Update roles and list posts from room

2022-04-13 13:13:41 -06:00 · 2022-04-13 13:13:41 -06:00 · 77d572796c
commit 77d572796c
parent 9d5a369ff6
5 changed files with 29 additions and 21 deletions
--- a/lib/aggiedit/roles.ex
+++ b/lib/aggiedit/roles.ex
@ -1,10 +1,13 @@
 defmodule Aggiedit.Roles do
  alias Aggiedit.Accounts.User
  alias Aggiedit.Rooms.Post
+  alias Aggiedit.Rooms.Room

  def guard?(user, action, object)
  def guard?(%User{role: :admin}, _, _), do: true
+  def guard?(%User{room_id: rid}, :index, %Room{id: rid}), do: true
  def guard?(%User{room_id: rid}, :show, %Post{room_id: rid}), do: true
  def guard?(%User{id: id, room_id: rid}, action, %Post{user_id: id, room_id: rid}) when action in [:delete, :edit], do: true
  def guard?(_, _, _), do: false
+
 end
--- a/lib/aggiedit/rooms.ex
+++ b/lib/aggiedit/rooms.ex
@ -112,19 +112,14 @@ defmodule Aggiedit.Rooms do

  alias Aggiedit.Rooms.Post

-  @doc """
-  Returns the list of posts.
-
-  ## Examples
-
-      iex> list_posts()
-      [%Post{}, ...]
-
-  """
  def list_posts do
    Repo.all(Post)
  end

+  def posts_in_room(room_id) do
+    Repo.all((from p in Post, where: p.room_id == ^room_id, select: p))
+  end
+
  @doc """
  Gets a single post.

--- a/lib/aggiedit_web/live/post_live/index.ex
+++ b/lib/aggiedit_web/live/post_live/index.ex
@ -1,27 +1,38 @@
 defmodule AggieditWeb.PostLive.Index do
  use AggieditWeb, :live_view

+  alias Aggiedit.Accounts.User
  alias Aggiedit.Roles
  alias Aggiedit.Rooms
-  alias Aggiedit.Rooms.Post
+  alias Aggiedit.Rooms.{Post, Room}
  alias Aggiedit.Repo

  @impl true
-  def mount(_params, session, socket) do
+  def mount(%{"id" => room_id} = params, session, socket) do
    socket = assign_socket_user(session, socket)
    case socket.assigns do
-      %{:current_user => user} -> {:ok, assign(socket, :posts, list_posts())}
+      %{:current_user => user} -> 
+        room = Rooms.get_room!(room_id)
+        case Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, room) do
+          true -> {:ok, assign(socket, :posts, list_posts(room))}
+          _ -> {:ok, socket |> put_flash(:error, "You cannot view that room") |> redirect(to: Routes.page_path(socket, :index))}
+        end
      _ -> {:ok, socket |> put_flash(:error, "You must log in to access this page.") |> redirect(to: Routes.user_session_path(socket, :new))}
    end
+
  end

  @impl true
  def handle_params(%{"id" => id}=params, _url, socket) do
-    post = Rooms.get_post!(id)
-    if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
-      {:noreply, apply_action(socket, socket.assigns.live_action, params)}
+    if socket.assigns.live_action != :index do
+      post = Rooms.get_post!(id)
+      if Roles.guard?(socket.assigns.current_user, socket.assigns.live_action, post) do
+        {:noreply, apply_action(socket, socket.assigns.live_action, params)}
+      else
+        {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
+      end
    else
-      {:noreply, socket |> put_flash(:error, "You do not have permission to edit this post.") |> redirect(to: Routes.post_index_path(socket, :index))}
+      {:noreply, socket}
    end
  end

@ -31,7 +42,6 @@ defmodule AggieditWeb.PostLive.Index do
    {:noreply, apply_action(socket, socket.assigns.live_action, params)}
  end

-
  defp apply_action(socket, :edit, %{"id" => id}=params) do
    socket
    |> assign(:page_title, "Edit Post")
@ -61,7 +71,7 @@ defmodule AggieditWeb.PostLive.Index do
    end
  end

-  defp list_posts do
-    Rooms.list_posts()
+  defp list_posts(%Room{id: room_id}) do
+    Rooms.posts_in_room(room_id)
  end
 end
--- a/lib/aggiedit_web/live/post_live/show.ex
+++ b/lib/aggiedit_web/live/post_live/show.ex
@ -24,7 +24,7 @@ defmodule AggieditWeb.PostLive.Show do
      |> assign(:page_title, page_title(socket.assigns.live_action))
      |> assign(:post, post)}
    else
-      {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, :index))}
+      {:noreply, socket |> put_flash(:error, "You don't have permission to do that.") |> redirect(to: Routes.post_show_path(socket, post))}
    end
  end

--- a/lib/aggiedit_web/router.ex
+++ b/lib/aggiedit_web/router.ex
@ -25,7 +25,7 @@ defmodule AggieditWeb.Router do

  scope "/", AggieditWeb do
    pipe_through [:browser, :require_authenticated_user]
-    live "/posts", PostLive.Index, :index
+    live "/posts/room/:id", PostLive.Index, :index
    live "/posts/new", PostLive.Index, :new
    live "/posts/:id/edit", PostLive.Index, :edit