Add admin panel and user roles (#189)

priv/repo/migrations/20250711135508_create_roles.exs

@@ -0,0 +1,14 @@
+defmodule Claper.Repo.Migrations.CreateRoles do
+  use Ecto.Migration
+
+  def change do
+    create table(:roles) do
+      add :name, :string, null: false
+      add :permissions, :map, default: %{}
+
+      timestamps()
+    end
+
+    create unique_index(:roles, [:name])
+  end
+end

priv/repo/migrations/20250711135909_add_role_id_to_users.exs

@@ -0,0 +1,11 @@
+defmodule Claper.Repo.Migrations.AddRoleIdToUsers do
+  use Ecto.Migration
+
+  def change do
+    alter table(:users) do
+      add :role_id, references(:roles, on_delete: :nilify_all), null: true
+    end
+
+    create index(:users, [:role_id])
+  end
+end

priv/repo/migrations/20250711164053_create_oidc_providers.exs

@@ -0,0 +1,22 @@
+defmodule Claper.Repo.Migrations.CreateOidcProviders do
+  use Ecto.Migration
+
+  def change do
+    create table(:oidc_providers) do
+      add :name, :string, null: false
+      add :issuer, :string, null: false
+      add :client_id, :string, null: false
+      add :client_secret, :string, null: false
+      add :redirect_uri, :string, null: false
+      add :response_type, :string, default: "code"
+      add :response_mode, :string
+      add :scope, :string, default: "openid email profile"
+      add :active, :boolean, default: true
+
+      timestamps()
+    end
+
+    create index(:oidc_providers, [:name])
+    create unique_index(:oidc_providers, [:issuer])
+  end
+end

priv/repo/seeds.exs

@@ -10,6 +10,26 @@
 # We recommend using the bang functions (`insert!`, `update!`
 # and so on) as they will fail if something goes wrong.
 
+# Create roles if they don't exist
+alias Claper.Accounts.Role
+alias Claper.Repo
+
+# Create admin role if it doesn't exist
+if !Repo.get_by(Role, name: "admin") do
+  %Role{name: "admin", permissions: %{"all" => true}}
+  |> Repo.insert!()
+
+  IO.puts("Created admin role")
+end
+
+# Create user role if it doesn't exist
+if !Repo.get_by(Role, name: "user") do
+  %Role{name: "user", permissions: %{}}
+  |> Repo.insert!()
+
+  IO.puts("Created user role")
+end
+
 # create a default active lti_1p3 jwk
 if !Claper.Repo.get_by(Lti13.Jwks.Jwk, id: 1) do
   %{private_key: private_key} = Lti13.Jwks.Utils.KeyGenerator.generate_key_pair()
@@ -22,3 +42,29 @@ if !Claper.Repo.get_by(Lti13.Jwks.Jwk, id: 1) do
     active: true
   })
 end
+
+# Create default admin user if no users exist
+alias Claper.Accounts
+alias Claper.Accounts.User
+
+if Repo.aggregate(User, :count, :id) == 0 do
+  admin_role = Repo.get_by(Role, name: "admin")
+
+  if admin_role do
+    {:ok, admin_user} =
+      Accounts.register_user(%{
+        email: "admin@claper.co",
+        password: "claper",
+        confirmed_at: NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
+      })
+
+    Accounts.assign_role(admin_user, admin_role)
+
+    IO.puts("Created default admin user:")
+    IO.puts("  Email: admin@claper.co")
+    IO.puts("  Password: claper")
+    IO.puts("  IMPORTANT: Please change this password after first login!")
+  else
+    IO.puts("Warning: Admin role not found, skipping default admin user creation")
+  end
+end