From a4e7016a6cef3f3ac110c0b91cd001a500a084a8 Mon Sep 17 00:00:00 2001
From: Muhammad Rafif Elfazri <rafif.elfazri@gmail.com>
Date: Fri, 19 Feb 2021 15:10:33 +0700
Subject: [PATCH] Add resctriction only admin could delete topic

---
 lib/diskuy_web/controllers/topic_controller.ex | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/diskuy_web/controllers/topic_controller.ex b/lib/diskuy_web/controllers/topic_controller.ex
index a2b24f7..60e41a5 100644
--- a/lib/diskuy_web/controllers/topic_controller.ex
+++ b/lib/diskuy_web/controllers/topic_controller.ex
@@ -40,8 +40,9 @@ defmodule DiskuyWeb.TopicController do
 
   def delete(conn, %{"id" => id}) do
     topic = Forum.get_topic_by_name!(id)
-
-    with {:ok, %Topic{}} <- Forum.delete_topic(topic) do
+    current_user = Guardian.Plug.current_resource(conn)
+    with {:ok, :authorized} <- Guardian.check_admin(current_user),
+         {:ok, %Topic{}} <- Forum.delete_topic(topic) do
       send_resp(conn, :no_content, "")
     end
   end
-- 
GitLab