Update roles and list posts from room

This commit is contained in:
Logan Hunt 2022-04-13 13:13:41 -06:00
parent 9d5a369ff6
commit 77d572796c
Signed by untrusted user who does not match committer: simponic
GPG Key ID: 52B3774857EB24B1
5 changed files with 29 additions and 21 deletions

View File

@ -1,10 +1,13 @@
defmodule Aggiedit.Roles do defmodule Aggiedit.Roles do
alias Aggiedit.Accounts.User alias Aggiedit.Accounts.User
alias Aggiedit.Rooms.Post alias Aggiedit.Rooms.Post
alias Aggiedit.Rooms.Room
def guard?(user, action, object) def guard?(user, action, object)
def guard?(%User{role: :admin}, _, _), do: true def guard?(%User{role: :admin}, _, _), do: true
def guard?(%User{room_id: rid}, :index, %Room{id: rid}), do: true
def guard?(%User{room_id: rid}, :show, %Post{room_id: rid}), do: true def guard?(%User{room_id: rid}, :show, %Post{room_id: rid}), do: true
def guard?(%User{id: id, room_id: rid}, action, %Post{user_id: id, room_id: rid}) when action in [:delete, :edit], do: true def guard?(%User{id: id, room_id: rid}, action, %Post{user_id: id, room_id: rid}) when action in [:delete, :edit], do: true
def guard?(_, _, _), do: false def guard?(_, _, _), do: false
end end

View File

@ -112,19 +112,14 @@ defmodule Aggiedit.Rooms do
alias Aggiedit.Rooms.Post alias Aggiedit.Rooms.Post
@doc """
Returns the list of posts.
## Examples
iex> list_posts()
[%Post{}, ...]
"""
def list_posts do def list_posts do
Repo.all(Post) Repo.all(Post)
end end
def posts_in_room(room_id) do
Repo.all((from p in Post, where: p.room_id == ^room_id, select: p))
end
@doc """ @doc """
Gets a single post. Gets a single post.

View File

@ -1,28 +1,39 @@
defmodule AggieditWeb.PostLive.Index do defmodule AggieditWeb.PostLive.Index do
use AggieditWeb, :live_view use AggieditWeb, :live_view
alias Aggiedit.Accounts.User
alias Aggiedit.Roles alias Aggiedit.Roles
alias Aggiedit.Rooms alias Aggiedit.Rooms
alias Aggiedit.Rooms.Post alias Aggiedit.Rooms.{Post, Room}
alias Aggiedit.Repo alias Aggiedit.Repo
@impl true @impl true
def mount(_params, session, socket) do def mount(%{"id" => room_id} = params, session, socket) do
socket = assign_socket_user(session, socket) socket = assign_socket_user(session, socket)
case socket.assigns do case socket.assigns do
%{:current_user => user} -> {:ok, assign(socket, :posts, list_posts())} %{:current_user => user} ->
room = Rooms.get_room!(room_id)
case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do
true -> {:ok, assign(socket, :posts, list_posts(room))}
_ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
end
_ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))} _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
end end
end end
@impl true @impl true
def handle_params(%{"id" => id}=params, _url, socket) do def handle_params(%{"id" => id}=params, _url, socket) do
if socket.assigns.live_action != :index do
post = Rooms.get_post!(id) post = Rooms.get_post!(id)
if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
{:noreply, apply_action(socket, socket.assigns.live_action, params)} {:noreply, apply_action(socket, socket.assigns.live_action, params)}
else else
{:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))} {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
end end
else
{:noreply, socket}
end
end end
@impl true @impl true
@ -31,7 +42,6 @@ defmodule AggieditWeb.PostLive.Index do
{:noreply, apply_action(socket, socket.assigns.live_action, params)} {:noreply, apply_action(socket, socket.assigns.live_action, params)}
end end
defp apply_action(socket, :edit, %{"id" => id}=params) do defp apply_action(socket, :edit, %{"id" => id}=params) do
socket socket
|> assign(:page_title, "Edit Post") |> assign(:page_title, "Edit Post")
@ -61,7 +71,7 @@ defmodule AggieditWeb.PostLive.Index do
end end
end end
defp list_posts do defp list_posts(%Room{id: room_id}) do
Rooms.list_posts() Rooms.posts_in_room(room_id)
end end
end end

View File

@ -24,7 +24,7 @@ defmodule AggieditWeb.PostLive.Show do
|> assign(:page_title, page_title(socket.assigns.live_action)) |> assign(:page_title, page_title(socket.assigns.live_action))
|> assign(:post, post)} |> assign(:post, post)}
else else
{:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :index))} {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))}
end end
end end

View File

@ -25,7 +25,7 @@ defmodule AggieditWeb.Router do
scope "/", AggieditWeb do scope "/", AggieditWeb do
pipe_through [:browser, :require_authenticated_user] pipe_through [:browser, :require_authenticated_user]
live "/posts", PostLive.Index, :index live "/posts/room/:id", PostLive.Index, :index
live "/posts/new", PostLive.Index, :new live "/posts/new", PostLive.Index, :new
live "/posts/:id/edit", PostLive.Index, :edit live "/posts/:id/edit", PostLive.Index, :edit