diff options
Diffstat (limited to 'lib/aggiedit_web/live')
| -rw-r--r-- | lib/aggiedit_web/live/post_live/index.ex | 24 | ||||
| -rw-r--r-- | lib/aggiedit_web/live/post_live/show.ex | 24 | ||||
| -rw-r--r-- | lib/aggiedit_web/live/post_live/show.html.heex | 1 |
3 files changed, 39 insertions, 10 deletions
diff --git a/lib/aggiedit_web/live/post_live/index.ex b/lib/aggiedit_web/live/post_live/index.ex index 7f3ac65..d48ce67 100644 --- a/lib/aggiedit_web/live/post_live/index.ex +++ b/lib/aggiedit_web/live/post_live/index.ex @@ -1,6 +1,7 @@ defmodule AggieditWeb.PostLive.Index do use AggieditWeb, :live_view + alias Aggiedit.Roles alias Aggiedit.Rooms alias Aggiedit.Rooms.Post alias Aggiedit.Repo @@ -15,11 +16,23 @@ defmodule AggieditWeb.PostLive.Index do end @impl true + def handle_params(%{"id" => id}=params, _url, socket) do + post = Rooms.get_post!(id) + if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do + {:noreply, apply_action(socket, socket.assigns.live_action, params)} + else + {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + end + end + + @impl true def handle_params(params, _url, socket) do + IO.puts(inspect(params)) {:noreply, apply_action(socket, socket.assigns.live_action, params)} end - defp apply_action(socket, :edit, %{"id" => id}) do + + defp apply_action(socket, :edit, %{"id" => id}=params) do socket |> assign(:page_title, "Edit Post") |> assign(:post, Rooms.get_post!(id) |> Repo.preload(:upload)) @@ -40,9 +53,12 @@ defmodule AggieditWeb.PostLive.Index do @impl true def handle_event("delete", %{"id" => id}, socket) do post = Rooms.get_post!(id) - {:ok, _} = Rooms.delete_post(post) - - {:noreply, assign(socket, :posts, list_posts())} + if Roles.guard?(socket.assigns.current_user, :delete, post) do + Rooms.delete_post(post) + {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))} + else + {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))} + end end defp list_posts do diff --git a/lib/aggiedit_web/live/post_live/show.ex b/lib/aggiedit_web/live/post_live/show.ex index 2416156..748c6ea 100644 --- a/lib/aggiedit_web/live/post_live/show.ex +++ b/lib/aggiedit_web/live/post_live/show.ex @@ -2,18 +2,30 @@ defmodule AggieditWeb.PostLive.Show do use AggieditWeb, :live_view alias Aggiedit.Rooms + alias Aggiedit.Roles + alias Aggiedit.Repo @impl true - def mount(_params, _session, socket) do - {:ok, socket} + def mount(_params, session, socket) do + socket = assign_socket_user(session, socket) + case socket.assigns do + %{:current_user => user} -> {:ok, socket} + _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))} + end end @impl true def handle_params(%{"id" => id}, _, socket) do - {:noreply, - socket - |> assign(:page_title, page_title(socket.assigns.live_action)) - |> assign(:post, Rooms.get_post!(id))} + post = Rooms.get_post!(id) + |> Repo.preload(:upload) + if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do + {:noreply, + socket + |> assign(:page_title, page_title(socket.assigns.live_action)) + |> assign(:post, post)} + else + {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :index))} + end end defp page_title(:show), do: "Show Post" diff --git a/lib/aggiedit_web/live/post_live/show.html.heex b/lib/aggiedit_web/live/post_live/show.html.heex index e6eaebe..fd57bbb 100644 --- a/lib/aggiedit_web/live/post_live/show.html.heex +++ b/lib/aggiedit_web/live/post_live/show.html.heex @@ -5,6 +5,7 @@ <.live_component module={AggieditWeb.PostLive.FormComponent} id={@post.id} + current_user={@current_user} title={@page_title} action={@live_action} post={@post} |