Add room id to routes and fix authorization on said routes
This commit is contained in:
parent
77d572796c
commit
51298ea998
@ -14,9 +14,7 @@ defmodule AggieditWeb.PostLive.FormComponent do
|
||||
{:ok,
|
||||
socket
|
||||
|> assign(assigns)
|
||||
|> assign(:changeset, changeset)
|
||||
|> assign(:current_user, current_user)
|
||||
|> assign(:uploaded_files, [])
|
||||
|> assign(%{changeset: changeset, current_user: current_user, uploaded_files: []})
|
||||
|> allow_upload(:upload, accept: ~w(.jpg .jpeg .png .gif), max_entries: 1)
|
||||
}
|
||||
end
|
||||
|
18
lib/aggiedit_web/live/post_live/helper.ex
Normal file
18
lib/aggiedit_web/live/post_live/helper.ex
Normal file
@ -0,0 +1,18 @@
|
||||
defmodule AggieditWeb.PostLive.Helper do
|
||||
use AggieditWeb, :live_view
|
||||
alias Aggiedit.Rooms
|
||||
alias Aggiedit.Roles
|
||||
|
||||
def assign_socket_room_and_user_or_error(%{"room_id" => room_id}=params, session, socket) do
|
||||
socket = assign_socket_user(session, socket)
|
||||
case socket.assigns do
|
||||
%{:current_user => user} ->
|
||||
room = Rooms.get_room!(room_id)
|
||||
case Roles.guard?(socket.assigns.current_user, :index, room) do
|
||||
true -> {:ok, assign(socket, %{:room => room})}
|
||||
_ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
|
||||
end
|
||||
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
|
||||
end
|
||||
end
|
||||
end
|
@ -8,31 +8,27 @@ defmodule AggieditWeb.PostLive.Index do
|
||||
alias Aggiedit.Repo
|
||||
|
||||
@impl true
|
||||
def mount(%{"id" => room_id} = params, session, socket) do
|
||||
socket = assign_socket_user(session, socket)
|
||||
def mount(%{"room_id" => room_id} = params, session, socket) do
|
||||
{:ok, socket} = AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
|
||||
# if !is_nil(socket.assigns[:room]) do
|
||||
# {:ok, assign(socket, %{:posts => socket.assigns.room |> Repo.preload(:posts) |> Map.get(:posts)})}
|
||||
# else
|
||||
# {:ok, socket}
|
||||
# end
|
||||
case socket.assigns do
|
||||
%{:current_user => user} ->
|
||||
room = Rooms.get_room!(room_id)
|
||||
case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do
|
||||
true -> {:ok, assign(socket, :posts, list_posts(room))}
|
||||
_ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
|
||||
end
|
||||
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
|
||||
%{:room => room} ->
|
||||
{:ok, assign(socket, %{:posts => room |> Repo.preload(:posts) |> Map.get(:posts)})}
|
||||
_ -> {:ok, socket}
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@impl true
|
||||
def handle_params(%{"id" => id}=params, _url, socket) do
|
||||
if socket.assigns.live_action != :index do
|
||||
post = Rooms.get_post!(id)
|
||||
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
|
||||
{:noreply, apply_action(socket, socket.assigns.live_action, params)}
|
||||
else
|
||||
{:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
|
||||
end
|
||||
post = Rooms.get_post!(id)
|
||||
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
|
||||
{:noreply, apply_action(socket, socket.assigns.live_action, params)}
|
||||
else
|
||||
{:noreply, socket}
|
||||
{:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
|
||||
end
|
||||
end
|
||||
|
||||
@ -65,13 +61,9 @@ defmodule AggieditWeb.PostLive.Index do
|
||||
post = Rooms.get_post!(id)
|
||||
if Roles.guard?(socket.assigns.current_user, :delete, post) do
|
||||
Rooms.delete_post(post)
|
||||
{:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))}
|
||||
{:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
|
||||
else
|
||||
{:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
|
||||
{:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
|
||||
end
|
||||
end
|
||||
|
||||
defp list_posts(%Room{id: room_id}) do
|
||||
Rooms.posts_in_room(room_id)
|
||||
end
|
||||
end
|
||||
|
@ -1,7 +1,7 @@
|
||||
<h1>Listing Posts</h1>
|
||||
|
||||
<%= if @live_action in [:new, :edit] do %>
|
||||
<.modal return_to={Routes.post_index_path(@socket, :index)}>
|
||||
<.modal return_to={Routes.post_index_path(@socket, :index, @room)}>
|
||||
<.live_component
|
||||
current_user={@current_user}
|
||||
module={AggieditWeb.PostLive.FormComponent}
|
||||
@ -9,7 +9,7 @@
|
||||
title={@page_title}
|
||||
action={@live_action}
|
||||
post={@post}
|
||||
return_to={Routes.post_index_path(@socket, :index)}
|
||||
return_to={Routes.post_index_path(@socket, :index, @room)}
|
||||
/>
|
||||
</.modal>
|
||||
<% end %>
|
||||
@ -30,8 +30,8 @@
|
||||
<td><%= post.body %></td>
|
||||
|
||||
<td>
|
||||
<span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, post) %></span>
|
||||
<span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, post) %></span>
|
||||
<span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, @room, post) %></span>
|
||||
<span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, @room, post) %></span>
|
||||
<span><%= link "Delete", to: "#", phx_click: "delete", phx_value_id: post.id, data: [confirm: "Are you sure?"] %></span>
|
||||
</td>
|
||||
</tr>
|
||||
@ -39,4 +39,4 @@
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new) %></span>
|
||||
<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new, @room) %></span>
|
||||
|
@ -6,16 +6,12 @@ defmodule AggieditWeb.PostLive.Show do
|
||||
alias Aggiedit.Repo
|
||||
|
||||
@impl true
|
||||
def mount(_params, session, socket) do
|
||||
socket = assign_socket_user(session, socket)
|
||||
case socket.assigns do
|
||||
%{:current_user => user} -> {:ok, socket}
|
||||
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
|
||||
end
|
||||
def mount(%{"room_id" => room_id} = params, session, socket) do
|
||||
AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
|
||||
end
|
||||
|
||||
@impl true
|
||||
def handle_params(%{"id" => id}, _, socket) do
|
||||
def handle_params(%{"id" => id}=params, _, socket) do
|
||||
post = Rooms.get_post!(id)
|
||||
|> Repo.preload(:upload)
|
||||
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
|
||||
@ -24,7 +20,7 @@ defmodule AggieditWeb.PostLive.Show do
|
||||
|> assign(:page_title, page_title(socket.assigns.live_action))
|
||||
|> assign(:post, post)}
|
||||
else
|
||||
{:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))}
|
||||
{:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :show, socket.assigns.room, post))}
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
<h1>Show Post</h1>
|
||||
|
||||
<%= if @live_action in [:edit] do %>
|
||||
<.modal return_to={Routes.post_show_path(@socket, :show, @post)}>
|
||||
<.modal return_to={Routes.post_show_path(@socket, :show, @room, @post)}>
|
||||
<.live_component
|
||||
module={AggieditWeb.PostLive.FormComponent}
|
||||
id={@post.id}
|
||||
@ -9,7 +9,7 @@
|
||||
title={@page_title}
|
||||
action={@live_action}
|
||||
post={@post}
|
||||
return_to={Routes.post_show_path(@socket, :show, @post)}
|
||||
return_to={Routes.post_show_path(@socket, :show, @room, @post)}
|
||||
/>
|
||||
</.modal>
|
||||
<% end %>
|
||||
@ -28,5 +28,5 @@
|
||||
|
||||
</ul>
|
||||
|
||||
<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @post), class: "button" %></span> |
|
||||
<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index) %></span>
|
||||
<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @room, @post), class: "button" %></span> |
|
||||
<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index, @room) %></span>
|
||||
|
@ -25,12 +25,12 @@ defmodule AggieditWeb.Router do
|
||||
|
||||
scope "/", AggieditWeb do
|
||||
pipe_through [:browser, :require_authenticated_user]
|
||||
live "/posts/room/:id", PostLive.Index, :index
|
||||
live "/posts/new", PostLive.Index, :new
|
||||
live "/posts/:id/edit", PostLive.Index, :edit
|
||||
live "/room/:room_id", PostLive.Index, :index
|
||||
live "/room/:room_id/posts/new", PostLive.Index, :new
|
||||
live "/room/:room_id/posts/:id/edit", PostLive.Index, :edit
|
||||
|
||||
live "/posts/:id", PostLive.Show, :show
|
||||
live "/posts/:id/show/edit", PostLive.Show, :edit
|
||||
live "/room/:room_id/posts/:id", PostLive.Show, :show
|
||||
live "/room/:room_id/posts/:id/show/edit", PostLive.Show, :edit
|
||||
end
|
||||
|
||||
# Other scopes may use custom stacks.
|
||||
|
Loading…
Reference in New Issue
Block a user