Add room id to routes and fix authorization on said routes

2022-04-13 14:17:28 -06:00 · 2022-04-13 14:17:28 -06:00 · 51298ea998
commit 51298ea998
parent 77d572796c
7 changed files with 53 additions and 49 deletions
--- a/lib/aggiedit_web/live/post_live/form_component.ex
+++ b/lib/aggiedit_web/live/post_live/form_component.ex
@ -14,9 +14,7 @@ defmodule AggieditWeb.PostLive.FormComponent do
    {:ok,
     socket
     |> assign(assigns)
-     |> assign(:changeset, changeset)
-     |> assign(:current_user, current_user)
-     |> assign(:uploaded_files, [])
+     |> assign(%{changeset: changeset, current_user: current_user, uploaded_files: []})
     |> allow_upload(:upload, accept: ~w(.jpg .jpeg .png .gif), max_entries: 1)
    }
  end
--- a/lib/aggiedit_web/live/post_live/helper.ex
+++ b/lib/aggiedit_web/live/post_live/helper.ex
@ -0,0 +1,18 @@
+defmodule AggieditWeb.PostLive.Helper do
+  use AggieditWeb, :live_view
+  alias Aggiedit.Rooms
+  alias Aggiedit.Roles
+
+  def assign_socket_room_and_user_or_error(%{"room_id" => room_id}=params, session, socket) do
+    socket = assign_socket_user(session, socket)
+    case socket.assigns do
+      %{:current_user => user} -> 
+        room = Rooms.get_room!(room_id)
+        case Roles.guard?(socket.assigns.current_user, :index, room) do
+          true -> {:ok, assign(socket, %{:room => room})}
+          _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
+        end
+      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
+    end
+  end
+end
--- a/lib/aggiedit_web/live/post_live/index.ex
+++ b/lib/aggiedit_web/live/post_live/index.ex
@ -8,31 +8,27 @@ defmodule AggieditWeb.PostLive.Index do
  alias Aggiedit.Repo

  @impl true
-  def mount(%{"id" => room_id} = params, session, socket) do
-    socket = assign_socket_user(session, socket)
+  def mount(%{"room_id" => room_id} = params, session, socket) do
+    {:ok, socket} = AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
+#    if !is_nil(socket.assigns[:room]) do
+#      {:ok, assign(socket, %{:posts => socket.assigns.room |> Repo.preload(:posts) |> Map.get(:posts)})}
+#    else 
+#      {:ok, socket}
+#    end
    case socket.assigns do
-      %{:current_user => user} -> 
-        room = Rooms.get_room!(room_id)
-        case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do
-          true -> {:ok, assign(socket, :posts, list_posts(room))}
-          _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
-        end
-      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
+      %{:room => room} -> 
+        {:ok, assign(socket, %{:posts => room |> Repo.preload(:posts) |> Map.get(:posts)})}
+      _ -> {:ok, socket}
    end
-
  end

  @impl true
  def handle_params(%{"id" => id}=params, _url, socket) do
-    if socket.assigns.live_action != :index do
-      post = Rooms.get_post!(id)
-      if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
-        {:noreply, apply_action(socket, socket.assigns.live_action, params)}
-      else
-        {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
-      end
+    post = Rooms.get_post!(id)
+    if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
+      {:noreply, apply_action(socket, socket.assigns.live_action, params)}
    else
-      {:noreply, socket}
+      {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
    end
  end

@ -65,13 +61,9 @@ defmodule AggieditWeb.PostLive.Index do
    post = Rooms.get_post!(id)
    if Roles.guard?(socket.assigns.current_user, :delete, post) do
      Rooms.delete_post(post)
-      {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index))}
+      {:noreply, socket |> put_flash(:success, "Post deleted.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
    else
-      {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
+      {:noreply, socket |> put_flash(:error, "You do not have permission to delete this post.") |> redirect(to: Routes.post_index_path(socket, :index, socket.assigns.room))}
    end
  end
-
-  defp list_posts(%Room{id: room_id}) do
-    Rooms.posts_in_room(room_id)
-  end
 end
--- a/lib/aggiedit_web/live/post_live/index.html.heex
+++ b/lib/aggiedit_web/live/post_live/index.html.heex
@ -1,7 +1,7 @@
 <h1>Listing Posts</h1>

 <%= if @live_action in [:new, :edit] do %>
-  <.modal return_to={Routes.post_index_path(@socket, :index)}>
+  <.modal return_to={Routes.post_index_path(@socket, :index, @room)}>
    <.live_component
      current_user={@current_user}
      module={AggieditWeb.PostLive.FormComponent}
@ -9,7 +9,7 @@
      title={@page_title}
      action={@live_action}
      post={@post}
-      return_to={Routes.post_index_path(@socket, :index)}
+      return_to={Routes.post_index_path(@socket, :index, @room)}
    />
  </.modal>
 <% end %>
@ -30,8 +30,8 @@
        <td><%= post.body %></td>

        <td>
-          <span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, post) %></span>
-          <span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, post) %></span>
+          <span><%= live_redirect "Show", to: Routes.post_show_path(@socket, :show, @room, post) %></span>
+          <span><%= live_patch "Edit", to: Routes.post_index_path(@socket, :edit, @room, post) %></span>
          <span><%= link "Delete", to: "#", phx_click: "delete", phx_value_id: post.id, data: [confirm: "Are you sure?"] %></span>
        </td>
      </tr>
@ -39,4 +39,4 @@
  </tbody>
 </table>

-<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new) %></span>
+<span><%= live_patch "New Post", to: Routes.post_index_path(@socket, :new, @room) %></span>
--- a/lib/aggiedit_web/live/post_live/show.ex
+++ b/lib/aggiedit_web/live/post_live/show.ex
@ -6,16 +6,12 @@ defmodule AggieditWeb.PostLive.Show do
  alias Aggiedit.Repo

  @impl true
-  def mount(_params, session, socket) do
-    socket = assign_socket_user(session, socket)
-    case socket.assigns do
-      %{:current_user => user} -> {:ok, socket}
-      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
-    end
+  def mount(%{"room_id" => room_id} = params, session, socket) do
+    AggieditWeb.PostLive.Helper.assign_socket_room_and_user_or_error(params, session, socket)
  end

  @impl true
-  def handle_params(%{"id" => id}, _, socket) do
+  def handle_params(%{"id" => id}=params, _, socket) do
    post = Rooms.get_post!(id)
    |> Repo.preload(:upload)
    if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
@ -24,7 +20,7 @@ defmodule AggieditWeb.PostLive.Show do
      |> assign(:page_title, page_title(socket.assigns.live_action))
      |> assign(:post, post)}
    else
-      {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))}
+      {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :show, socket.assigns.room, post))}
    end
  end

--- a/lib/aggiedit_web/live/post_live/show.html.heex
+++ b/lib/aggiedit_web/live/post_live/show.html.heex
@ -1,7 +1,7 @@
 <h1>Show Post</h1>

 <%= if @live_action in [:edit] do %>
-  <.modal return_to={Routes.post_show_path(@socket, :show, @post)}>
+  <.modal return_to={Routes.post_show_path(@socket, :show, @room, @post)}>
    <.live_component
      module={AggieditWeb.PostLive.FormComponent}
      id={@post.id}
@ -9,7 +9,7 @@
      title={@page_title}
      action={@live_action}
      post={@post}
-      return_to={Routes.post_show_path(@socket, :show, @post)}
+      return_to={Routes.post_show_path(@socket, :show, @room, @post)}
    />
  </.modal>
 <% end %>
@ -28,5 +28,5 @@

 </ul>

-<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @post), class: "button" %></span> |
-<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index) %></span>
+<span><%= live_patch "Edit", to: Routes.post_show_path(@socket, :edit, @room, @post), class: "button" %></span> |
+<span><%= live_redirect "Back", to: Routes.post_index_path(@socket, :index, @room) %></span>
--- a/lib/aggiedit_web/router.ex
+++ b/lib/aggiedit_web/router.ex
@ -25,12 +25,12 @@ defmodule AggieditWeb.Router do

  scope "/", AggieditWeb do
    pipe_through [:browser, :require_authenticated_user]
-    live "/posts/room/:id", PostLive.Index, :index
-    live "/posts/new", PostLive.Index, :new
-    live "/posts/:id/edit", PostLive.Index, :edit
+    live "/room/:room_id", PostLive.Index, :index
+    live "/room/:room_id/posts/new", PostLive.Index, :new
+    live "/room/:room_id/posts/:id/edit", PostLive.Index, :edit

-    live "/posts/:id", PostLive.Show, :show
-    live "/posts/:id/show/edit", PostLive.Show, :edit
+    live "/room/:room_id/posts/:id", PostLive.Show, :show
+    live "/room/:room_id/posts/:id/show/edit", PostLive.Show, :edit
  end

  # Other scopes may use custom stacks.