feat: implement role management LiveViews

Add complete CRUD interface for role management under /admin/roles. - Index page with table showing name, description, permission_set_name, is_system_role - Show page for role details - Form component for create/edit with permission_set_name dropdown - System role badge and disabled delete button - Flash messages for success/error - Authorization checks using MvWeb.Authorization helpers - Comprehensive test coverage (22 tests) Routes added under /admin scope. All LiveViews load user role for authorization checks. Form uses custom dropdown for permission sets.
2026-01-06 23:12:56 +01:00 · 2026-01-06 23:12:56 +01:00 · 9a86e0ec01
commit 9a86e0ec01
parent ff9c8d2d64
7 changed files with 1074 additions and 0 deletions
--- a/lib/mv_web/live/role_live/index.ex
+++ b/lib/mv_web/live/role_live/index.ex
@ -0,0 +1,93 @@
+defmodule MvWeb.RoleLive.Index do
+  @moduledoc """
+  LiveView for displaying and managing the role list.
+
+  ## Features
+  - List all roles with name, description, permission_set_name, is_system_role
+  - Create new roles
+  - Navigate to role details and edit forms
+  - Delete non-system roles
+
+  ## Events
+  - `delete` - Remove a role from the database (only non-system roles)
+
+  ## Security
+  Only admins can access this page (enforced by authorization).
+  """
+  use MvWeb, :live_view
+
+  alias Mv.Authorization
+
+  @impl true
+  def mount(_params, _session, socket) do
+    # Ensure current_user has role loaded for authorization checks
+    socket =
+      if socket.assigns[:current_user] do
+        user = socket.assigns.current_user
+
+        # Load role if not already loaded (check for Ash.NotLoaded struct)
+        user_with_role =
+          case Map.get(user, :role) do
+            %Ash.NotLoaded{} -> Ash.load!(user, :role, domain: Mv.Accounts)
+            nil -> Ash.load!(user, :role, domain: Mv.Accounts)
+            role when not is_nil(role) -> user
+          end
+
+        assign(socket, :current_user, user_with_role)
+      else
+        socket
+      end
+
+    roles = load_roles()
+
+    {:ok,
+     socket
+     |> assign(:page_title, gettext("Listing Roles"))
+     |> assign(:roles, roles)}
+  end
+
+  @impl true
+  def handle_event("delete", %{"id" => id}, socket) do
+    {:ok, role} = Authorization.get_role(id)
+
+    case Authorization.destroy_role(role) do
+      :ok ->
+        updated_roles = Enum.reject(socket.assigns.roles, &(&1.id == id))
+
+        {:noreply,
+         socket
+         |> assign(:roles, updated_roles)
+         |> put_flash(:info, gettext("Role deleted successfully"))}
+
+      {:error, error} ->
+        error_message = format_error(error)
+
+        {:noreply,
+         put_flash(
+           socket,
+           :error,
+           gettext("Failed to delete role: %{error}", error: error_message)
+         )}
+    end
+  end
+
+  defp load_roles do
+    case Authorization.list_roles() do
+      {:ok, roles} -> Enum.sort_by(roles, & &1.name)
+      {:error, _} -> []
+    end
+  end
+
+  defp format_error(%Ash.Error.Invalid{} = error) do
+    Enum.map_join(error.errors, ", ", fn e -> e.message end)
+  end
+
+  defp format_error(error) when is_binary(error), do: error
+  defp format_error(_error), do: gettext("An error occurred")
+
+  defp permission_set_badge_class("own_data"), do: "badge badge-neutral badge-sm"
+  defp permission_set_badge_class("read_only"), do: "badge badge-info badge-sm"
+  defp permission_set_badge_class("normal_user"), do: "badge badge-success badge-sm"
+  defp permission_set_badge_class("admin"), do: "badge badge-error badge-sm"
+  defp permission_set_badge_class(_), do: "badge badge-ghost badge-sm"
+end