any thread DB Changes Must have Auth Bearer

7646f023 · Muhammad Rafif Elfazri · 35fdaed5 · 7646f023 · 7646f023 · 7646f023
Commit 7646f023 authored Jan 08, 2021 by Muhammad Rafif Elfazri
--- a/diskuy_back/lib/diskuy_web/controllers/thread_controller.ex
+++ b/diskuy_back/lib/diskuy_web/controllers/thread_controller.ex
@@ -3,6 +3,7 @@ defmodule DiskuyWeb.ThreadController do
  alias Diskuy.Forum
  alias Diskuy.Forum.Thread
+  alias DiskuyWeb.Auth.Guardian
  action_fallback DiskuyWeb.FallbackController
@@ -12,7 +13,8 @@ defmodule DiskuyWeb.ThreadController do
  end
  def create(conn, %{"thread" => thread_params}) do
-    with {:ok, %Thread{} = thread} <- Forum.create_thread(thread_params) do
+    new_params = put_user_id(conn, %{"thread" => thread_params})
+    with {:ok, %Thread{} = thread} <- Forum.create_thread(new_params) do
      conn
      |> put_status(:created)
      |> put_resp_header("location", Routes.thread_path(conn, :show, thread))
@@ -27,7 +29,6 @@ defmodule DiskuyWeb.ThreadController do
  def update(conn, %{"id" => id, "thread" => thread_params}) do
    thread = Forum.get_thread!(id)
    with {:ok, %Thread{} = thread} <- Forum.update_thread(thread, thread_params) do
      render(conn, "show.json", thread: thread)
    end
@@ -35,9 +36,14 @@ defmodule DiskuyWeb.ThreadController do
  def delete(conn, %{"id" => id}) do
    thread = Forum.get_thread!(id)
    with {:ok, %Thread{}} <- Forum.delete_thread(thread) do
      send_resp(conn, :no_content, "")
    end
  end
+  defp put_user_id(conn, %{"thread" => thread_params}) do
+    current_user = Guardian.Plug.current_resource(conn)
+    new_params = Map.put(thread_params, "user_id", current_user.id)
+    new_params
+  end
 end
--- a/diskuy_back/lib/diskuy_web/controllers/user_controller.ex
+++ b/diskuy_back/lib/diskuy_web/controllers/user_controller.ex
@@ -36,6 +36,11 @@ defmodule DiskuyWeb.UserController do
    end
  end
+  def currentuser(conn, _params) do
+    current_user = Guardian.Plug.current_resource(conn)
+    render(conn, "show.json", user: current_user)
+  end
  def delete(conn, %{"id" => id}) do
    user = Account.get_user!(id)

--- a/diskuy_back/lib/diskuy_web/router.ex
+++ b/diskuy_back/lib/diskuy_web/router.ex
@@ -10,6 +10,12 @@ defmodule DiskuyWeb.Router do
    plug :accepts, ["json"]
  end
+  scope "/api", DiskuyWeb do
+    pipe_through [:api, :auth]
+    get "/current", UserController, :currentuser
+    resources "/threads", ThreadController, except: [:new, :edit, :show, :index]
+  end
  scope "/api", DiskuyWeb do
    pipe_through :api
    # resources "/users", UserController, except: [:new, :edit]
@@ -18,7 +24,7 @@ defmodule DiskuyWeb.Router do
    resources "/topics", TopicController, except: [:new, :edit]
    options   "/topics", TopicController, :options
    options   "/topics/:id", TopicController, :options
-    resources "/threads", ThreadController, except: [:new, :edit]
+    resources "/threads", ThreadController, except: [:new, :edit, :create, :update, :delete]
    options   "/threads", ThreadController, :options
    options   "/threads/:id", ThreadController, :options
    resources "/post", PostController, except: [:new, :edit]