Ensure authorisation rules on properties liveviews
This commit is contained in:
Joao Gilberto Balsini Moura
parent
41d852b06a
commit
50fdc5f6f3
2 changed files with 52 additions and 9 deletions
|
|
@ -3,16 +3,29 @@ defmodule RealEstateWeb.PropertyLive.Index do
|
|||
|
||||
alias RealEstate.Properties
|
||||
alias RealEstate.Properties.Property
|
||||
alias RealEstateWeb.Roles
|
||||
|
||||
@impl true
|
||||
def mount(_params, session, socket) do
|
||||
socket = assign_defaults(session, socket)
|
||||
{:ok, assign(socket, :properties, list_properties())}
|
||||
{:ok, assign(socket, :properties, [])}
|
||||
end
|
||||
|
||||
@impl true
|
||||
def handle_params(params, _url, socket) do
|
||||
{:noreply, apply_action(socket, socket.assigns.live_action, params)}
|
||||
current_user = socket.assigns.current_user
|
||||
live_action = socket.assigns.live_action
|
||||
property = property_from_params(params)
|
||||
|
||||
if Roles.can?(current_user, property, live_action) do
|
||||
socket = assign(socket, :properties, list_properties())
|
||||
{:noreply, apply_action(socket, live_action, params)}
|
||||
else
|
||||
{:noreply,
|
||||
socket
|
||||
|> put_flash(:error, "Unauthorised")
|
||||
|> redirect(to: "/")}
|
||||
end
|
||||
end
|
||||
|
||||
defp apply_action(socket, :edit, %{"id" => id}) do
|
||||
|
|
@ -35,12 +48,29 @@ defmodule RealEstateWeb.PropertyLive.Index do
|
|||
|
||||
@impl true
|
||||
def handle_event("delete", %{"id" => id}, socket) do
|
||||
current_user = socket.assigns.current_user
|
||||
property = Properties.get_property!(id)
|
||||
{:ok, _} = Properties.delete_property(property)
|
||||
|
||||
{:noreply, assign(socket, :properties, list_properties())}
|
||||
if RealEstateWeb.Roles.can?(current_user, property, :delete) do
|
||||
property = Properties.get_property!(id)
|
||||
{:ok, _} = Properties.delete_property(property)
|
||||
|
||||
{:noreply, assign(socket, :properties, list_properties())}
|
||||
else
|
||||
{:noreply,
|
||||
socket
|
||||
|> put_flash(:error, "Unauthorised")
|
||||
|> redirect(to: "/")}
|
||||
end
|
||||
end
|
||||
|
||||
defp property_from_params(params)
|
||||
|
||||
defp property_from_params(%{"id" => id}),
|
||||
do: Properties.get_property!(id)
|
||||
|
||||
defp property_from_params(_params), do: %Property{}
|
||||
|
||||
defp list_properties do
|
||||
Properties.list_properties()
|
||||
end
|
||||
|
|
|
|||
|
|
@ -2,18 +2,31 @@ defmodule RealEstateWeb.PropertyLive.Show do
|
|||
use RealEstateWeb, :live_view
|
||||
|
||||
alias RealEstate.Properties
|
||||
alias RealEstateWeb.Roles
|
||||
|
||||
@impl true
|
||||
def mount(_params, _session, socket) do
|
||||
def mount(_params, session, socket) do
|
||||
socket = assign_defaults(session, socket)
|
||||
{:ok, socket}
|
||||
end
|
||||
|
||||
@impl true
|
||||
def handle_params(%{"id" => id}, _, socket) do
|
||||
{:noreply,
|
||||
socket
|
||||
|> assign(:page_title, page_title(socket.assigns.live_action))
|
||||
|> assign(:property, Properties.get_property!(id))}
|
||||
current_user = socket.assigns.current_user
|
||||
live_action = socket.assigns.live_action
|
||||
property = Properties.get_property!(id)
|
||||
|
||||
if Roles.can?(current_user, property, live_action) do
|
||||
{:noreply,
|
||||
socket
|
||||
|> assign(:property, property)
|
||||
|> assign(:page_title, page_title(live_action))}
|
||||
else
|
||||
{:noreply,
|
||||
socket
|
||||
|> put_flash(:error, "Unauthorised")
|
||||
|> redirect(to: "/")}
|
||||
end
|
||||
end
|
||||
|
||||
defp page_title(:show), do: "Show Property"
|
||||
|
|
|
|||
Loading…
Reference in a new issue