Moritz
08182300b9
Add opts_with_actor helper function to reduce duplication when building Ash options with actor and domain. Improve format_error documentation and ensure consistent error message formatting.
237 lines
7.4 KiB
Elixir
237 lines
7.4 KiB
Elixir
defmodule MvWeb.RoleLive.Form do
|
|
@moduledoc """
|
|
LiveView form for creating and editing roles.
|
|
|
|
## Features
|
|
- Create new roles
|
|
- Edit existing roles (name, description, permission_set_name)
|
|
- Custom dropdown for permission_set_name with badges
|
|
- Form validation
|
|
|
|
## Security
|
|
Only admins can access this page (enforced by authorization).
|
|
"""
|
|
use MvWeb, :live_view
|
|
|
|
alias Mv.Authorization.PermissionSets
|
|
|
|
import MvWeb.RoleLive.Helpers, only: [format_error: 1]
|
|
|
|
on_mount {MvWeb.LiveHelpers, :ensure_user_role_loaded}
|
|
|
|
@impl true
|
|
def render(assigns) do
|
|
~H"""
|
|
<Layouts.app flash={@flash} current_user={@current_user}>
|
|
<.header>
|
|
{@page_title}
|
|
<:subtitle>{gettext("Use this form to manage roles in your database.")}</:subtitle>
|
|
</.header>
|
|
|
|
<.form class="max-w-xl" for={@form} id="role-form" phx-change="validate" phx-submit="save">
|
|
<.input field={@form[:name]} type="text" label={gettext("Name")} required />
|
|
|
|
<.input
|
|
field={@form[:description]}
|
|
type="textarea"
|
|
label={gettext("Description")}
|
|
rows="3"
|
|
/>
|
|
|
|
<div class="form-control">
|
|
<label class="label" for="role-form_permission_set_name">
|
|
<span class="label-text font-semibold">
|
|
{gettext("Permission Set")}
|
|
<span class="text-red-700">*</span>
|
|
</span>
|
|
</label>
|
|
<select
|
|
class={[
|
|
"select select-bordered w-full",
|
|
@form.errors[:permission_set_name] && "select-error"
|
|
]}
|
|
name="role[permission_set_name]"
|
|
id="role-form_permission_set_name"
|
|
required
|
|
aria-label={gettext("Permission Set")}
|
|
>
|
|
<option value="">{gettext("Select permission set")}</option>
|
|
<%= for permission_set <- all_permission_sets() do %>
|
|
<option
|
|
value={permission_set}
|
|
selected={@form[:permission_set_name].value == permission_set}
|
|
>
|
|
{format_permission_set_option(permission_set)}
|
|
</option>
|
|
<% end %>
|
|
</select>
|
|
<%= if @form.errors[:permission_set_name] do %>
|
|
<%= for error <- List.wrap(@form.errors[:permission_set_name]) do %>
|
|
<% {msg, _opts} = if is_tuple(error), do: error, else: {error, []} %>
|
|
<p class="mt-1.5 flex gap-2 items-center text-sm text-error">
|
|
<.icon name="hero-exclamation-circle" class="size-5" />
|
|
{msg}
|
|
</p>
|
|
<% end %>
|
|
<% end %>
|
|
</div>
|
|
|
|
<div class="mt-4">
|
|
<.button phx-disable-with={gettext("Saving...")} variant="primary" type="submit">
|
|
{gettext("Save Role")}
|
|
</.button>
|
|
<.button navigate={return_path(@return_to, @role)} type="button">
|
|
{gettext("Cancel")}
|
|
</.button>
|
|
</div>
|
|
</.form>
|
|
</Layouts.app>
|
|
"""
|
|
end
|
|
|
|
@impl true
|
|
def mount(params, _session, socket) do
|
|
case params["id"] do
|
|
nil ->
|
|
action = gettext("New")
|
|
page_title = action <> " " <> gettext("Role")
|
|
|
|
{:ok,
|
|
socket
|
|
|> assign(:return_to, return_to(params["return_to"]))
|
|
|> assign(:role, nil)
|
|
|> assign(:page_title, page_title)
|
|
|> assign_form()}
|
|
|
|
id ->
|
|
try do
|
|
case Ash.get(
|
|
Mv.Authorization.Role,
|
|
id,
|
|
domain: Mv.Authorization,
|
|
actor: socket.assigns[:current_user]
|
|
) do
|
|
{:ok, role} ->
|
|
action = gettext("Edit")
|
|
page_title = action <> " " <> gettext("Role")
|
|
|
|
{:ok,
|
|
socket
|
|
|> assign(:return_to, return_to(params["return_to"]))
|
|
|> assign(:role, role)
|
|
|> assign(:page_title, page_title)
|
|
|> assign_form()}
|
|
|
|
{:error, %Ash.Error.Invalid{errors: [%Ash.Error.Query.NotFound{} | _]}} ->
|
|
{:ok,
|
|
socket
|
|
|> put_flash(:error, gettext("Role not found."))
|
|
|> redirect(to: ~p"/admin/roles")}
|
|
|
|
{:error, error} ->
|
|
{:ok,
|
|
socket
|
|
|> put_flash(:error, format_error(error))
|
|
|> redirect(to: ~p"/admin/roles")}
|
|
end
|
|
rescue
|
|
e in [Ash.Error.Invalid] ->
|
|
# Handle exceptions that Ash.get might throw (e.g., policy violations)
|
|
case e do
|
|
%Ash.Error.Invalid{errors: [%Ash.Error.Query.NotFound{} | _]} ->
|
|
{:ok,
|
|
socket
|
|
|> put_flash(:error, gettext("Role not found."))
|
|
|> redirect(to: ~p"/admin/roles")}
|
|
|
|
_ ->
|
|
reraise e, __STACKTRACE__
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
@spec return_to(String.t() | nil) :: String.t()
|
|
defp return_to("show"), do: "show"
|
|
defp return_to(_), do: "index"
|
|
|
|
@impl true
|
|
def handle_event("validate", %{"role" => role_params}, socket) do
|
|
validated_form = AshPhoenix.Form.validate(socket.assigns.form, role_params)
|
|
{:noreply, assign(socket, form: validated_form)}
|
|
end
|
|
|
|
def handle_event("save", %{"role" => role_params}, socket) do
|
|
case AshPhoenix.Form.submit(socket.assigns.form, params: role_params) do
|
|
{:ok, role} ->
|
|
notify_parent({:saved, role})
|
|
|
|
redirect_path =
|
|
if socket.assigns.return_to == "show" do
|
|
~p"/admin/roles/#{role.id}"
|
|
else
|
|
~p"/admin/roles"
|
|
end
|
|
|
|
socket =
|
|
socket
|
|
|> put_flash(:info, gettext("Role saved successfully."))
|
|
|> push_navigate(to: redirect_path)
|
|
|
|
{:noreply, socket}
|
|
|
|
{:error, form} ->
|
|
{:noreply, assign(socket, form: form)}
|
|
end
|
|
end
|
|
|
|
@spec notify_parent(any()) :: any()
|
|
defp notify_parent(msg), do: send(self(), {__MODULE__, msg})
|
|
|
|
@spec assign_form(Phoenix.LiveView.Socket.t()) :: Phoenix.LiveView.Socket.t()
|
|
defp assign_form(%{assigns: %{role: role, current_user: actor}} = socket) do
|
|
form =
|
|
if role do
|
|
AshPhoenix.Form.for_update(role, :update_role,
|
|
domain: Mv.Authorization,
|
|
as: "role",
|
|
actor: actor
|
|
)
|
|
else
|
|
AshPhoenix.Form.for_create(
|
|
Mv.Authorization.Role,
|
|
:create_role,
|
|
domain: Mv.Authorization,
|
|
as: "role",
|
|
actor: actor
|
|
)
|
|
end
|
|
|
|
assign(socket, form: to_form(form))
|
|
end
|
|
|
|
defp all_permission_sets do
|
|
PermissionSets.all_permission_sets() |> Enum.map(&Atom.to_string/1)
|
|
end
|
|
|
|
defp format_permission_set_option("own_data"),
|
|
do: gettext("own_data - Access only to own data")
|
|
|
|
defp format_permission_set_option("read_only"),
|
|
do: gettext("read_only - Read access to all data")
|
|
|
|
defp format_permission_set_option("normal_user"),
|
|
do: gettext("normal_user - Create/Read/Update access")
|
|
|
|
defp format_permission_set_option("admin"),
|
|
do: gettext("admin - Unrestricted access")
|
|
|
|
defp format_permission_set_option(set), do: set
|
|
|
|
@spec return_path(String.t(), Mv.Authorization.Role.t() | nil) :: String.t()
|
|
defp return_path("index", _role), do: ~p"/admin/roles"
|
|
defp return_path("show", role) when not is_nil(role), do: ~p"/admin/roles/#{role.id}"
|
|
defp return_path("show", _role), do: ~p"/admin/roles"
|
|
defp return_path(_, role) when not is_nil(role), do: ~p"/admin/roles/#{role.id}"
|
|
defp return_path(_, _role), do: ~p"/admin/roles"
|
|
end
|