diff options
Diffstat (limited to 'lib/aggiedit_web/live/post_live')
| -rw-r--r-- | lib/aggiedit_web/live/post_live/index.ex | 30 | ||||
| -rw-r--r-- | lib/aggiedit_web/live/post_live/show.ex | 2 |
2 files changed, 21 insertions, 11 deletions
diff --git a/lib/aggiedit_web/live/post_live/index.ex b/lib/aggiedit_web/live/post_live/index.ex index d48ce67..e78342d 100644 --- a/lib/aggiedit_web/live/post_live/index.ex +++ b/lib/aggiedit_web/live/post_live/index.ex @@ -1,27 +1,38 @@ defmodule AggieditWeb.PostLive.Index do use AggieditWeb, :live_view + alias Aggiedit.Accounts.User alias Aggiedit.Roles alias Aggiedit.Rooms - alias Aggiedit.Rooms.Post + alias Aggiedit.Rooms.{Post, Room} alias Aggiedit.Repo @impl true - def mount(_params, session, socket) do + def mount(%{"id" => room_id} = params, session, socket) do socket = assign_socket_user(session, socket) case socket.assigns do - %{:current_user => user} -> {:ok, assign(socket, :posts, list_posts())} + %{:current_user => user} -> + room = Rooms.get_room!(room_id) + case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do + true -> {:ok, assign(socket, :posts, list_posts(room))} + _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))} + end _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))} end + end @impl true def handle_params(%{"id" => id}=params, _url, socket) do - post = Rooms.get_post!(id) - if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do - {:noreply, apply_action(socket, socket.assigns.live_action, params)} + if socket.assigns.live_action != :index do + post = Rooms.get_post!(id) + if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do + {:noreply, apply_action(socket, socket.assigns.live_action, params)} + else + {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + end else - {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + {:noreply, socket} end end @@ -31,7 +42,6 @@ defmodule AggieditWeb.PostLive.Index do {:noreply, apply_action(socket, socket.assigns.live_action, params)} end - defp apply_action(socket, :edit, %{"id" => id}=params) do socket |> assign(:page_title, "Edit Post") @@ -61,7 +71,7 @@ defmodule AggieditWeb.PostLive.Index do end end - defp list_posts do - Rooms.list_posts() + defp list_posts(%Room{id: room_id}) do + Rooms.posts_in_room(room_id) end end diff --git a/lib/aggiedit_web/live/post_live/show.ex b/lib/aggiedit_web/live/post_live/show.ex index 748c6ea..ea9c134 100644 --- a/lib/aggiedit_web/live/post_live/show.ex +++ b/lib/aggiedit_web/live/post_live/show.ex @@ -24,7 +24,7 @@ defmodule AggieditWeb.PostLive.Show do |> assign(:page_title, page_title(socket.assigns.live_action)) |> assign(:post, post)} else - {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :index))} + {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))} end end |