :stream_data, "0.4.3", "62aafd870caff0849a5057a7ec270fad0eb86889f4d433b937d996de99e3db25", [:mix], [], "hexpm", "7dafd5a801f0bc897f74fcd414651632b77ca367a7ae4568778191fc3bf3a19a"},
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index c8d599be..100b8240 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -66,7 +66,7 @@ defmodule Auth.Seeds do
     api_key = key.client_id <> "/" <> key.client_secret
     # set the AUTH_API_KEY environment variable during test run:
     IO.inspect(Mix.env(), label: "Mix.env()")
-
+    # IO.inspect(person)
     case Mix.env() do
       :test ->
         System.put_env("AUTH_API_KEY", api_key)
@@ -126,10 +126,10 @@ defmodule SeedData do
   end
 end
 
+person = Auth.Seeds.create_admin()
 SeedData.insert_statuses()
 
-Auth.Seeds.create_admin()
-|> Auth.Seeds.create_apikey_for_admin()
+Auth.Seeds.create_apikey_for_admin(person)
 
 # Update status of Admin to "Verified"
 Auth.Person.verify_person_by_id(1)

From 333a448decb51b25dc093055fb77abb85d0ccf2c Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 19:57:21 +0100
Subject: [PATCH 151/166] Add test and code for restricting creation of roles
 to apps the person owns for #116

---
 lib/auth/role.ex                              |  9 ++++
 lib/auth_web/controllers/role_controller.ex   | 42 ++++++++++++++-----
 .../controllers/role_controller_test.exs      |  7 ++++
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index 05a2f973..fe0c27cf 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -46,6 +46,15 @@ defmodule Auth.Role do
     |> Repo.all()
   end
 
+  @doc """
+  get all roles for apps owned + default roles
+  """
+  def list_roles_for_apps(app_ids) do
+    __MODULE__
+    |> where([r], r.app_id in ^app_ids or is_nil(r.app_id)) # and r.status != 6
+    |> Repo.all()
+  end
+
   @doc """
   Gets a single role.
 
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 4077ad81..457ab023 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -1,11 +1,15 @@
 defmodule AuthWeb.RoleController do
   use AuthWeb, :controller
-
   alias Auth.Role
+  import Auth.Plugs.IsOwner
+
+  plug :is_owner when action in [:index]
 
   def index(conn, _params) do
-    roles = Role.list_roles()
-    # IO.inspect(conn.assigns.person, label: "conn.assigns.person")
+    # restrict viewing to only roles owned by the person or default roles:
+    apps = Auth.App.list_apps(conn.assigns.person.id)
+    app_ids = Enum.map(apps, fn(a) -> a.id end)
+    roles = Role.list_roles_for_apps(app_ids)
     render(conn, "index.html", roles: roles)
   end
 
@@ -32,15 +36,33 @@ defmodule AuthWeb.RoleController do
   end
 
   def create(conn, %{"role" => role_params}) do
-    case Role.create_role(role_params) do
-      {:ok, role} ->
+    apps = Auth.App.list_apps(conn.assigns.person.id)
+    app_ids = Enum.map(apps, fn(a) -> a.id end)
+
+    case Enum.member?(app_ids, Map.get(role_params, "app_id")) do
+      true ->
+        # never allow the request to define the person_id:
+        create_attrs = Map.merge(role_params, %{"person_d" => conn.assigns.person.id})
+        case Role.create_role(create_attrs) do
+          {:ok, role} ->
+            conn
+            |> put_flash(:info, "Role created successfully.")
+            |> redirect(to: Routes.role_path(conn, :show, role))
+
+          {:error, %Ecto.Changeset{} = changeset} ->
+            apps = list_apps(conn.assigns.person.id)
+            render(conn, "new.html", changeset: changeset, apps: apps)
+        end
+
+      false ->
+        # request is attempting to create a role for an app they don't own ...
+        changeset = Auth.Role.changeset(%Role{}, role_params)
+        apps = list_apps(conn.assigns.person.id)
         conn
-        |> put_flash(:info, "Role created successfully.")
-        |> redirect(to: Routes.role_path(conn, :show, role))
+        |> put_status(:not_found)
+        |> put_flash(:info, "Please select an app you own.")
+        |> render("new.html", changeset: changeset, apps: apps)
 
-      {:error, %Ecto.Changeset{} = changeset} ->
-        apps = list_apps(conn.assigns.person.id)
-        render(conn, "new.html", changeset: changeset, apps: apps)
     end
   end
 
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index a9149e32..c2964903 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -75,6 +75,13 @@ defmodule AuthWeb.RoleControllerTest do
 
       assert html_response(conn, 200) =~ "New Role"
     end
+
+    test "attempt to create role for app they don't own.", %{conn: conn} do
+      conn = non_admin_login(conn)
+      conn = post(conn, Routes.role_path(conn, :create), role: @create_attrs)
+
+      assert html_response(conn, 404) =~ "Please select an app you own"
+    end
   end
 
   describe "edit role" do

From 707f4afde4f5bc5825a334588c2cd2a0d9ea64db Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 21:18:03 +0100
Subject: [PATCH 152/166] create is_owner function plug (no content yet)
 https://github.com/dwyl/elixir-plug-tutorial/issues/1

---
 lib/auth_web/plugs/is_owner.ex        | 15 +++++++++++++++
 test/auth_web/plugs/is_owner_test.exs | 21 +++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 lib/auth_web/plugs/is_owner.ex
 create mode 100644 test/auth_web/plugs/is_owner_test.exs

diff --git a/lib/auth_web/plugs/is_owner.ex b/lib/auth_web/plugs/is_owner.ex
new file mode 100644
index 00000000..8a0f5a50
--- /dev/null
+++ b/lib/auth_web/plugs/is_owner.ex
@@ -0,0 +1,15 @@
+defmodule Auth.Plugs.IsOwner do
+  @moduledoc """
+  Confirm that the authenticated person is the owner of a particular record
+  """
+  import Plug.Conn
+
+  def is_owner(conn, options) when not is_nil(options) do
+    # IO.inspect(conn, label: "conn")
+    # IO.inspect(options, label: "options")
+
+
+    assign(conn, :owner, true)
+  end
+
+end
diff --git a/test/auth_web/plugs/is_owner_test.exs b/test/auth_web/plugs/is_owner_test.exs
new file mode 100644
index 00000000..b457fe46
--- /dev/null
+++ b/test/auth_web/plugs/is_owner_test.exs
@@ -0,0 +1,21 @@
+defmodule Auth.Plugs.IsOwnerTest do
+  use ExUnit.Case, async: true
+  # use Plug.Test
+  use AuthWeb.ConnCase
+
+  # @opts MyRouter.init([])
+
+  test "returns hello world", %{conn: conn} do
+    # Create a test connection
+    # conn = conn(:get, "/hello")
+    Auth.Plugs.IsOwner.is_owner(conn, %{this: "that"})
+
+    # Invoke the plug
+    # conn = MyRouter.call(conn, @opts)
+
+    # Assert the response and status
+    # assert conn.state == :sent
+    # assert conn.status == 200
+    # assert conn.resp_body == "world"
+  end
+end

From 83ea6cb6275cf60b8e59f468e1f669cb7a611b49 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 21:18:11 +0100
Subject: [PATCH 153/166] update/add tests to reflect restriction of routes for
 #116

---
 lib/auth/role.ex                              |  9 +++
 lib/auth_web/controllers/role_controller.ex   | 81 +++++++++++--------
 .../controllers/role_controller_test.exs      | 34 ++++++--
 3 files changed, 86 insertions(+), 38 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index fe0c27cf..a56fe62f 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -71,6 +71,15 @@ defmodule Auth.Role do
   """
   def get_role!(id), do: Repo.get!(__MODULE__, id)
 
+  def get_role!(id, person_id) do
+    # IO.inspect(id, label: "id")
+    # IO.inspect(person_id, label: "person_id")
+    __MODULE__
+    |> where([r], r.id == ^id and r.person_id == ^person_id)
+    |> Repo.one()
+    # |> IO.inspect()
+  end
+
   @doc """
   Creates a role.
 
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 457ab023..438a06ad 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -1,9 +1,9 @@
 defmodule AuthWeb.RoleController do
   use AuthWeb, :controller
   alias Auth.Role
-  import Auth.Plugs.IsOwner
+  # import Auth.Plugs.IsOwner
 
-  plug :is_owner when action in [:index]
+  # plug :is_owner when action in [:index]
 
   def index(conn, _params) do
     # restrict viewing to only roles owned by the person or default roles:
@@ -37,38 +37,47 @@ defmodule AuthWeb.RoleController do
 
   def create(conn, %{"role" => role_params}) do
     apps = Auth.App.list_apps(conn.assigns.person.id)
-    app_ids = Enum.map(apps, fn(a) -> a.id end)
+    app_ids = Enum.map(apps, fn(a) -> to_string(a.id) end)
+
+    # check that the role_params.app_id is owned by the person:
+    # IO.inspect(app_ids, label: "app_ids")
+    # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
+    # IO.inspect(Map.get(role_params, "app_id"), label: "app_id")
+    if Enum.member?(app_ids, Map.get(role_params, "app_id")) do
+      # never allow the request to define the person_id:
+      create_attrs = Map.merge(role_params, %{"person_id" => conn.assigns.person.id})
+      case Role.create_role(create_attrs) do
+        {:ok, role} ->
+          conn
+          |> put_flash(:info, "Role created successfully.")
+          |> redirect(to: Routes.role_path(conn, :show, role))
+
+        {:error, %Ecto.Changeset{} = changeset} ->
+          render(conn, "new.html", changeset: changeset, apps: apps)
+      end
 
-    case Enum.member?(app_ids, Map.get(role_params, "app_id")) do
-      true ->
-        # never allow the request to define the person_id:
-        create_attrs = Map.merge(role_params, %{"person_d" => conn.assigns.person.id})
-        case Role.create_role(create_attrs) do
-          {:ok, role} ->
-            conn
-            |> put_flash(:info, "Role created successfully.")
-            |> redirect(to: Routes.role_path(conn, :show, role))
-
-          {:error, %Ecto.Changeset{} = changeset} ->
-            apps = list_apps(conn.assigns.person.id)
-            render(conn, "new.html", changeset: changeset, apps: apps)
-        end
-
-      false ->
-        # request is attempting to create a role for an app they don't own ...
-        changeset = Auth.Role.changeset(%Role{}, role_params)
-        apps = list_apps(conn.assigns.person.id)
-        conn
-        |> put_status(:not_found)
-        |> put_flash(:info, "Please select an app you own.")
-        |> render("new.html", changeset: changeset, apps: apps)
+    else
+      # request is attempting to create a role for an app they don't own ...
+      changeset = Auth.Role.changeset(%Role{}, role_params)
+      conn
+      |> put_status(:not_found)
+      |> put_flash(:info, "Please select an app you own.")
+      |> render("new.html", changeset: changeset, apps: apps)
 
     end
   end
 
   def show(conn, %{"id" => id}) do
-    role = Role.get_role!(id)
-    render(conn, "show.html", role: role)
+    # IO.inspect(id, label: "id")
+    # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
+    role = Role.get_role!(id, conn.assigns.person.id)
+    cond do
+      not is_nil(role) ->
+        render(conn, "show.html", role: role)
+      true ->
+        AuthWeb.AuthController.not_found(conn, "role not found.")
+    end
+
   end
 
   def edit(conn, %{"id" => id}) do
@@ -81,6 +90,7 @@ defmodule AuthWeb.RoleController do
   def update(conn, %{"id" => id, "role" => role_params}) do
     role = Role.get_role!(id)
 
+
     case Role.update_role(role, role_params) do
       {:ok, role} ->
         conn
@@ -94,12 +104,17 @@ defmodule AuthWeb.RoleController do
   end
 
   def delete(conn, %{"id" => id}) do
-    role = Role.get_role!(id)
-    {:ok, _role} = Role.delete_role(role)
+    role = Role.get_role!(id, conn.assigns.person.id)
+    cond do
+      not is_nil(role) ->
+        {:ok, _role} = Role.delete_role(role)
+        conn
+        |> put_flash(:info, "Role deleted successfully.")
+        |> redirect(to: Routes.role_path(conn, :index))
 
-    conn
-    |> put_flash(:info, "Role deleted successfully.")
-    |> redirect(to: Routes.role_path(conn, :index))
+      true ->
+        AuthWeb.AuthController.not_found(conn, "role not found.")
+    end
   end
 
   @doc """
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index c2964903..deaa2d6f 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -3,7 +3,7 @@ defmodule AuthWeb.RoleControllerTest do
 
   alias Auth.Role
 
-  @create_attrs %{desc: "some desc", name: "some name", app_id: 1}
+  @create_attrs %{desc: "some desc", name: "some name", app_id: "1", person_id: 1}
   @update_attrs %{desc: "some updated desc", name: "some updated name"}
   @invalid_attrs %{desc: nil, name: nil}
 
@@ -15,6 +15,10 @@ defmodule AuthWeb.RoleControllerTest do
   describe "index" do
     test "lists all roles", %{conn: conn} do
       conn = admin_login(conn)
+      # create a new role to exercise the RoleView.app_link/1 fn:
+      attrs = Map.merge(@create_attrs, %{person_id: conn.assigns.person.id})
+      {:ok, _role} = Auth.Role.create_role(attrs)
+
       conn = get(conn, Routes.role_path(conn, :index))
       assert html_response(conn, 200) =~ "Listing Roles"
     end
@@ -30,6 +34,7 @@ defmodule AuthWeb.RoleControllerTest do
   describe "new role" do
     test "renders form", %{conn: conn} do
       conn = admin_login(conn)
+
       conn = get(conn, Routes.role_path(conn, :new))
       assert html_response(conn, 200) =~ "New Role"
     end
@@ -73,6 +78,15 @@ defmodule AuthWeb.RoleControllerTest do
       conn = admin_login(conn)
       conn = post(conn, Routes.role_path(conn, :create), role: @invalid_attrs)
 
+      assert html_response(conn, 404) =~ "New Role"
+    end
+
+    test "renders errors when data is invalid (with app_id)", %{conn: conn} do
+      conn = admin_login(conn)
+      # invalid but with app_id:
+      invalid = Map.merge(@invalid_attrs, %{"app_id" => "1"})
+      conn = post(conn, Routes.role_path(conn, :create), role: invalid)
+
       assert html_response(conn, 200) =~ "New Role"
     end
 
@@ -98,11 +112,15 @@ defmodule AuthWeb.RoleControllerTest do
   describe "update role" do
     setup [:create_role]
 
-    test "redirects when data is valid", %{conn: conn, role: role} do
+    test "redirects when data is valid", %{conn: conn} do
       conn = admin_login(conn)
+      attrs = Map.merge(@create_attrs, %{person_id: conn.assigns.person.id})
+      {:ok, role} = Auth.Role.create_role(attrs)
       conn = put(conn, Routes.role_path(conn, :update, role), role: @update_attrs)
 
       assert redirected_to(conn) == Routes.role_path(conn, :show, role)
+      # IO.inspect(role, label: "role:106")
+      # IO.inspect(conn.assigns.person)
 
       conn = get(conn, Routes.role_path(conn, :show, role))
       assert html_response(conn, 200) =~ "some updated desc"
@@ -125,10 +143,16 @@ defmodule AuthWeb.RoleControllerTest do
 
       assert redirected_to(conn) == Routes.role_path(conn, :index)
 
-      assert_error_sent 404, fn ->
-        get(conn, Routes.role_path(conn, :show, role))
-      end
+      conn = get(conn, Routes.role_path(conn, :show, role))
+      assert conn.status == 404
+    end
+
+    test "attempt to deletes role I don't own", %{conn: conn, role: role} do
+      conn = non_admin_login(conn)
+      conn = delete(conn, Routes.role_path(conn, :delete, role))
+      assert conn.status == 404
     end
+
   end
 
   defp create_role(_) do

From c5f18211d5aba59f3de80b96593d2ce0469dd112 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 21:23:41 +0100
Subject: [PATCH 154/166] address @sourcelevel-bot comments in #85

---
 lib/auth_web/controllers/role_controller.ex | 27 +++++++++------------
 lib/auth_web/plugs/is_owner.ex              |  2 --
 2 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 438a06ad..aae18b55 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -71,13 +71,11 @@ defmodule AuthWeb.RoleController do
     # IO.inspect(id, label: "id")
     # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
     role = Role.get_role!(id, conn.assigns.person.id)
-    cond do
-      not is_nil(role) ->
-        render(conn, "show.html", role: role)
-      true ->
-        AuthWeb.AuthController.not_found(conn, "role not found.")
+    if not is_nil(role) do
+      render(conn, "show.html", role: role)
+    else
+      AuthWeb.AuthController.not_found(conn, "role not found.")
     end
-
   end
 
   def edit(conn, %{"id" => id}) do
@@ -90,7 +88,6 @@ defmodule AuthWeb.RoleController do
   def update(conn, %{"id" => id, "role" => role_params}) do
     role = Role.get_role!(id)
 
-
     case Role.update_role(role, role_params) do
       {:ok, role} ->
         conn
@@ -105,15 +102,15 @@ defmodule AuthWeb.RoleController do
 
   def delete(conn, %{"id" => id}) do
     role = Role.get_role!(id, conn.assigns.person.id)
-    cond do
-      not is_nil(role) ->
-        {:ok, _role} = Role.delete_role(role)
-        conn
-        |> put_flash(:info, "Role deleted successfully.")
-        |> redirect(to: Routes.role_path(conn, :index))
 
-      true ->
-        AuthWeb.AuthController.not_found(conn, "role not found.")
+    if not is_nil(role) do
+      {:ok, _role} = Role.delete_role(role)
+      conn
+      |> put_flash(:info, "Role deleted successfully.")
+      |> redirect(to: Routes.role_path(conn, :index))
+
+    else
+      AuthWeb.AuthController.not_found(conn, "role not found.")
     end
   end
 
diff --git a/lib/auth_web/plugs/is_owner.ex b/lib/auth_web/plugs/is_owner.ex
index 8a0f5a50..37211955 100644
--- a/lib/auth_web/plugs/is_owner.ex
+++ b/lib/auth_web/plugs/is_owner.ex
@@ -7,8 +7,6 @@ defmodule Auth.Plugs.IsOwner do
   def is_owner(conn, options) when not is_nil(options) do
     # IO.inspect(conn, label: "conn")
     # IO.inspect(options, label: "options")
-
-
     assign(conn, :owner, true)
   end
 

From 035022b98d156fed367ebd4dac27eb3e35834d33 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 21:23:54 +0100
Subject: [PATCH 155/166] mix format

---
 lib/auth/role.ex                                   |  4 +++-
 lib/auth_web/controllers/role_controller.ex        | 11 ++++++-----
 lib/auth_web/plugs/is_owner.ex                     |  1 -
 test/auth_web/controllers/role_controller_test.exs |  1 -
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/auth/role.ex b/lib/auth/role.ex
index a56fe62f..c2532cd3 100644
--- a/lib/auth/role.ex
+++ b/lib/auth/role.ex
@@ -51,7 +51,8 @@ defmodule Auth.Role do
   """
   def list_roles_for_apps(app_ids) do
     __MODULE__
-    |> where([r], r.app_id in ^app_ids or is_nil(r.app_id)) # and r.status != 6
+    # and r.status != 6
+    |> where([r], r.app_id in ^app_ids or is_nil(r.app_id))
     |> Repo.all()
   end
 
@@ -77,6 +78,7 @@ defmodule Auth.Role do
     __MODULE__
     |> where([r], r.id == ^id and r.person_id == ^person_id)
     |> Repo.one()
+
     # |> IO.inspect()
   end
 
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index aae18b55..110bbc42 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -8,7 +8,7 @@ defmodule AuthWeb.RoleController do
   def index(conn, _params) do
     # restrict viewing to only roles owned by the person or default roles:
     apps = Auth.App.list_apps(conn.assigns.person.id)
-    app_ids = Enum.map(apps, fn(a) -> a.id end)
+    app_ids = Enum.map(apps, fn a -> a.id end)
     roles = Role.list_roles_for_apps(app_ids)
     render(conn, "index.html", roles: roles)
   end
@@ -37,7 +37,7 @@ defmodule AuthWeb.RoleController do
 
   def create(conn, %{"role" => role_params}) do
     apps = Auth.App.list_apps(conn.assigns.person.id)
-    app_ids = Enum.map(apps, fn(a) -> to_string(a.id) end)
+    app_ids = Enum.map(apps, fn a -> to_string(a.id) end)
 
     # check that the role_params.app_id is owned by the person:
     # IO.inspect(app_ids, label: "app_ids")
@@ -46,6 +46,7 @@ defmodule AuthWeb.RoleController do
     if Enum.member?(app_ids, Map.get(role_params, "app_id")) do
       # never allow the request to define the person_id:
       create_attrs = Map.merge(role_params, %{"person_id" => conn.assigns.person.id})
+
       case Role.create_role(create_attrs) do
         {:ok, role} ->
           conn
@@ -55,15 +56,14 @@ defmodule AuthWeb.RoleController do
         {:error, %Ecto.Changeset{} = changeset} ->
           render(conn, "new.html", changeset: changeset, apps: apps)
       end
-
     else
       # request is attempting to create a role for an app they don't own ...
       changeset = Auth.Role.changeset(%Role{}, role_params)
+
       conn
       |> put_status(:not_found)
       |> put_flash(:info, "Please select an app you own.")
       |> render("new.html", changeset: changeset, apps: apps)
-
     end
   end
 
@@ -71,6 +71,7 @@ defmodule AuthWeb.RoleController do
     # IO.inspect(id, label: "id")
     # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
     role = Role.get_role!(id, conn.assigns.person.id)
+
     if not is_nil(role) do
       render(conn, "show.html", role: role)
     else
@@ -105,10 +106,10 @@ defmodule AuthWeb.RoleController do
 
     if not is_nil(role) do
       {:ok, _role} = Role.delete_role(role)
+
       conn
       |> put_flash(:info, "Role deleted successfully.")
       |> redirect(to: Routes.role_path(conn, :index))
-
     else
       AuthWeb.AuthController.not_found(conn, "role not found.")
     end
diff --git a/lib/auth_web/plugs/is_owner.ex b/lib/auth_web/plugs/is_owner.ex
index 37211955..be8197b3 100644
--- a/lib/auth_web/plugs/is_owner.ex
+++ b/lib/auth_web/plugs/is_owner.ex
@@ -9,5 +9,4 @@ defmodule Auth.Plugs.IsOwner do
     # IO.inspect(options, label: "options")
     assign(conn, :owner, true)
   end
-
 end
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index deaa2d6f..4c797e54 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -152,7 +152,6 @@ defmodule AuthWeb.RoleControllerTest do
       conn = delete(conn, Routes.role_path(conn, :delete, role))
       assert conn.status == 404
     end
-
   end
 
   defp create_role(_) do

From 2aa91e57a251ed88718b86dfdc55c5d36b1ef69f Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 21:26:53 +0100
Subject: [PATCH 156/166] Avoid negated conditions in if-else blocks. #85

---
 lib/auth_web/controllers/role_controller.ex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 110bbc42..b56a2eee 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -72,10 +72,10 @@ defmodule AuthWeb.RoleController do
     # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
     role = Role.get_role!(id, conn.assigns.person.id)
 
-    if not is_nil(role) do
-      render(conn, "show.html", role: role)
-    else
+    if is_nil(role) do
       AuthWeb.AuthController.not_found(conn, "role not found.")
+    else
+      render(conn, "show.html", role: role)
     end
   end
 
@@ -104,14 +104,14 @@ defmodule AuthWeb.RoleController do
   def delete(conn, %{"id" => id}) do
     role = Role.get_role!(id, conn.assigns.person.id)
 
-    if not is_nil(role) do
+    if is_nil(role) do
+      AuthWeb.AuthController.not_found(conn, "role not found.")
+    else
       {:ok, _role} = Role.delete_role(role)
 
       conn
       |> put_flash(:info, "Role deleted successfully.")
       |> redirect(to: Routes.role_path(conn, :index))
-    else
-      AuthWeb.AuthController.not_found(conn, "role not found.")
     end
   end
 

From 650635e6bc13eac2be07477c16b3fb830c30a520 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 22:21:40 +0100
Subject: [PATCH 157/166] add check for ownership of role in update/2 (role
 controller) + test #116

---
 lib/auth_web/controllers/role_controller.ex   | 34 ++++++++++++-------
 .../controllers/role_controller_test.exs      |  7 ++++
 2 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index b56a2eee..19af67f9 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -80,24 +80,32 @@ defmodule AuthWeb.RoleController do
   end
 
   def edit(conn, %{"id" => id}) do
-    role = Role.get_role!(id)
-    changeset = Role.change_role(role)
-    apps = list_apps(conn.assigns.person.id)
-    render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
+    role = Role.get_role!(id, conn.assigns.person.id)
+    if is_nil(role) do
+      AuthWeb.AuthController.not_found(conn, "role not found.")
+    else
+      changeset = Role.change_role(role)
+      apps = list_apps(conn.assigns.person.id)
+      render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
+    end
   end
 
   def update(conn, %{"id" => id, "role" => role_params}) do
-    role = Role.get_role!(id)
+    role = Role.get_role!(id, conn.assigns.person.id)
 
-    case Role.update_role(role, role_params) do
-      {:ok, role} ->
-        conn
-        |> put_flash(:info, "Role updated successfully.")
-        |> redirect(to: Routes.role_path(conn, :show, role))
+    if is_nil(role) do
+      AuthWeb.AuthController.not_found(conn, "role not found.")
+    else
+      case Role.update_role(role, role_params) do
+        {:ok, role} ->
+          conn
+          |> put_flash(:info, "Role updated successfully.")
+          |> redirect(to: Routes.role_path(conn, :show, role))
 
-      {:error, %Ecto.Changeset{} = changeset} ->
-        apps = list_apps(conn.assigns.person.id)
-        render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
+        {:error, %Ecto.Changeset{} = changeset} ->
+          apps = list_apps(conn.assigns.person.id)
+          render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
+      end
     end
   end
 
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 4c797e54..2961e70a 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -132,6 +132,13 @@ defmodule AuthWeb.RoleControllerTest do
 
       assert html_response(conn, 200) =~ "Edit Role"
     end
+
+    test "cannot update role I don't own", %{conn: conn, role: role} do
+      conn = non_admin_login(conn)
+      conn = put(conn, Routes.role_path(conn, :update, role), role: @update_attrs)
+
+      assert html_response(conn, 404) =~ "role not found"
+    end
   end
 
   describe "delete role" do

From e608d2709df816dc7046cb222f21094b37b02f1a Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Wed, 16 Sep 2020 22:29:26 +0100
Subject: [PATCH 158/166] restrict who can edit a role (only owner) #116

---
 test/auth_web/controllers/role_controller_test.exs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 2961e70a..772abeff 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -107,6 +107,13 @@ defmodule AuthWeb.RoleControllerTest do
 
       assert html_response(conn, 200) =~ "Edit Role"
     end
+
+    test "attempt to edit a role I don't own", %{conn: conn, role: role} do
+      conn = non_admin_login(conn)
+      conn = get(conn, Routes.role_path(conn, :edit, role))
+
+      assert html_response(conn, 404) =~ "role not found"
+    end
   end
 
   describe "update role" do

From 304a53f7d12a613c48c97614ec10747d21731eea Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 09:14:13 +0100
Subject: [PATCH 159/166] restrict updating role to only alow apps the person
 owns #116

---
 lib/auth_web/controllers/role_controller.ex   | 48 ++++++++++++-------
 .../controllers/role_controller_test.exs      | 17 ++++++-
 2 files changed, 45 insertions(+), 20 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 19af67f9..ca4bd42b 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -37,13 +37,8 @@ defmodule AuthWeb.RoleController do
 
   def create(conn, %{"role" => role_params}) do
     apps = Auth.App.list_apps(conn.assigns.person.id)
-    app_ids = Enum.map(apps, fn a -> to_string(a.id) end)
-
     # check that the role_params.app_id is owned by the person:
-    # IO.inspect(app_ids, label: "app_ids")
-    # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
-    # IO.inspect(Map.get(role_params, "app_id"), label: "app_id")
-    if Enum.member?(app_ids, Map.get(role_params, "app_id")) do
+    if person_owns_app?(apps, Map.get(role_params, "app_id")) do
       # never allow the request to define the person_id:
       create_attrs = Map.merge(role_params, %{"person_id" => conn.assigns.person.id})
 
@@ -68,8 +63,6 @@ defmodule AuthWeb.RoleController do
   end
 
   def show(conn, %{"id" => id}) do
-    # IO.inspect(id, label: "id")
-    # IO.inspect(conn.assigns.person.id, label: "conn.assigns.person.id")
     role = Role.get_role!(id, conn.assigns.person.id)
 
     if is_nil(role) do
@@ -81,6 +74,7 @@ defmodule AuthWeb.RoleController do
 
   def edit(conn, %{"id" => id}) do
     role = Role.get_role!(id, conn.assigns.person.id)
+
     if is_nil(role) do
       AuthWeb.AuthController.not_found(conn, "role not found.")
     else
@@ -92,23 +86,40 @@ defmodule AuthWeb.RoleController do
 
   def update(conn, %{"id" => id, "role" => role_params}) do
     role = Role.get_role!(id, conn.assigns.person.id)
-
+    apps = Auth.App.list_apps(conn.assigns.person.id)
+    # cannot update a role that doesn't exist (or they don't own):
     if is_nil(role) do
       AuthWeb.AuthController.not_found(conn, "role not found.")
     else
-      case Role.update_role(role, role_params) do
-        {:ok, role} ->
-          conn
-          |> put_flash(:info, "Role updated successfully.")
-          |> redirect(to: Routes.role_path(conn, :show, role))
-
-        {:error, %Ecto.Changeset{} = changeset} ->
-          apps = list_apps(conn.assigns.person.id)
-          render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
+      # confirm that the person owns the app they are attempting to attach a role to:
+      if person_owns_app?(apps, map_get(role_params, "app_id")) do
+        case Role.update_role(role, role_params) do
+          {:ok, role} ->
+            conn
+            |> put_flash(:info, "Role updated successfully.")
+            |> redirect(to: Routes.role_path(conn, :show, role))
+
+          {:error, %Ecto.Changeset{} = changeset} ->
+            apps = list_apps(conn.assigns.person.id)
+            render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
+        end
+      else
+        AuthWeb.AuthController.not_found(conn, "App not found.")
       end
     end
   end
 
+  # https://elixirforum.com/t/map-key-is-a-atom-or-string/13285/2
+  defp map_get(map, string_key) do
+    (Map.get(map, string_key) || Map.get(map, String.to_atom(string_key), 0))
+    |> to_string()
+  end
+
+  defp person_owns_app?(apps, app_id) do
+    app_ids = Enum.map(apps, fn a -> to_string(a.id) end)
+    Enum.member?(app_ids, app_id)
+  end
+
   def delete(conn, %{"id" => id}) do
     role = Role.get_role!(id, conn.assigns.person.id)
 
@@ -134,6 +145,7 @@ defmodule AuthWeb.RoleController do
     # or has an "admin" role (1 || 2)
     granter_id = conn.assigns.person.id
 
+
     if granter_id == 1 do
       role_id = Map.get(params, "role_id")
       person_id = Map.get(params, "person_id")
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 772abeff..9301755c 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -123,7 +123,8 @@ defmodule AuthWeb.RoleControllerTest do
       conn = admin_login(conn)
       attrs = Map.merge(@create_attrs, %{person_id: conn.assigns.person.id})
       {:ok, role} = Auth.Role.create_role(attrs)
-      conn = put(conn, Routes.role_path(conn, :update, role), role: @update_attrs)
+      update_attrs = Map.merge(@update_attrs, %{app_id: 1, role_id: role.id})
+      conn = put(conn, Routes.role_path(conn, :update, role), role: update_attrs)
 
       assert redirected_to(conn) == Routes.role_path(conn, :show, role)
       # IO.inspect(role, label: "role:106")
@@ -135,7 +136,8 @@ defmodule AuthWeb.RoleControllerTest do
 
     test "renders errors when data is invalid", %{conn: conn, role: role} do
       conn = admin_login(conn)
-      conn = put(conn, Routes.role_path(conn, :update, role), role: @invalid_attrs)
+      invalid_app_id = Map.merge(@invalid_attrs, %{"app_id" => "1"})
+      conn = put(conn, Routes.role_path(conn, :update, role), role: invalid_app_id)
 
       assert html_response(conn, 200) =~ "Edit Role"
     end
@@ -146,6 +148,17 @@ defmodule AuthWeb.RoleControllerTest do
 
       assert html_response(conn, 404) =~ "role not found"
     end
+
+    test "cannot update role I own to App I don't own!", %{conn: conn} do
+      conn = non_admin_login(conn)
+      attrs = Map.merge(@create_attrs, %{person_id: conn.assigns.person.id})
+      {:ok, role} = Auth.Role.create_role(attrs)
+      # attempt to update app_id to app owned by admin:
+      update_attrs = Map.merge(role, %{"app_id" => "1", })
+      conn = put(conn, Routes.role_path(conn, :update, role), role: update_attrs)
+
+      assert html_response(conn, 404) =~ "App not found"
+    end
   end
 
   describe "delete role" do

From 9fdcf70cde58b51b31e38471b512402632ca4528 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 09:20:23 +0100
Subject: [PATCH 160/166] add clarifcation for need for map_get/2 function

---
 lib/auth_web/controllers/role_controller.ex | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index ca4bd42b..e8933c34 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -110,6 +110,8 @@ defmodule AuthWeb.RoleController do
   end
 
   # https://elixirforum.com/t/map-key-is-a-atom-or-string/13285/2
+  # our use-case for this is specific keys in controller params
+  # mix gen creates tests with atom keys whereas controller expect string keys!
   defp map_get(map, string_key) do
     (Map.get(map, string_key) || Map.get(map, String.to_atom(string_key), 0))
     |> to_string()
@@ -147,8 +149,8 @@ defmodule AuthWeb.RoleController do
 
 
     if granter_id == 1 do
-      role_id = Map.get(params, "role_id")
-      person_id = Map.get(params, "person_id")
+      role_id = map_get(params, "role_id")
+      person_id = map_get(params, "person_id")
       Auth.PeopleRoles.insert(granter_id, person_id, role_id)
       redirect(conn, to: Routes.people_path(conn, :show, person_id))
     else
@@ -163,7 +165,7 @@ defmodule AuthWeb.RoleController do
     # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     if conn.assigns.person.id == 1 do
-      people_roles_id = Map.get(params, "people_roles_id")
+      people_roles_id = map_get(params, "people_roles_id")
       pr = Auth.PeopleRoles.get_by_id(people_roles_id)
 
       if conn.method == "GET" do

From 966f748ba9967417ad215c094d7cb7036a34aa22 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 09:24:15 +0100
Subject: [PATCH 161/166] map_get/2 > map_get/3 (with default)

---
 lib/auth_web/controllers/role_controller.ex        | 7 +++----
 test/auth_web/controllers/role_controller_test.exs | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index e8933c34..f19b0434 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -112,9 +112,9 @@ defmodule AuthWeb.RoleController do
   # https://elixirforum.com/t/map-key-is-a-atom-or-string/13285/2
   # our use-case for this is specific keys in controller params
   # mix gen creates tests with atom keys whereas controller expect string keys!
-  defp map_get(map, string_key) do
-    (Map.get(map, string_key) || Map.get(map, String.to_atom(string_key), 0))
-    |> to_string()
+  defp map_get(map, string_key, default \\ 0) do
+    to_string(Map.get(map, string_key) ||
+      Map.get(map, String.to_atom(string_key), default))
   end
 
   defp person_owns_app?(apps, app_id) do
@@ -147,7 +147,6 @@ defmodule AuthWeb.RoleController do
     # or has an "admin" role (1 || 2)
     granter_id = conn.assigns.person.id
 
-
     if granter_id == 1 do
       role_id = map_get(params, "role_id")
       person_id = map_get(params, "person_id")
diff --git a/test/auth_web/controllers/role_controller_test.exs b/test/auth_web/controllers/role_controller_test.exs
index 9301755c..5c801263 100644
--- a/test/auth_web/controllers/role_controller_test.exs
+++ b/test/auth_web/controllers/role_controller_test.exs
@@ -154,7 +154,7 @@ defmodule AuthWeb.RoleControllerTest do
       attrs = Map.merge(@create_attrs, %{person_id: conn.assigns.person.id})
       {:ok, role} = Auth.Role.create_role(attrs)
       # attempt to update app_id to app owned by admin:
-      update_attrs = Map.merge(role, %{"app_id" => "1", })
+      update_attrs = Map.merge(role, %{app_id: 1})
       conn = put(conn, Routes.role_path(conn, :update, role), role: update_attrs)
 
       assert html_response(conn, 404) =~ "App not found"

From 71f6d0fa58ca8362618b6439b28c5f6b4da67596 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 09:54:22 +0100
Subject: [PATCH 162/166] person.id == 1 (superadmin) can *always* see all apps
 #116

---
 lib/auth_web/controllers/role_controller.ex | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index f19b0434..d77370ed 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -7,7 +7,7 @@ defmodule AuthWeb.RoleController do
 
   def index(conn, _params) do
     # restrict viewing to only roles owned by the person or default roles:
-    apps = Auth.App.list_apps(conn.assigns.person.id)
+    apps = list_apps(conn.assigns.person.id)
     app_ids = Enum.map(apps, fn a -> a.id end)
     roles = Role.list_roles_for_apps(app_ids)
     render(conn, "index.html", roles: roles)
@@ -36,7 +36,7 @@ defmodule AuthWeb.RoleController do
   end
 
   def create(conn, %{"role" => role_params}) do
-    apps = Auth.App.list_apps(conn.assigns.person.id)
+    apps = list_apps(conn.assigns.person.id)
     # check that the role_params.app_id is owned by the person:
     if person_owns_app?(apps, Map.get(role_params, "app_id")) do
       # never allow the request to define the person_id:
@@ -86,7 +86,7 @@ defmodule AuthWeb.RoleController do
 
   def update(conn, %{"id" => id, "role" => role_params}) do
     role = Role.get_role!(id, conn.assigns.person.id)
-    apps = Auth.App.list_apps(conn.assigns.person.id)
+    apps = list_apps(conn.assigns.person.id)
     # cannot update a role that doesn't exist (or they don't own):
     if is_nil(role) do
       AuthWeb.AuthController.not_found(conn, "role not found.")

From ecae729e361cf6e1ef202d34aa28ee7e10faa639 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 10:12:42 +0100
Subject: [PATCH 163/166] clarify reason for `list_apps/1 proxy function #116

---
 lib/auth_web/controllers/role_controller.ex | 32 ++++++++++++---------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index d77370ed..e3e916da 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -7,22 +7,15 @@ defmodule AuthWeb.RoleController do
 
   def index(conn, _params) do
     # restrict viewing to only roles owned by the person or default roles:
-    apps = list_apps(conn.assigns.person.id)
+    apps = list_apps(conn)
     app_ids = Enum.map(apps, fn a -> a.id end)
     roles = Role.list_roles_for_apps(app_ids)
     render(conn, "index.html", roles: roles)
   end
 
-  defp list_apps(person_id) do
-    case person_id == 1 do
-      true -> Auth.App.list_apps()
-      false -> Auth.App.list_apps(person_id)
-    end
-  end
-
   def new(conn, _params) do
     changeset = Role.change_role(%Role{})
-    apps = list_apps(conn.assigns.person.id)
+    apps = list_apps(conn)
     # Roles Ref/Require Apps: https://github.com/dwyl/auth/issues/112
     # Check if the person already has apps:
     if length(apps) > 0 do
@@ -36,7 +29,7 @@ defmodule AuthWeb.RoleController do
   end
 
   def create(conn, %{"role" => role_params}) do
-    apps = list_apps(conn.assigns.person.id)
+    apps = list_apps(conn)
     # check that the role_params.app_id is owned by the person:
     if person_owns_app?(apps, Map.get(role_params, "app_id")) do
       # never allow the request to define the person_id:
@@ -79,14 +72,14 @@ defmodule AuthWeb.RoleController do
       AuthWeb.AuthController.not_found(conn, "role not found.")
     else
       changeset = Role.change_role(role)
-      apps = list_apps(conn.assigns.person.id)
+      apps = list_apps(conn)
       render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
     end
   end
 
   def update(conn, %{"id" => id, "role" => role_params}) do
     role = Role.get_role!(id, conn.assigns.person.id)
-    apps = list_apps(conn.assigns.person.id)
+    apps = list_apps(conn)
     # cannot update a role that doesn't exist (or they don't own):
     if is_nil(role) do
       AuthWeb.AuthController.not_found(conn, "role not found.")
@@ -100,7 +93,7 @@ defmodule AuthWeb.RoleController do
             |> redirect(to: Routes.role_path(conn, :show, role))
 
           {:error, %Ecto.Changeset{} = changeset} ->
-            apps = list_apps(conn.assigns.person.id)
+            apps = list_apps(conn)
             render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
         end
       else
@@ -109,6 +102,17 @@ defmodule AuthWeb.RoleController do
     end
   end
 
+  # Returning all apps when person_id == 1 (superadmin) means
+  # the superadmin can always see/manage all apps as necessary.
+  # Later we could refactor this function to use RBAC.has_role_any/2.
+  defp list_apps(conn) do
+    case conn.assigns.person.id == 1 do
+      true -> Auth.App.list_apps()
+      false -> Auth.App.list_apps(conn.assigns.person.id)
+    end
+  end
+
+
   # https://elixirforum.com/t/map-key-is-a-atom-or-string/13285/2
   # our use-case for this is specific keys in controller params
   # mix gen creates tests with atom keys whereas controller expect string keys!
@@ -123,6 +127,7 @@ defmodule AuthWeb.RoleController do
   end
 
   def delete(conn, %{"id" => id}) do
+    # can only delete a role you own:
     role = Role.get_role!(id, conn.assigns.person.id)
 
     if is_nil(role) do
@@ -146,6 +151,7 @@ defmodule AuthWeb.RoleController do
     # confirm that the granter is either superadmin (conn.assigns.person.id == 1)
     # or has an "admin" role (1 || 2)
     granter_id = conn.assigns.person.id
+    # we need to expand grant priviledges see: https://github.com/dwyl/auth/issues/119
 
     if granter_id == 1 do
       role_id = map_get(params, "role_id")

From 8738b44ce1f968859034292b19a1b6a5afbf621d Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 10:16:53 +0100
Subject: [PATCH 164/166] move list_apps/1 proxy function to apps.ex (duh)

---
 lib/auth/app.ex                             | 15 +++++++++++---
 lib/auth_web/controllers/role_controller.ex | 23 ++++++---------------
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index bfb67147..2ae3e02d 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -38,9 +38,17 @@ defmodule Auth.App do
 
   """
   def list_apps do
-    App
-    |> where([a], a.status != 6)
-    |> Repo.all()
+    Repo.all(App)
+  end
+
+  # Returning all apps when person_id == 1 (superadmin) means
+  # the superadmin can always see/manage all apps as necessary.
+  # Later we could refactor this function to use RBAC.has_role_any/2.
+  def list_apps(conn) when is_map(conn) do
+    case conn.assigns.person.id == 1 do
+      true -> Auth.App.list_apps()
+      false -> Auth.App.list_apps(conn.assigns.person.id)
+    end
   end
 
   def list_apps(person_id) do
@@ -49,6 +57,7 @@ defmodule Auth.App do
     |> Repo.all()
   end
 
+
   @doc """
   Gets a single app.
 
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index e3e916da..998e3db3 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -7,7 +7,7 @@ defmodule AuthWeb.RoleController do
 
   def index(conn, _params) do
     # restrict viewing to only roles owned by the person or default roles:
-    apps = list_apps(conn)
+    apps = Auth.App.list_apps(conn)
     app_ids = Enum.map(apps, fn a -> a.id end)
     roles = Role.list_roles_for_apps(app_ids)
     render(conn, "index.html", roles: roles)
@@ -15,7 +15,7 @@ defmodule AuthWeb.RoleController do
 
   def new(conn, _params) do
     changeset = Role.change_role(%Role{})
-    apps = list_apps(conn)
+    apps = Auth.App.list_apps(conn)
     # Roles Ref/Require Apps: https://github.com/dwyl/auth/issues/112
     # Check if the person already has apps:
     if length(apps) > 0 do
@@ -29,7 +29,7 @@ defmodule AuthWeb.RoleController do
   end
 
   def create(conn, %{"role" => role_params}) do
-    apps = list_apps(conn)
+    apps = Auth.App.list_apps(conn)
     # check that the role_params.app_id is owned by the person:
     if person_owns_app?(apps, Map.get(role_params, "app_id")) do
       # never allow the request to define the person_id:
@@ -72,14 +72,14 @@ defmodule AuthWeb.RoleController do
       AuthWeb.AuthController.not_found(conn, "role not found.")
     else
       changeset = Role.change_role(role)
-      apps = list_apps(conn)
+      apps = Auth.App.list_apps(conn)
       render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
     end
   end
 
   def update(conn, %{"id" => id, "role" => role_params}) do
     role = Role.get_role!(id, conn.assigns.person.id)
-    apps = list_apps(conn)
+    apps = Auth.App.list_apps(conn)
     # cannot update a role that doesn't exist (or they don't own):
     if is_nil(role) do
       AuthWeb.AuthController.not_found(conn, "role not found.")
@@ -93,7 +93,7 @@ defmodule AuthWeb.RoleController do
             |> redirect(to: Routes.role_path(conn, :show, role))
 
           {:error, %Ecto.Changeset{} = changeset} ->
-            apps = list_apps(conn)
+            apps = Auth.App.list_apps(conn)
             render(conn, "edit.html", role: role, changeset: changeset, apps: apps)
         end
       else
@@ -102,17 +102,6 @@ defmodule AuthWeb.RoleController do
     end
   end
 
-  # Returning all apps when person_id == 1 (superadmin) means
-  # the superadmin can always see/manage all apps as necessary.
-  # Later we could refactor this function to use RBAC.has_role_any/2.
-  defp list_apps(conn) do
-    case conn.assigns.person.id == 1 do
-      true -> Auth.App.list_apps()
-      false -> Auth.App.list_apps(conn.assigns.person.id)
-    end
-  end
-
-
   # https://elixirforum.com/t/map-key-is-a-atom-or-string/13285/2
   # our use-case for this is specific keys in controller params
   # mix gen creates tests with atom keys whereas controller expect string keys!

From be9b1f93b87b984e1c6474504ebce2b342671ec9 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 10:18:19 +0100
Subject: [PATCH 165/166] use list_apps/1 in app_controller

---
 lib/auth_web/controllers/app_controller.ex | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/lib/auth_web/controllers/app_controller.ex b/lib/auth_web/controllers/app_controller.ex
index 3f5a90d3..af0bbb5a 100644
--- a/lib/auth_web/controllers/app_controller.ex
+++ b/lib/auth_web/controllers/app_controller.ex
@@ -3,15 +3,7 @@ defmodule AuthWeb.AppController do
   alias Auth.App
 
   def index(conn, _params) do
-    apps =
-      if conn.assigns.person.id == 1 do
-        # IO.inspect(conn.assigns.person, label: "conn.assigns.person")
-        App.list_apps()
-      else
-        App.list_apps(conn.assigns.person.id)
-      end
-
-    render(conn, "index.html", apps: apps)
+    render(conn, "index.html", apps: Auth.App.list_apps(conn))
   end
 
   def new(conn, _params) do

From 23df8070f7a39e09a70420dbb0ea3f3eb3bcdad9 Mon Sep 17 00:00:00 2001
From: nelsonic <nelson+github@dwyl.com>
Date: Thu, 17 Sep 2020 10:25:41 +0100
Subject: [PATCH 166/166] =?UTF-8?q?mix=20format=20+=20address=20@sourcelev?=
 =?UTF-8?q?el-bot=20issue=20(line-spacing)=20=F0=9F=99=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/auth/app.ex                             | 3 +--
 lib/auth_web/controllers/role_controller.ex | 8 +++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/auth/app.ex b/lib/auth/app.ex
index 2ae3e02d..17b7ca92 100644
--- a/lib/auth/app.ex
+++ b/lib/auth/app.ex
@@ -42,7 +42,7 @@ defmodule Auth.App do
   end
 
   # Returning all apps when person_id == 1 (superadmin) means
-  # the superadmin can always see/manage all apps as necessary.
+  #  the superadmin can always see/manage all apps as necessary.
   # Later we could refactor this function to use RBAC.has_role_any/2.
   def list_apps(conn) when is_map(conn) do
     case conn.assigns.person.id == 1 do
@@ -57,7 +57,6 @@ defmodule Auth.App do
     |> Repo.all()
   end
 
-
   @doc """
   Gets a single app.
 
diff --git a/lib/auth_web/controllers/role_controller.ex b/lib/auth_web/controllers/role_controller.ex
index 998e3db3..fc5cfe5b 100644
--- a/lib/auth_web/controllers/role_controller.ex
+++ b/lib/auth_web/controllers/role_controller.ex
@@ -103,11 +103,13 @@ defmodule AuthWeb.RoleController do
   end
 
   # https://elixirforum.com/t/map-key-is-a-atom-or-string/13285/2
-  # our use-case for this is specific keys in controller params
+  #  our use-case for this is specific keys in controller params
   # mix gen creates tests with atom keys whereas controller expect string keys!
   defp map_get(map, string_key, default \\ 0) do
-    to_string(Map.get(map, string_key) ||
-      Map.get(map, String.to_atom(string_key), default))
+    to_string(
+      Map.get(map, string_key) ||
+        Map.get(map, String.to_atom(string_key), default)
+    )
   end
 
   defp person_owns_app?(apps, app_id) do