Add new group for permanent config

mbta · Nov 2, 2023 · 7050232 · 7050232
1 parent 8e17174
commit 7050232
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 9 deletions.
diff --git a/config/dev.exs b/config/dev.exs
@@ -84,5 +84,5 @@ config :screenplay,
 
 config :ueberauth, Ueberauth,
   providers: [
-    cognito: {Screenplay.Ueberauth.Strategy.Fake, [groups: ["screenplay"]]}
+    cognito: {Screenplay.Ueberauth.Strategy.Fake, [groups: ["screenplay-emergency-admin"]]}
   ]
diff --git a/lib/screenplay_web/auth_manager/auth_manager.ex b/lib/screenplay_web/auth_manager/auth_manager.ex
@@ -3,9 +3,10 @@ defmodule ScreenplayWeb.AuthManager do
 
   use Guardian, otp_app: :screenplay
 
-  @type access_level :: :none | :read_only | :admin
+  @type access_level :: :none | :read_only | :admin | :configurer
 
-  @screenplay_admin_group "screenplay"
+  @screenplay_admin_group "screenplay-emergency-admin"
+  @screenplay_configurer_group "screenplay-screen-configurer"
 
   @spec subject_for_token(
           resource :: Guardian.Token.resource(),
@@ -24,11 +25,16 @@ defmodule ScreenplayWeb.AuthManager do
   def resource_from_claims(_), do: {:error, :invalid_claims}
 
   @spec claims_access_level(Guardian.Token.claims()) :: access_level()
-  def claims_access_level(%{"groups" => groups}) do
-    if not is_nil(groups) and @screenplay_admin_group in groups do
-      :admin
-    else
-      :read_only
+  def claims_access_level(%{"groups" => groups}) when not is_nil(groups) do
+    cond do
+      @screenplay_admin_group in groups ->
+        :admin
+
+      @screenplay_configurer_group in groups ->
+        :configurer
+
+      true ->
+        :read_only
     end
   end
 

diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
@@ -39,7 +39,7 @@ defmodule ScreenplayWeb.ConnCase do
             Phoenix.ConnTest.build_conn()
             |> Plug.Test.init_test_session(%{})
             |> Guardian.Plug.sign_in(ScreenplayWeb.AuthManager, user, %{
-              "groups" => ["screenplay"]
+              "groups" => ["screenplay-emergency-admin"]
             })
             |> Plug.Conn.put_session(:username, user)