From 993d583fddebf37e6b01a470139d201ceccba77a Mon Sep 17 00:00:00 2001
From: shibao <shibao@bubbletea.dev>
Date: Fri, 11 Feb 2022 22:37:58 -0500
Subject: [PATCH] redirect if user is not authorized

---
 lib/cannery_web/live/invite_live/index.ex | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/cannery_web/live/invite_live/index.ex b/lib/cannery_web/live/invite_live/index.ex
index 85e8d95c..c1b8f11d 100644
--- a/lib/cannery_web/live/invite_live/index.ex
+++ b/lib/cannery_web/live/invite_live/index.ex
@@ -7,10 +7,22 @@ defmodule CanneryWeb.InviteLive.Index do
 
   alias Cannery.Invites
   alias Cannery.Invites.Invite
+  alias CanneryWeb.{Endpoint, HomeLive}
 
   @impl true
   def mount(_params, session, socket) do
-    {:ok, socket |> assign_defaults(session) |> display_invites()}
+    %{assigns: %{current_user: current_user}} = socket = socket |> assign_defaults(session)
+
+    socket =
+      if current_user |> Map.get(:role) == :admin do
+        socket |> display_invites()
+      else
+        prompt = dgettext("errors", "You are not authorized to view this page")
+        return_to = Routes.live_path(Endpoint, HomeLive)
+        socket |> put_flash(:error, prompt) |> push_redirect(to: return_to)
+      end
+
+    {:ok, socket}
   end
 
   @impl true