Ролевая модель и аудит Часть 1.

src/infra/eventhub_auth.erl

@@ -130,14 +130,14 @@ authenticate_user_request(_Req, Email, Password) ->
 -spec authenticate_admin_request(Req :: cowboy_req:req(), Email :: binary(), Password :: binary()) ->
   {ok, Token :: binary(), User :: map()} | {error, atom()}.
 authenticate_admin_request(_Req, Email, Password) ->
-  case logic_auth:authenticate_user(Email, Password) of
-    {ok, User} ->
-      Role = maps:get(role, User, <<"admin">>),
-      case is_admin_role(Role) of
+  case logic_auth:authenticate_admin(Email, Password) of
+    {ok, AdminMap} ->
+      Role = maps:get(role, AdminMap, <<"admin">>),
+      case admin_utils:is_admin(Role) of
         true ->
-          UserId = maps:get(id, User),
-          Token = generate_admin_token(UserId, Role),
-          {ok, Token, User};
+          AdminId = maps:get(id, AdminMap),
+          Token = generate_admin_token(AdminId, Role),
+          {ok, Token, AdminMap};
         false -> {error, insufficient_permissions}
       end;
     Error -> Error
@@ -152,9 +152,4 @@ generate_refresh_token(_UserId) ->
   ExpiresAt = calendar:gregorian_seconds_to_datetime(
     calendar:datetime_to_gregorian_seconds(Now) + 30 * 24 * 3600
   ),
-  {RefreshToken, ExpiresAt}.
-
-%% ========== ВНУТРЕННИЕ ==========
-
-is_admin_role(Role) ->
-  lists:member(Role, [<<"admin">>, <<"superadmin">>, <<"moderator">>, <<"support">>]).
+  {RefreshToken, ExpiresAt}.