Ensure authorisation rules on properties liveviews
This commit is contained in:
parent
41d852b06a
commit
50fdc5f6f3
2 changed files with 52 additions and 9 deletions
|
@ -3,16 +3,29 @@ defmodule RealEstateWeb.PropertyLive.Index do
|
||||||
|
|
||||||
alias RealEstate.Properties
|
alias RealEstate.Properties
|
||||||
alias RealEstate.Properties.Property
|
alias RealEstate.Properties.Property
|
||||||
|
alias RealEstateWeb.Roles
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def mount(_params, session, socket) do
|
def mount(_params, session, socket) do
|
||||||
socket = assign_defaults(session, socket)
|
socket = assign_defaults(session, socket)
|
||||||
{:ok, assign(socket, :properties, list_properties())}
|
{:ok, assign(socket, :properties, [])}
|
||||||
end
|
end
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def handle_params(params, _url, socket) do
|
def handle_params(params, _url, socket) do
|
||||||
{:noreply, apply_action(socket, socket.assigns.live_action, params)}
|
current_user = socket.assigns.current_user
|
||||||
|
live_action = socket.assigns.live_action
|
||||||
|
property = property_from_params(params)
|
||||||
|
|
||||||
|
if Roles.can?(current_user, property, live_action) do
|
||||||
|
socket = assign(socket, :properties, list_properties())
|
||||||
|
{:noreply, apply_action(socket, live_action, params)}
|
||||||
|
else
|
||||||
|
{:noreply,
|
||||||
|
socket
|
||||||
|
|> put_flash(:error, "Unauthorised")
|
||||||
|
|> redirect(to: "/")}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp apply_action(socket, :edit, %{"id" => id}) do
|
defp apply_action(socket, :edit, %{"id" => id}) do
|
||||||
|
@ -35,11 +48,28 @@ defmodule RealEstateWeb.PropertyLive.Index do
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def handle_event("delete", %{"id" => id}, socket) do
|
def handle_event("delete", %{"id" => id}, socket) do
|
||||||
|
current_user = socket.assigns.current_user
|
||||||
|
property = Properties.get_property!(id)
|
||||||
|
|
||||||
|
if RealEstateWeb.Roles.can?(current_user, property, :delete) do
|
||||||
property = Properties.get_property!(id)
|
property = Properties.get_property!(id)
|
||||||
{:ok, _} = Properties.delete_property(property)
|
{:ok, _} = Properties.delete_property(property)
|
||||||
|
|
||||||
{:noreply, assign(socket, :properties, list_properties())}
|
{:noreply, assign(socket, :properties, list_properties())}
|
||||||
|
else
|
||||||
|
{:noreply,
|
||||||
|
socket
|
||||||
|
|> put_flash(:error, "Unauthorised")
|
||||||
|
|> redirect(to: "/")}
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp property_from_params(params)
|
||||||
|
|
||||||
|
defp property_from_params(%{"id" => id}),
|
||||||
|
do: Properties.get_property!(id)
|
||||||
|
|
||||||
|
defp property_from_params(_params), do: %Property{}
|
||||||
|
|
||||||
defp list_properties do
|
defp list_properties do
|
||||||
Properties.list_properties()
|
Properties.list_properties()
|
||||||
|
|
|
@ -2,18 +2,31 @@ defmodule RealEstateWeb.PropertyLive.Show do
|
||||||
use RealEstateWeb, :live_view
|
use RealEstateWeb, :live_view
|
||||||
|
|
||||||
alias RealEstate.Properties
|
alias RealEstate.Properties
|
||||||
|
alias RealEstateWeb.Roles
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def mount(_params, _session, socket) do
|
def mount(_params, session, socket) do
|
||||||
|
socket = assign_defaults(session, socket)
|
||||||
{:ok, socket}
|
{:ok, socket}
|
||||||
end
|
end
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def handle_params(%{"id" => id}, _, socket) do
|
def handle_params(%{"id" => id}, _, socket) do
|
||||||
|
current_user = socket.assigns.current_user
|
||||||
|
live_action = socket.assigns.live_action
|
||||||
|
property = Properties.get_property!(id)
|
||||||
|
|
||||||
|
if Roles.can?(current_user, property, live_action) do
|
||||||
{:noreply,
|
{:noreply,
|
||||||
socket
|
socket
|
||||||
|> assign(:page_title, page_title(socket.assigns.live_action))
|
|> assign(:property, property)
|
||||||
|> assign(:property, Properties.get_property!(id))}
|
|> assign(:page_title, page_title(live_action))}
|
||||||
|
else
|
||||||
|
{:noreply,
|
||||||
|
socket
|
||||||
|
|> put_flash(:error, "Unauthorised")
|
||||||
|
|> redirect(to: "/")}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp page_title(:show), do: "Show Property"
|
defp page_title(:show), do: "Show Property"
|
||||||
|
|
Loading…
Reference in a new issue