AAP and Phoenix.LiveDashboard
If I put
live_dashboard inside my ash_authentication_live_session :admin_required router block, I get a compilation error about nested live sessions.
LiveDashboard does not appear to provide an interface to let you manage the live session yourself, so I am not sure how to do this.9 Replies
DOes live dashboard let you customize their live session in any way via options?
There is a function in AAP to get the opts that should be passed to live_session
we set it up for beacon, might work there too
I'm not sure it exposes enough.
https://hexdocs.pm/phoenix_live_dashboard/Phoenix.LiveDashboard.Router.html#live_dashboard/2
On_mount might be all you need
That seems to work until
Phoenix.LiveDashboard.PageLive mounts.At a glance, I don't see anything obviously clearing assigns in the code for PageLive.
https://github.com/phoenixframework/phoenix_live_dashboard/blob/v0.8.7/lib/phoenix/live_dashboard/page_live.ex
Hmm...actually I think you might need the session opt? I'm not sure. What are you trying to do specifically?
May need to ask Phoenix folks how they authorize access to live dashboard in the way you're trying to do it
I think what's happening is that
AshAuthentication.Phoenix.LiveSession.on_mount is being called with a first argument other than :default, so it's not setting the current_user assign.
I'm trying to make the phoenix dashboard accessible only to admin users, for use in production.
It appears they expect auth to be done by plugs: https://hexdocs.pm/phoenix_live_dashboard/Phoenix.LiveDashboard.html#module-extra-add-dashboard-access-on-all-environments-including-productionthat makes sense, we have the plug to fetch the user from the session
so you can just write a plug that kicks users out