Intended
/
Entendu
1
0
Fork 0
Code Issues 12 Pull Requests Projects 2 Releases Wiki Activity
Entendu/lib/entendu_web/plugs/authorize_link.ex

57 lines
1.4 KiB
Elixir
Raw Blame History

defmodule EntenduWeb.Plugs.AuthorizeLink do
import Plug.Conn
use EntenduWeb, :controller
alias Entendu.UserFromAuth
alias Entendu.Links
alias Entendu.Links.Link
alias EntenduWeb.ErrorView
def init(_params) do
end
defp get_link_id(%{params: %{"id" => link_id}}), do: link_id
defp get_link_id(%{params: %{"path" => [_, link_id, _]}}), do: link_id
def call(conn, _params) do
link_id = get_link_id(conn)
user = get_session(conn, :current_user)
if !user do
conn
|> put_status(403)
|> put_view(ErrorView)
|> render("error_code.json", message: "Unauthorized", code: 403)
|> halt
else
with %Link{recipient: recipient} = link <- Links.get_link(link_id),
true <- UserFromAuth.can_access?(recipient, user) do
conn
|> assign(:link, link)
else
nil ->
conn
|> put_status(404)
|> put_view(ErrorView)
|> render("error_code.json", message: "Link could not be found", code: 404)
|> halt
false ->
conn
|> put_status(403)
|> put_view(ErrorView)
|> render("error_code.json", message: "Unauthorized", code: 403)
|> halt
{:error, reason} ->
conn
|> put_status(422)
|> put_view(ErrorView)
|> render("error_code.json", message: reason, code: 422)
|> halt
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink