Merge branch 'ah/settings-restrictions' into staging

system76 · Mar 28, 2024 · 96c7b61 · 96c7b61
2 parents 7ff50b7 + a6fc0de
commit 96c7b61
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 13 deletions.
diff --git a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex
@@ -2,6 +2,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do
   use RecognizerWeb, :controller
 
   alias Recognizer.Accounts
+  alias Recognizer.Accounts.Role
   alias RecognizerWeb.Authentication
 
   @one_minute 60_000
@@ -17,11 +18,20 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do
        ]
        when action in [:two_factor_init]
 
+  @doc """
+  Prompt the user to edit account settings, main edit page
+  """
   def edit(conn, _params) do
     if Application.get_env(:recognizer, :redirect_url) && !get_session(conn, :bc) do
       redirect(conn, external: Application.get_env(:recognizer, :redirect_url))
     else
-      render(conn, "edit.html")
+      # disable phone/text 2fa methods for admins
+      is_admin =
+        conn
+        |> Authentication.fetch_current_user()
+        |> Role.admin?()
+
+      render(conn, "edit.html", allow_phone_methods: !is_admin)
     end
   end
 

diff --git a/lib/recognizer_web/templates/accounts/user_settings/edit.html.eex b/lib/recognizer_web/templates/accounts/user_settings/edit.html.eex
@@ -119,7 +119,7 @@
 
     <div class="buttons is-right mt-5">
       <div class="control">
-        <%= submit "Update Profile", class: "button is-secondary" %>
+        <%= submit "Update Profile", class: "button is-secondary", disabled: false %>
       </div>
     </div>
   <% end %>
@@ -211,6 +211,8 @@
         every time you log in.
       </p>
 
+      <% phone_allowed = Map.get(assigns, :allow_phone_methods, true) %>
+
       <%= inputs_for f, :notification_preference, fn n -> %>
         <div class="label mt-4">
           Authentication Method Preference
@@ -223,23 +225,28 @@
               Authenticator App
             <% end %>
 
-            <%= label class: "label" do %>
-              <%= radio_button n, :two_factor, "text" %>
-              Text Message
-            <% end %>
+            <%= if phone_allowed do %>
 
-            <%= label class: "label" do %>
-              <%= radio_button n, :two_factor, "voice" %>
-              Phone Call
+              <%= label class: "label" do %>
+                <%= radio_button n, :two_factor, "text" %>
+                Text Message
+              <% end %>
+
+              <%= label class: "label" do %>
+                <%= radio_button n, :two_factor, "voice" %>
+                Phone Call
+              <% end %>
             <% end %>
           </div>
         </div>
       <% end %>
 
-      <p class="is-size-7">
-        Message and data rates may apply for text message and phone call
-        methods.
-      </p>
+      <%= if phone_allowed do %>
+        <p class="is-size-7">
+          Message and data rates may apply for text message and phone call
+          methods.
+        </p>
+      <% end %>
 
       <div class="buttons is-right mt-5">
         <div class="control">

diff --git a/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs b/test/recognizer_web/controllers/accounts/user_settings_controller_test.exs
@@ -24,6 +24,14 @@ defmodule RecognizerWeb.Accounts.UserSettingsControllerTest do
       conn = get(conn, Routes.user_settings_path(conn, :edit))
       assert redirected_to(conn) == Routes.user_session_path(conn, :new)
     end
+
+    test "hides text/voice options for admin", %{conn: conn} do
+      %{conn: conn} = register_and_log_in_admin(%{conn: conn})
+      conn = get(conn, Routes.user_settings_path(conn, :edit))
+      response = html_response(conn, 200)
+      assert response =~ "Authenticator App"
+      refute response =~ "Text Message"
+    end
   end
 
   describe "PUT /users/settings (change password form)" do