feat: add CheckPagePermission plug for page-level authorization

- Plug checks PermissionSets page list; redirects unauthorized to profile or sign-in. - Router: add plug to :browser pipeline; LiveHelpers: check_page_permission_on_params for client-side navigation (push_patch).
2026-01-29 23:55:58 +01:00 · 2026-01-29 23:55:58 +01:00 · b10b9c893c
commit b10b9c893c
parent d7f6d1c03c
3 changed files with 355 additions and 1 deletions
--- a/lib/mv_web/router.ex
+++ b/lib/mv_web/router.ex
@ -14,6 +14,7 @@ defmodule MvWeb.Router do
    plug :put_secure_browser_headers
    plug :load_from_session
    plug :set_locale
+    plug MvWeb.Plugs.CheckPagePermission
  end

  pipeline :api do
@ -48,7 +49,8 @@ defmodule MvWeb.Router do
    ash_authentication_live_session :authentication_required,
      on_mount: [
        {MvWeb.LiveUserAuth, :live_user_required},
-        {MvWeb.LiveHelpers, :ensure_user_role_loaded}
+        {MvWeb.LiveHelpers, :ensure_user_role_loaded},
+        {MvWeb.LiveHelpers, :check_page_permission_on_params}
      ] do
      live "/", MemberLive.Index, :index