santiment · IvanIvanoff · Nov 20, 2024 · Nov 21, 2024
diff --git a/lib/sanbase/accounts/user.ex b/lib/sanbase/accounts/user.ex
@@ -210,7 +210,12 @@ defmodule Sanbase.Accounts.User do
   def by_id(user_id, opts \\ [])
 
   def by_id(user_id, opts) when is_integer(user_id) do
-    query = from(u in __MODULE__, where: u.id == ^user_id)
+    # TODO: Make preload configurable via the opts
+    query =
+      from(u in __MODULE__,
+        where: u.id == ^user_id,
+        preload: [:eth_accounts, :user_settings, [roles: :role]]
+      )
 
     query =
       case Keyword.get(opts, :lock_for_update, false) do
@@ -230,7 +235,7 @@ defmodule Sanbase.Accounts.User do
         u in __MODULE__,
         where: u.id in ^user_ids,
         order_by: fragment("array_position(?, ?::int)", ^user_ids, u.id),
-        preload: [:eth_accounts, :user_settings]
+        preload: [:eth_accounts, :user_settings, [roles: :role]]
       )
       |> Repo.all()
 
@@ -324,6 +329,10 @@ defmodule Sanbase.Accounts.User do
     end
   end
 
+  def has_role?(%__MODULE__{roles: roles}, role) when is_list(roles) do
+    Enum.any?(roles, &(&1.role.name == role))
+  end
+
   def change_name(%__MODULE__{name: name} = user, name), do: {:ok, user}
 
   def change_name(%__MODULE__{} = user, name) do

diff --git a/lib/sanbase_web/live/metric_registry/metric_registry_form_live.ex b/lib/sanbase_web/live/metric_registry/metric_registry_form_live.ex
@@ -7,7 +7,7 @@ defmodule SanbaseWeb.MetricRegistryFormLive do
   alias SanbaseWeb.AvailableMetricsComponents
 
   @impl true
-  def mount(params, _session, socket) do
+  def mount(params, session, socket) do
     {:ok, metric_registry} =
       case socket.assigns.live_action do
         :new -> {:ok, %Registry{}}

diff --git a/lib/sanbase_web/plug/santiment_team_member_only.ex b/lib/sanbase_web/plug/santiment_team_member_only.ex
@@ -0,0 +1,50 @@
+defmodule SanbaseWeb.Plug.SantimentTeamMemberOnly do
+  @moduledoc ~s"""
+  Check if the container type allows access to the admin dashboard
+  endpoints. T
+  """
+
+  @behaviour Plug
+
+  import Plug.Conn
+
+  def init(opts), do: opts
+
+  def call(conn, _) do
+    case get_in(conn.private, [:san_authentication, :auth, :current_user]) do
+      %Sanbase.Accounts.User{} = user ->
+        if santiment_member?(user) do
+          conn
+        else
+          conn
+          |> send_resp(403, "Forbidden")
+          |> halt()
+        end
+
+      _ ->
+        conn
+        |> send_resp(403, "Forbidden")
+        |> halt()
+    end
+  end
+
+  defp santiment_member?(%Sanbase.Accounts.User{} = user) do
+    cond do
+      user_has_access_by_role?(user) -> true
+      is_binary(user.email) and String.ends_with?(user.email, "@santiment.net") -> true
+      true -> false
+    end
+  end
+
+  defp user_has_access_by_role?(user) do
+    Enum.any?(
+      user.roles,
+      &(&1.role.name in [
+          "Santiment Team Member",
+          "Santiment WebPanel Viewer",
+          "Santiment WebPanel Editor",
+          "Santiment WebPanel Admin"
+        ])
+    )
+  end
+end
diff --git a/lib/sanbase_web/router.ex b/lib/sanbase_web/router.ex
@@ -6,6 +6,11 @@ defmodule SanbaseWeb.Router do
     plug(SanbaseWeb.Plug.AdminPodOnly)
   end
 
+  pipeline :santiment_user_access do
+    plug(SanbaseWeb.Graphql.AuthPlug)
+    plug(SanbaseWeb.Plug.SantimentTeamMemberOnly)
+  end
+
   pipeline :browser do
     plug(:accepts, ["html"])
     plug(:fetch_session)
@@ -50,6 +55,16 @@ defmodule SanbaseWeb.Router do
     get("/:provider/callback", AuthController, :callback)
   end
 
+  scope "/metric_registry", SanbaseWeb do
+    pipe_through([:browser, :santiment_user_access])
+
+    live("/", MetricRegistryIndexLive)
+    live("/change_suggestions", MetricRegistryChangeSuggestionsLive)
+    live("/show/:id", MetricRegistryShowLive)
+    live("/edit/:id", MetricRegistryFormLive, :edit)
+    live("/new", MetricRegistryFormLive, :new)
+  end
+
   scope "/forms", SanbaseWeb do
     pipe_through(:browser)
     live("/", FormsLive)

diff --git a/priv/repo/migrations/20241121133719_add_more_user_roles.exs b/priv/repo/migrations/20241121133719_add_more_user_roles.exs
@@ -0,0 +1,19 @@
+defmodule Sanbase.Repo.Migrations.AddMoreUserRoles do
+  use Ecto.Migration
+
+  def up do
+    execute("""
+    INSERT INTO roles (id, name) VALUES
+      ((SELECT COALESCE(MAX(id), 0) + 1 FROM roles), 'Santiment WebPanel Viewer'),
+      ((SELECT COALESCE(MAX(id), 0) + 2 FROM roles), 'Santiment WebPanel Editor'),
+      ((SELECT COALESCE(MAX(id), 0) + 3 FROM roles), 'Santiment WebPanel Admin')
+    """)
+  end
+
+  def down do
+    execute("""
+    DELETE FROM roles
+    WHERE name IN ('Santiment WebPanel Viewer', 'Santiment WebPanel Editor', 'Santiment WebPanel Admin')
+    """)
+  end
+end
diff --git a/priv/repo/structure.sql b/priv/repo/structure.sql
@@ -9622,3 +9622,4 @@ INSERT INTO public."schema_migrations" (version) VALUES (20241108112754);
 INSERT INTO public."schema_migrations" (version) VALUES (20241114140339);
 INSERT INTO public."schema_migrations" (version) VALUES (20241114141110);
 INSERT INTO public."schema_migrations" (version) VALUES (20241116104556);
+INSERT INTO public."schema_migrations" (version) VALUES (20241121133719);