diff options
| -rw-r--r-- | lib/aggiedit/roles.ex | 3 | ||||
| -rw-r--r-- | lib/aggiedit/rooms.ex | 13 | ||||
| -rw-r--r-- | lib/aggiedit_web/live/post_live/index.ex | 30 | ||||
| -rw-r--r-- | lib/aggiedit_web/live/post_live/show.ex | 2 | ||||
| -rw-r--r-- | lib/aggiedit_web/router.ex | 2 |
5 files changed, 29 insertions, 21 deletions
diff --git a/lib/aggiedit/roles.ex b/lib/aggiedit/roles.ex index e50b53b..3ec6bfd 100644 --- a/lib/aggiedit/roles.ex +++ b/lib/aggiedit/roles.ex @@ -1,10 +1,13 @@ defmodule Aggiedit.Roles do alias Aggiedit.Accounts.User alias Aggiedit.Rooms.Post + alias Aggiedit.Rooms.Room def guard?(user, action, object) def guard?(%User{role: :admin}, _, _), do: true + def guard?(%User{room_id: rid}, :index, %Room{id: rid}), do: true def guard?(%User{room_id: rid}, :show, %Post{room_id: rid}), do: true def guard?(%User{id: id, room_id: rid}, action, %Post{user_id: id, room_id: rid}) when action in [:delete, :edit], do: true def guard?(_, _, _), do: false + end
\ No newline at end of file diff --git a/lib/aggiedit/rooms.ex b/lib/aggiedit/rooms.ex index 8f2e39f..1eb09f9 100644 --- a/lib/aggiedit/rooms.ex +++ b/lib/aggiedit/rooms.ex @@ -112,19 +112,14 @@ defmodule Aggiedit.Rooms do alias Aggiedit.Rooms.Post - @doc """ - Returns the list of posts. - - ## Examples - - iex> list_posts() - [%Post{}, ...] - - """ def list_posts do Repo.all(Post) end + def posts_in_room(room_id) do + Repo.all((from p in Post, where: p.room_id == ^room_id, select: p)) + end + @doc """ Gets a single post. diff --git a/lib/aggiedit_web/live/post_live/index.ex b/lib/aggiedit_web/live/post_live/index.ex index d48ce67..e78342d 100644 --- a/lib/aggiedit_web/live/post_live/index.ex +++ b/lib/aggiedit_web/live/post_live/index.ex @@ -1,27 +1,38 @@ defmodule AggieditWeb.PostLive.Index do use AggieditWeb, :live_view + alias Aggiedit.Accounts.User alias Aggiedit.Roles alias Aggiedit.Rooms - alias Aggiedit.Rooms.Post + alias Aggiedit.Rooms.{Post, Room} alias Aggiedit.Repo @impl true - def mount(_params, session, socket) do + def mount(%{"id" => room_id} = params, session, socket) do socket = assign_socket_user(session, socket) case socket.assigns do - %{:current_user => user} -> {:ok, assign(socket, :posts, list_posts())} + %{:current_user => user} -> + room = Rooms.get_room!(room_id) + case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do + true -> {:ok, assign(socket, :posts, list_posts(room))} + _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))} + end _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))} end + end @impl true def handle_params(%{"id" => id}=params, _url, socket) do - post = Rooms.get_post!(id) - if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do - {:noreply, apply_action(socket, socket.assigns.live_action, params)} + if socket.assigns.live_action != :index do + post = Rooms.get_post!(id) + if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do + {:noreply, apply_action(socket, socket.assigns.live_action, params)} + else + {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + end else - {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + {:noreply, socket} end end @@ -31,7 +42,6 @@ defmodule AggieditWeb.PostLive.Index do {:noreply, apply_action(socket, socket.assigns.live_action, params)} end - defp apply_action(socket, :edit, %{"id" => id}=params) do socket |> assign(:page_title, "Edit Post") @@ -61,7 +71,7 @@ defmodule AggieditWeb.PostLive.Index do end end - defp list_posts do - Rooms.list_posts() + defp list_posts(%Room{id: room_id}) do + Rooms.posts_in_room(room_id) end end diff --git a/lib/aggiedit_web/live/post_live/show.ex b/lib/aggiedit_web/live/post_live/show.ex index 748c6ea..ea9c134 100644 --- a/lib/aggiedit_web/live/post_live/show.ex +++ b/lib/aggiedit_web/live/post_live/show.ex @@ -24,7 +24,7 @@ defmodule AggieditWeb.PostLive.Show do |> assign(:page_title, page_title(socket.assigns.live_action)) |> assign(:post, post)} else - {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :index))} + {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))} end end diff --git a/lib/aggiedit_web/router.ex b/lib/aggiedit_web/router.ex index 99aee90..1ac0a0f 100644 --- a/lib/aggiedit_web/router.ex +++ b/lib/aggiedit_web/router.ex @@ -25,7 +25,7 @@ defmodule AggieditWeb.Router do scope "/", AggieditWeb do pipe_through [:browser, :require_authenticated_user] - live "/posts", PostLive.Index, :index + live "/posts/room/:id", PostLive.Index, :index live "/posts/new", PostLive.Index, :new live "/posts/:id/edit", PostLive.Index, :edit |