Add room id to routes and fix authorization on said routes

This commit is contained in:
Logan Hunt 2022-04-13 14:17:28 -06:00
parent 77d572796c
commit 51298ea998
Signed by untrusted user who does not match committer: simponic
GPG Key ID: 52B3774857EB24B1
7 changed files with 53 additions and 49 deletions

View File

@ -14,9 +14,7 @@ defmodule AggieditWeb.PostLive.FormComponent do
{:ok,
socket
|> assign(assigns)
|> assign(:changeset, changeset)
|> assign(:current_user, current_user)
|> assign(:uploaded_files, [])
|> assign(%{changeset: changeset, current_user: current_user, uploaded_files: []})
|> allow_upload(:upload, accept: ~w(.jpg .jpeg .png .gif), max_entries: 1)
}
end

View File

@ -0,0 +1,18 @@
defmodule AggieditWeb.PostLive.Helper do
use AggieditWeb, :live_view
alias Aggiedit.Rooms
alias Aggiedit.Roles
def assign_socket_room_and_user_or_error(%{"room_id" => room_id}=params, session, socket) do
socket = assign_socket_user(session, socket)
case socket.assigns do
%{:current_user => user} ->
room = Rooms.get_room!(room_id)
case Roles.guard?(socket.assigns.current_user, :index, room) do
true -> {:ok, assign(socket, %{:room => room})}
_ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
end
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
end
end
end

View File

@ -8,31 +8,27 @@ defmodule AggieditWeb.PostLive.Index do
alias Aggiedit.Repo
@impl true
def mount(%{"id" => room_id} = params, session, socket) do
socket = assign_socket_user(session, socket)
def mount(%{"room_id" => room_id} = params, session, socket) do
{:ok, socket} = AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
# if !is_nil(socket.assigns[:room]) do
# {:ok, assign(socket, %{:posts => socket.assigns.room |> Repo.preload(:posts) |> Map.get(:posts)})}
# else
# {:ok, socket}
# end
case socket.assigns do
%{:current_user => user} ->
room = Rooms.get_room!(room_id)
case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do
true -> {:ok, assign(socket, :posts, list_posts(room))}
_ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
end
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
%{:room => room} ->
{:ok, assign(socket, %{:posts => room |> Repo.preload(:posts) |> Map.get(:posts)})}
_ -> {:ok, socket}
end
end
@impl true
def handle_params(%{"id" => id}=params, _url, socket) do
if socket.assigns.live_action != :index do
post = Rooms.get_post!(id)
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
{:noreply, apply_action(socket, socket.assigns.live_action, params)}
else
{:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
end
post = Rooms.get_post!(id)
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
{:noreply, apply_action(socket, socket.assigns.live_action, params)}
else
{:noreply, socket}
{:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
end
end
@ -65,13 +61,9 @@ defmodule AggieditWeb.PostLive.Index do
post = Rooms.get_post!(id)
if Roles.guard?(socket.assigns.current_user, :delete, post) do
Rooms.delete_post(post)
{:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))}
{:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
else
{:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
{:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
end
end
defp list_posts(%Room{id: room_id}) do
Rooms.posts_in_room(room_id)
end
end

View File

@ -1,7 +1,7 @@
<h1>Listing Posts</h1>
<%= if @live_action in [:new, :edit] do %>
<.modal return_to={Routes.post_index_path(@socket, :index)}>
<.modal return_to={Routes.post_index_path(@socket, :index, @room)}>
<.live_component
current_user={@current_user}
module={AggieditWeb.PostLive.FormComponent}
@ -9,7 +9,7 @@
title={@page_title}
action={@live_action}
post={@post}
return_to={Routes.post_index_path(@socket, :index)}
return_to={Routes.post_index_path(@socket, :index, @room)}
/>
</.modal>
<% end %>
@ -30,8 +30,8 @@
<td><%= post.body %></td>
<td>
<span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, post) %></span>
<span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, post) %></span>
<span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, @room, post) %></span>
<span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, @room, post) %></span>
<span><%= link "Delete", to: "#", phx_click: "delete", phx_value_id: post.id, data: [confirm: "Are you sure?"] %></span>
</td>
</tr>
@ -39,4 +39,4 @@
</tbody>
</table>
<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new) %></span>
<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new, @room) %></span>

View File

@ -6,16 +6,12 @@ defmodule AggieditWeb.PostLive.Show do
alias Aggiedit.Repo
@impl true
def mount(_params, session, socket) do
socket = assign_socket_user(session, socket)
case socket.assigns do
%{:current_user => user} -> {:ok, socket}
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
end
def mount(%{"room_id" => room_id} = params, session, socket) do
AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
end
@impl true
def handle_params(%{"id" => id}, _, socket) do
def handle_params(%{"id" => id}=params, _, socket) do
post = Rooms.get_post!(id)
|> Repo.preload(:upload)
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
@ -24,7 +20,7 @@ defmodule AggieditWeb.PostLive.Show do
|> assign(:page_title, page_title(socket.assigns.live_action))
|> assign(:post, post)}
else
{:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))}
{:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :show, socket.assigns.room, post))}
end
end

View File

@ -1,7 +1,7 @@
<h1>Show Post</h1>
<%= if @live_action in [:edit] do %>
<.modal return_to={Routes.post_show_path(@socket, :show, @post)}>
<.modal return_to={Routes.post_show_path(@socket, :show, @room, @post)}>
<.live_component
module={AggieditWeb.PostLive.FormComponent}
id={@post.id}
@ -9,7 +9,7 @@
title={@page_title}
action={@live_action}
post={@post}
return_to={Routes.post_show_path(@socket, :show, @post)}
return_to={Routes.post_show_path(@socket, :show, @room, @post)}
/>
</.modal>
<% end %>
@ -28,5 +28,5 @@
</ul>
<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @post), class: "button" %></span> |
<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index) %></span>
<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @room, @post), class: "button" %></span> |
<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index, @room) %></span>

View File

@ -25,12 +25,12 @@ defmodule AggieditWeb.Router do
scope "/", AggieditWeb do
pipe_through [:browser, :require_authenticated_user]
live "/posts/room/:id", PostLive.Index, :index
live "/posts/new", PostLive.Index, :new
live "/posts/:id/edit", PostLive.Index, :edit
live "/room/:room_id", PostLive.Index, :index
live "/room/:room_id/posts/new", PostLive.Index, :new
live "/room/:room_id/posts/:id/edit", PostLive.Index, :edit
live "/posts/:id", PostLive.Show, :show
live "/posts/:id/show/edit", PostLive.Show, :edit
live "/room/:room_id/posts/:id", PostLive.Show, :show
live "/room/:room_id/posts/:id/show/edit", PostLive.Show, :edit
end
# Other scopes may use custom stacks.