Add room id to routes and fix authorization on said routes

author: Logan Hunt <loganhunt@simponic.xyz> 2022-04-13 14:17:28 -0600
committer: Logan Hunt <loganhunt@simponic.xyz> 2022-04-13 14:17:28 -0600
commit: 51298ea998bff64b521fe0a392ad340271d40f07 (patch)
tree: 32459310f5f5f1466b601a96e5deb76caf1bd1f0
parent: 77d572796ca940e3eb5edd1192f8cd127286284e (diff)
download: aggiedit-51298ea998bff64b521fe0a392ad340271d40f07.tar.gz
aggiedit-51298ea998bff64b521fe0a392ad340271d40f07.zip
7 files changed, 53 insertions, 49 deletions
diff --git a/lib/aggiedit_web/live/post_live/form_component.ex b/lib/aggiedit_web/live/post_live/form_component.ex
index 66f2477..c316c0b 100644
--- a/lib/aggiedit_web/live/post_live/form_component.ex
+++ b/lib/aggiedit_web/live/post_live/form_component.ex
@@ -14,9 +14,7 @@ defmodule AggieditWeb.PostLive.FormComponent do
     {:ok,
      socket
      |> assign(assigns)
-     |> assign(:changeset, changeset)
-     |> assign(:current_user, current_user)
-     |> assign(:uploaded_files, [])
+     |> assign(%{changeset: changeset, current_user: current_user, uploaded_files: []})
      |> allow_upload(:upload, accept: ~w(.jpg .jpeg .png .gif), max_entries: 1)
     }
   end
diff --git a/lib/aggiedit_web/live/post_live/helper.ex b/lib/aggiedit_web/live/post_live/helper.ex
new file mode 100644
index 0000000..5b8e5be
--- /dev/null
+++ b/lib/aggiedit_web/live/post_live/helper.ex
@@ -0,0 +1,18 @@
+defmodule AggieditWeb.PostLive.Helper do
+  use AggieditWeb, :live_view
+  alias Aggiedit.Rooms
+  alias Aggiedit.Roles
+
+  def assign_socket_room_and_user_or_error(%{"room_id" => room_id}=params, session, socket) do
+    socket = assign_socket_user(session, socket)
+    case socket.assigns do
+      %{:current_user => user} -> 
+        room = Rooms.get_room!(room_id)
+        case Roles.guard?(socket.assigns.current_user, :index, room) do
+          true -> {:ok, assign(socket, %{:room => room})}
+          _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
+        end
+      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
+    end
+  end
+end
+\ No newline at end of file
diff --git a/lib/aggiedit_web/live/post_live/index.ex b/lib/aggiedit_web/live/post_live/index.ex
index e78342d..26c078c 100644
--- a/lib/aggiedit_web/live/post_live/index.ex
+++ b/lib/aggiedit_web/live/post_live/index.ex
@@ -8,31 +8,27 @@ defmodule AggieditWeb.PostLive.Index do
   alias Aggiedit.Repo
 
   @impl true
-  def mount(%{"id" => room_id} = params, session, socket) do
-    socket = assign_socket_user(session, socket)
+  def mount(%{"room_id" => room_id} = params, session, socket) do
+    {:ok, socket} = AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
+#    if !is_nil(socket.assigns[:room]) do
+#      {:ok, assign(socket, %{:posts => socket.assigns.room |> Repo.preload(:posts) |> Map.get(:posts)})}
+#    else 
+#      {:ok, socket}
+#    end
     case socket.assigns do
-      %{:current_user => user} -> 
-        room = Rooms.get_room!(room_id)
-        case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do
-          true -> {:ok, assign(socket, :posts, list_posts(room))}
-          _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
-        end
-      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
+      %{:room => room} -> 
+        {:ok, assign(socket, %{:posts => room |> Repo.preload(:posts) |> Map.get(:posts)})}
+      _ -> {:ok, socket}
     end
-
   end
 
   @impl true
   def handle_params(%{"id" => id}=params, _url, socket) do
-    if socket.assigns.live_action != :index do
-      post = Rooms.get_post!(id)
-      if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
-        {:noreply, apply_action(socket, socket.assigns.live_action, params)}
-      else
-        {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
-      end
+    post = Rooms.get_post!(id)
+    if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
+      {:noreply, apply_action(socket, socket.assigns.live_action, params)}
     else
-      {:noreply, socket}
+      {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
     end
   end
 
@@ -65,13 +61,9 @@ defmodule AggieditWeb.PostLive.Index do
     post = Rooms.get_post!(id)
     if Roles.guard?(socket.assigns.current_user, :delete, post) do
       Rooms.delete_post(post)
-      {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))}
+      {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
     else
-      {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
+      {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
     end
   end
-
-  defp list_posts(%Room{id: room_id}) do
-    Rooms.posts_in_room(room_id)
-  end
 end
diff --git a/lib/aggiedit_web/live/post_live/index.html.heex b/lib/aggiedit_web/live/post_live/index.html.heex
index 1804971..329f84c 100644
--- a/lib/aggiedit_web/live/post_live/index.html.heex
+++ b/lib/aggiedit_web/live/post_live/index.html.heex
@@ -1,7 +1,7 @@
 <h1>Listing Posts</h1>
 
 <%= if @live_action in [:new, :edit] do %>
-  <.modal return_to={Routes.post_index_path(@socket, :index)}>
+  <.modal return_to={Routes.post_index_path(@socket, :index, @room)}>
     <.live_component
       current_user={@current_user}
       module={AggieditWeb.PostLive.FormComponent}
@@ -9,7 +9,7 @@
       title={@page_title}
       action={@live_action}
       post={@post}
-      return_to={Routes.post_index_path(@socket, :index)}
+      return_to={Routes.post_index_path(@socket, :index, @room)}
     />
   </.modal>
 <% end %>
@@ -30,8 +30,8 @@
         <td><%= post.body %></td>
 
         <td>
-          <span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, post) %></span>
-          <span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, post) %></span>
+          <span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, @room, post) %></span>
+          <span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, @room, post) %></span>
           <span><%= link "Delete", to: "#", phx_click: "delete", phx_value_id: post.id, data: [confirm: "Are you sure?"] %></span>
         </td>
       </tr>
@@ -39,4 +39,4 @@
   </tbody>
 </table>
 
-<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new) %></span>
+<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new, @room) %></span>
diff --git a/lib/aggiedit_web/live/post_live/show.ex b/lib/aggiedit_web/live/post_live/show.ex
index ea9c134..f3293fb 100644
--- a/lib/aggiedit_web/live/post_live/show.ex
+++ b/lib/aggiedit_web/live/post_live/show.ex
@@ -6,16 +6,12 @@ defmodule AggieditWeb.PostLive.Show do
   alias Aggiedit.Repo
 
   @impl true
-  def mount(_params, session, socket) do
-    socket = assign_socket_user(session, socket)
-    case socket.assigns do
-      %{:current_user => user} -> {:ok, socket}
-      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
-    end
+  def mount(%{"room_id" => room_id} = params, session, socket) do
+    AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
   end
 
   @impl true
-  def handle_params(%{"id" => id}, _, socket) do
+  def handle_params(%{"id" => id}=params, _, socket) do
     post = Rooms.get_post!(id)
     |> Repo.preload(:upload)
     if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
@@ -24,7 +20,7 @@ defmodule AggieditWeb.PostLive.Show do
       |> assign(:page_title, page_title(socket.assigns.live_action))
       |> assign(:post, post)}
     else
-      {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))}
+      {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :show, socket.assigns.room, post))}
     end
   end
 
diff --git a/lib/aggiedit_web/live/post_live/show.html.heex b/lib/aggiedit_web/live/post_live/show.html.heex
index fd57bbb..ba71c75 100644
--- a/lib/aggiedit_web/live/post_live/show.html.heex
+++ b/lib/aggiedit_web/live/post_live/show.html.heex
@@ -1,7 +1,7 @@
 <h1>Show Post</h1>
 
 <%= if @live_action in [:edit] do %>
-  <.modal return_to={Routes.post_show_path(@socket, :show, @post)}>
+  <.modal return_to={Routes.post_show_path(@socket, :show, @room, @post)}>
     <.live_component
       module={AggieditWeb.PostLive.FormComponent}
       id={@post.id}
@@ -9,7 +9,7 @@
       title={@page_title}
       action={@live_action}
       post={@post}
-      return_to={Routes.post_show_path(@socket, :show, @post)}
+      return_to={Routes.post_show_path(@socket, :show, @room, @post)}
     />
   </.modal>
 <% end %>
@@ -28,5 +28,5 @@
 
 </ul>
 
-<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @post), class: "button" %></span> |
-<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index) %></span>
+<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @room, @post), class: "button" %></span> |
+<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index, @room) %></span>
diff --git a/lib/aggiedit_web/router.ex b/lib/aggiedit_web/router.ex
index 1ac0a0f..5036a3d 100644
--- a/lib/aggiedit_web/router.ex
+++ b/lib/aggiedit_web/router.ex
@@ -25,12 +25,12 @@ defmodule AggieditWeb.Router do
 
   scope "/", AggieditWeb do
     pipe_through [:browser, :require_authenticated_user]
-    live "/posts/room/:id", PostLive.Index, :index
-    live "/posts/new", PostLive.Index, :new
-    live "/posts/:id/edit", PostLive.Index, :edit
+    live "/room/:room_id", PostLive.Index, :index
+    live "/room/:room_id/posts/new", PostLive.Index, :new
+    live "/room/:room_id/posts/:id/edit", PostLive.Index, :edit
 
-    live "/posts/:id", PostLive.Show, :show
-    live "/posts/:id/show/edit", PostLive.Show, :edit
+    live "/room/:room_id/posts/:id", PostLive.Show, :show
+    live "/room/:room_id/posts/:id/show/edit", PostLive.Show, :edit
   end
 
   # Other scopes may use custom stacks.
author	Logan Hunt <loganhunt@simponic.xyz>	2022-04-13 14:17:28 -0600
committer	Logan Hunt <loganhunt@simponic.xyz>	2022-04-13 14:17:28 -0600
commit	51298ea998bff64b521fe0a392ad340271d40f07 (patch)
tree	32459310f5f5f1466b601a96e5deb76caf1bd1f0
parent	77d572796ca940e3eb5edd1192f8cd127286284e (diff)
download	aggiedit-51298ea998bff64b521fe0a392ad340271d40f07.tar.gz aggiedit-51298ea998bff64b521fe0a392ad340271d40f07.zip