Fakultas Ilmu Komputer UI

Commit 1179de49 authored by Muhammad Rafif Elfazri's avatar Muhammad Rafif Elfazri
Browse files

Unallowed update API to update points

parent 2863f601
......@@ -32,8 +32,9 @@ defmodule DiskuyWeb.PostController do
def update(conn, %{"id" => id, "post" => post_params}) do
current_user = Guardian.Plug.current_resource(conn)
post = Forum.get_post!(id)
new_post_params = post_params |> Map.drop(["id", "points", "user_id", "thread_id"])
with {:ok, :authorized} <- Guardian.check_authorized(current_user, post.user_id),
{:ok, %Post{} = post} <- Forum.update_post(post, post_params) do
{:ok, %Post{} = post} <- Forum.update_post(post, new_post_params) do
render(conn, "show.json", post: post)
end
end
......
......@@ -32,8 +32,9 @@ defmodule DiskuyWeb.ThreadController do
def update(conn, %{"id" => id, "thread" => thread_params}) do
current_user = Guardian.Plug.current_resource(conn)
thread = Forum.get_thread!(id)
new_thread_params = thread_params |> Map.drop(["id", "points", "user_id", "topic_id"])
with {:ok, :authorized} <- Guardian.check_authorized(current_user, thread.user_id),
{:ok, %Thread{} = thread} <- Forum.update_thread(thread, thread_params) do
{:ok, %Thread{} = thread} <- Forum.update_thread(thread, new_thread_params) do
render(conn, "show.json", thread: thread)
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment