From 9d5a369ff6aa2dc3a80f104ffdc622ddf594a725 Mon Sep 17 00:00:00 2001
From: Logan Hunt <loganhunt@simponic.xyz>
Date: Wed, 13 Apr 2022 12:42:01 -0600
Subject: Add guards on post resources

---
 lib/aggiedit_web/live/post_live/index.ex | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'lib/aggiedit_web/live/post_live/index.ex')

diff --git a/lib/aggiedit_web/live/post_live/index.ex b/lib/aggiedit_web/live/post_live/index.ex
index 7f3ac65..d48ce67 100644
--- a/lib/aggiedit_web/live/post_live/index.ex
+++ b/lib/aggiedit_web/live/post_live/index.ex
@@ -1,6 +1,7 @@
 defmodule AggieditWeb.PostLive.Index do
   use AggieditWeb, :live_view
 
+  alias Aggiedit.Roles
   alias Aggiedit.Rooms
   alias Aggiedit.Rooms.Post
   alias Aggiedit.Repo
@@ -14,12 +15,24 @@ defmodule AggieditWeb.PostLive.Index do
     end
   end
 
+  @impl true
+  def handle_params(%{"id" => id}=params, _url, socket) do
+    post = Rooms.get_post!(id)
+    if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
+      {:noreply, apply_action(socket, socket.assigns.live_action, params)}
+    else
+      {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
+    end
+  end
+
   @impl true
   def handle_params(params, _url, socket) do
+    IO.puts(inspect(params))
     {:noreply, apply_action(socket, socket.assigns.live_action, params)}
   end
 
-  defp apply_action(socket, :edit, %{"id" => id}) do
+
+  defp apply_action(socket, :edit, %{"id" => id}=params) do
     socket
     |> assign(:page_title, "Edit Post")
     |> assign(:post, Rooms.get_post!(id) |> Repo.preload(:upload))
@@ -40,9 +53,12 @@ defmodule AggieditWeb.PostLive.Index do
   @impl true
   def handle_event("delete", %{"id" => id}, socket) do
     post = Rooms.get_post!(id)
-    {:ok, _} = Rooms.delete_post(post)
-
-    {:noreply, assign(socket, :posts, list_posts())}
+    if Roles.guard?(socket.assigns.current_user, :delete, post) do
+      Rooms.delete_post(post)
+      {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))}
+    else
+      {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
+    end
   end
 
   defp list_posts do
-- 
cgit v1.2.3-70-g09d2