From 7646f023395a6309436b8c50266d8b280cba792b Mon Sep 17 00:00:00 2001
From: Muhammad Rafif Elfazri <rafif.elfazri@gmail.com>
Date: Fri, 8 Jan 2021 14:26:47 +0700
Subject: [PATCH] any thread DB Changes Must have Auth Bearer
---
.../lib/diskuy_web/controllers/thread_controller.ex | 12 +++++++++---
.../lib/diskuy_web/controllers/user_controller.ex | 5 +++++
diskuy_back/lib/diskuy_web/router.ex | 8 +++++++-
3 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/diskuy_back/lib/diskuy_web/controllers/thread_controller.ex b/diskuy_back/lib/diskuy_web/controllers/thread_controller.ex
index 244aebe..0dc0736 100644
--- a/diskuy_back/lib/diskuy_web/controllers/thread_controller.ex
+++ b/diskuy_back/lib/diskuy_web/controllers/thread_controller.ex
@@ -3,6 +3,7 @@ defmodule DiskuyWeb.ThreadController do
alias Diskuy.Forum
alias Diskuy.Forum.Thread
+ alias DiskuyWeb.Auth.Guardian
action_fallback DiskuyWeb.FallbackController
@@ -12,7 +13,8 @@ defmodule DiskuyWeb.ThreadController do
end
def create(conn, %{"thread" => thread_params}) do
- with {:ok, %Thread{} = thread} <- Forum.create_thread(thread_params) do
+ new_params = put_user_id(conn, %{"thread" => thread_params})
+ with {:ok, %Thread{} = thread} <- Forum.create_thread(new_params) do
conn
|> put_status(:created)
|> put_resp_header("location", Routes.thread_path(conn, :show, thread))
@@ -27,7 +29,6 @@ defmodule DiskuyWeb.ThreadController do
def update(conn, %{"id" => id, "thread" => thread_params}) do
thread = Forum.get_thread!(id)
-
with {:ok, %Thread{} = thread} <- Forum.update_thread(thread, thread_params) do
render(conn, "show.json", thread: thread)
end
@@ -35,9 +36,14 @@ defmodule DiskuyWeb.ThreadController do
def delete(conn, %{"id" => id}) do
thread = Forum.get_thread!(id)
-
with {:ok, %Thread{}} <- Forum.delete_thread(thread) do
send_resp(conn, :no_content, "")
end
end
+
+ defp put_user_id(conn, %{"thread" => thread_params}) do
+ current_user = Guardian.Plug.current_resource(conn)
+ new_params = Map.put(thread_params, "user_id", current_user.id)
+ new_params
+ end
end
diff --git a/diskuy_back/lib/diskuy_web/controllers/user_controller.ex b/diskuy_back/lib/diskuy_web/controllers/user_controller.ex
index 0ca76a1..7109731 100644
--- a/diskuy_back/lib/diskuy_web/controllers/user_controller.ex
+++ b/diskuy_back/lib/diskuy_web/controllers/user_controller.ex
@@ -36,6 +36,11 @@ defmodule DiskuyWeb.UserController do
end
end
+ def currentuser(conn, _params) do
+ current_user = Guardian.Plug.current_resource(conn)
+ render(conn, "show.json", user: current_user)
+ end
+
def delete(conn, %{"id" => id}) do
user = Account.get_user!(id)
diff --git a/diskuy_back/lib/diskuy_web/router.ex b/diskuy_back/lib/diskuy_web/router.ex
index 42f2742..394ea7b 100644
--- a/diskuy_back/lib/diskuy_web/router.ex
+++ b/diskuy_back/lib/diskuy_web/router.ex
@@ -10,6 +10,12 @@ defmodule DiskuyWeb.Router do
plug :accepts, ["json"]
end
+ scope "/api", DiskuyWeb do
+ pipe_through [:api, :auth]
+ get "/current", UserController, :currentuser
+ resources "/threads", ThreadController, except: [:new, :edit, :show, :index]
+ end
+
scope "/api", DiskuyWeb do
pipe_through :api
# resources "/users", UserController, except: [:new, :edit]
@@ -18,7 +24,7 @@ defmodule DiskuyWeb.Router do
resources "/topics", TopicController, except: [:new, :edit]
options "/topics", TopicController, :options
options "/topics/:id", TopicController, :options
- resources "/threads", ThreadController, except: [:new, :edit]
+ resources "/threads", ThreadController, except: [:new, :edit, :create, :update, :delete]
options "/threads", ThreadController, :options
options "/threads/:id", ThreadController, :options
resources "/post", PostController, except: [:new, :edit]
--
GitLab