thread update/insert changeset fixed - auth permissions done

lib/myapp/auth/auth.ex

@@ -1,5 +1,6 @@
 defmodule MyApp.Guardian do
   use Guardian, otp_app: :myapp
+  use Guardian.Permissions.Bitwise
 
   def subject_for_token(resource, _claims) do
     # You can use any value for the subject of your token but
@@ -11,10 +12,6 @@ defmodule MyApp.Guardian do
     {:ok, sub}
   end
 
-  # def subject_for_token(_, _) do
-  #   {:error, :reason_for_error}
-  # end
-
   def resource_from_claims(claims) do
     # Here we'll look up our resource from the claims, the subject can be
     # found in the `"sub"` key. In `above subject_for_token/2` we returned
@@ -25,8 +22,10 @@ defmodule MyApp.Guardian do
     {:ok,  resource}
   end
 
-  # def resource_from_claims(_claims) do
-  #   {:error, :reason_for_error}
-  # end
+  @spec add_permissions(map, map) :: map
+  def add_permissions(claims, permissions) do
+    claims
+    |> encode_permissions_into_claims!(permissions)
+  end 
 
 end

lib/myapp/auth/pipeline.ex

@@ -1,9 +1,39 @@
-defmodule MyApp.Guardian.AuthPipeline.JSON do
+defmodule MyApp.Guardian.Auth.Pipeline.User do
   use Guardian.Plug.Pipeline, otp_app: :MyApp,
                               module: MyApp.Guardian,
                               error_handler: MyApp.Auth.ErrorHandler
 
   plug Guardian.Plug.VerifyHeader, realm: "Bearer"
+  plug Guardian.Permissions.Bitwise, one_of: [
+    %{user: [:read, :write]},
+    %{mod: [:read, :write]},
+    %{admin: [:read, :write]},
+  ]
+  plug Guardian.Plug.EnsureAuthenticated
+  plug Guardian.Plug.LoadResource, allow_blank: true
+end
+
+defmodule MyApp.Guardian.Auth.Pipeline.Mod do
+  use Guardian.Plug.Pipeline, otp_app: :MyApp,
+                              module: MyApp.Guardian,
+                              error_handler: MyApp.Auth.ErrorHandler
+
+  plug Guardian.Plug.VerifyHeader, realm: "Bearer"
+  plug Guardian.Permissions.Bitwise, one_of: [
+    %{mod: [:read, :write]},
+    %{admin: [:read, :write]},
+  ]
+  plug Guardian.Plug.EnsureAuthenticated
+  plug Guardian.Plug.LoadResource, allow_blank: true
+end
+
+defmodule MyApp.Guardian.Auth.Pipeline.Admin do
+  use Guardian.Plug.Pipeline, otp_app: :MyApp,
+                              module: MyApp.Guardian,
+                              error_handler: MyApp.Auth.ErrorHandler
+
+  plug Guardian.Plug.VerifyHeader, realm: "Bearer"
+  plug Guardian.Permissions.Bitwise, one_of: [%{admin: [:read, :write]}]
   plug Guardian.Plug.EnsureAuthenticated
   plug Guardian.Plug.LoadResource, allow_blank: true
 end

lib/myapp/auth/token.ex

@@ -0,0 +1,33 @@
+defmodule MyApp.Guardian.Auth.Token do
+  alias MyApp.Guardian
+  
+  # ~1 year
+  defp tokenTTL(), do: {52, :weeks}
+
+  @spec add_token_and_map_claims(map | {atom, any}) :: {:ok, map} | {:error, String.t}
+  def add_token_and_map_claims(user) when is_map(user) do
+
+    claims = user
+    |> Map.take([:id, :battletag, :battle_net_id, :access_token]) # take values from user object to map to claims
+    |> Guardian.add_permissions(get_permissions(user))
+
+    case Guardian.encode_and_sign(user, claims, ttl: tokenTTL()) do
+      {:ok, token, _claims} -> {:ok, Map.merge(user, %{token: token})}
+      {:error, error} -> {:error, error}
+    end
+  end
+
+  def add_token_and_map_claims({:ok, user}), do: add_token_and_map_claims(user)
+  def add_token_and_map_claims({:error, error}), do: {:error, error}
+
+  # return permissions base on field in database
+  defp get_permissions(user) do
+    case Map.get(user, :permissions) do
+      "user" -> %{user: [:read, :write]}
+      "mod" -> %{mod: [:read, :write]}
+      "admin" -> %{admin: [:read, :write]}
+      nil -> %{user: [:read, :write]}
+    end
+  end
+
+end