diff options
| author | Logan Hunt <loganhunt@simponic.xyz> | 2022-04-13 12:42:01 -0600 |
|---|---|---|
| committer | Logan Hunt <loganhunt@simponic.xyz> | 2022-04-13 12:42:01 -0600 |
| commit | 9d5a369ff6aa2dc3a80f104ffdc622ddf594a725 (patch) | |
| tree | 78f7a8e7728a997bb02773c4623c43dc30de6328 /lib/aggiedit_web/live/post_live/index.ex | |
| parent | 76b083a2bd7e0ab694af3e4fb2504e3869f97113 (diff) | |
| download | aggiedit-9d5a369ff6aa2dc3a80f104ffdc622ddf594a725.tar.gz aggiedit-9d5a369ff6aa2dc3a80f104ffdc622ddf594a725.zip | |
Add guards on post resources
Diffstat (limited to 'lib/aggiedit_web/live/post_live/index.ex')
| -rw-r--r-- | lib/aggiedit_web/live/post_live/index.ex | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/lib/aggiedit_web/live/post_live/index.ex b/lib/aggiedit_web/live/post_live/index.ex index 7f3ac65..d48ce67 100644 --- a/lib/aggiedit_web/live/post_live/index.ex +++ b/lib/aggiedit_web/live/post_live/index.ex @@ -1,6 +1,7 @@ defmodule AggieditWeb.PostLive.Index do use AggieditWeb, :live_view + alias Aggiedit.Roles alias Aggiedit.Rooms alias Aggiedit.Rooms.Post alias Aggiedit.Repo @@ -15,11 +16,23 @@ defmodule AggieditWeb.PostLive.Index do end @impl true + def handle_params(%{"id" => id}=params, _url, socket) do + post = Rooms.get_post!(id) + if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do + {:noreply, apply_action(socket, socket.assigns.live_action, params)} + else + {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + end + end + + @impl true def handle_params(params, _url, socket) do + IO.puts(inspect(params)) {:noreply, apply_action(socket, socket.assigns.live_action, params)} end - defp apply_action(socket, :edit, %{"id" => id}) do + + defp apply_action(socket, :edit, %{"id" => id}=params) do socket |> assign(:page_title, "Edit Post") |> assign(:post, Rooms.get_post!(id) |> Repo.preload(:upload)) @@ -40,9 +53,12 @@ defmodule AggieditWeb.PostLive.Index do @impl true def handle_event("delete", %{"id" => id}, socket) do post = Rooms.get_post!(id) - {:ok, _} = Rooms.delete_post(post) - - {:noreply, assign(socket, :posts, list_posts())} + if Roles.guard?(socket.assigns.current_user, :delete, post) do + Rooms.delete_post(post) + {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))} + else + {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + end end defp list_posts do |