shibao/cannery
1
2
Fork 1
Code Issues 14 Pull Requests Projects 1 Releases 40 Wiki Activity

harden invites context
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
shibao
2022-02-11 00:34:29 -05:00
parent fc75948f4c
commit 71397d6b29
9 changed files with 227 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
lib/cannery/invites.ex
View File

@@ -4,8 +4,8 @@ defmodule Cannery.Invites do
"""
import Ecto.Query, warn: false
alias Ecto.Changeset
alias Cannery.{Accounts.User, Invites.Invite, Repo}
alias Ecto.Changeset
@invite_token_length 20
@@ -14,12 +14,14 @@ defmodule Cannery.Invites do
## Examples
iex> list_invites()
iex> list_invites(%User{id: 123, role: :admin})
[%Invite{}, ...]
"""
@spec list_invites() :: [Invite.t()]
def list_invites, do: Repo.all(Invite)
@spec list_invites(User.t()) :: [Invite.t()]
def list_invites(%User{role: :admin}) do
Repo.all(Invite)
end
@doc """
Gets a single invite.
@@ -28,15 +30,17 @@ defmodule Cannery.Invites do
## Examples
iex> get_invite!(123)
iex> get_invite!(123, %User{id: 123, role: :admin})
%Invite{}
iex> get_invite!(456)
iex> get_invite!(456, %User{id: 123, role: :admin})
** (Ecto.NoResultsError)
"""
@spec get_invite!(Invite.id()) :: Invite.t()
def get_invite!(id), do: Repo.get!(Invite, id)
@spec get_invite!(Invite.id(), User.t()) :: Invite.t()
def get_invite!(id, %User{role: :admin}) do
Repo.get!(Invite, id)
end
@doc """
Returns a valid invite or nil based on the attempted token
@@ -55,8 +59,9 @@ defmodule Cannery.Invites do
def get_invite_by_token(token) do
Repo.one(
from i in Invite,
from(i in Invite,
where: i.token == ^token and i.disabled_at |> is_nil()
)
)
end
@@ -86,21 +91,16 @@ defmodule Cannery.Invites do
## Examples
iex> create_invite(%User{id: "1"}, %{field: value})
iex> create_invite(%User{id: 123, role: :admin}, %{field: value})
{:ok, %Invite{}}
iex> create_invite("1", %{field: value})
{:ok, %Invite{}}
iex> create_invite(%User{id: "1"}, %{field: bad_value})
iex> create_invite(%User{id: 123, role: :admin}, %{field: bad_value})
{:error, %Changeset{}}
"""
@spec create_invite(User.t() | User.id(), attrs :: map()) ::
@spec create_invite(User.t(), attrs :: map()) ::
{:ok, Invite.t()} | {:error, Changeset.t(Invite.new_invite())}
def create_invite(%{id: user_id}, attrs), do: create_invite(user_id, attrs)
def create_invite(user_id, attrs) when not (user_id |> is_nil()) do
def create_invite(%User{id: user_id, role: :admin}, attrs) do
token =
:crypto.strong_rand_bytes(@invite_token_length)
|> Base.url_encode64()
@@ -116,43 +116,45 @@ defmodule Cannery.Invites do
## Examples
iex> update_invite(invite, %{field: new_value})
iex> update_invite(invite, %{field: new_value}, %User{id: 123, role: :admin})
{:ok, %Invite{}}
iex> update_invite(invite, %{field: bad_value})
iex> update_invite(invite, %{field: bad_value}, %User{id: 123, role: :admin})
{:error, %Changeset{}}
"""
@spec update_invite(Invite.t(), attrs :: map()) ::
@spec update_invite(Invite.t(), attrs :: map(), User.t()) ::
{:ok, Invite.t()} | {:error, Changeset.t(Invite.t())}
def update_invite(invite, attrs), do: invite |> Invite.changeset(attrs) |> Repo.update()
def update_invite(invite, attrs, %User{role: :admin}),
do: invite |> Invite.changeset(attrs) |> Repo.update()
@doc """
Deletes a invite.
## Examples
iex> delete_invite(invite)
iex> delete_invite(invite, %User{id: 123, role: :admin})
{:ok, %Invite{}}
iex> delete_invite(invite)
iex> delete_invite(invite, %User{id: 123, role: :admin})
{:error, %Changeset{}}
"""
@spec delete_invite(Invite.t()) :: {:ok, Invite.t()} | {:error, Changeset.t(Invite.t())}
def delete_invite(invite), do: invite |> Repo.delete()
@spec delete_invite(Invite.t(), User.t()) ::
{:ok, Invite.t()} | {:error, Changeset.t(Invite.t())}
def delete_invite(invite, %User{role: :admin}), do: invite |> Repo.delete()
@doc """
Deletes a invite.
## Examples
iex> delete_invite(invite)
iex> delete_invite(invite, %User{id: 123, role: :admin})
%Invite{}
"""
@spec delete_invite!(Invite.t()) :: Invite.t()
def delete_invite!(invite), do: invite |> Repo.delete!()
@spec delete_invite!(Invite.t(), User.t()) :: Invite.t()
def delete_invite!(invite, %User{role: :admin}), do: invite |> Repo.delete!()
@doc """
Returns an `%Changeset{}` for tracking invite changes.

4
lib/cannery_web/live/ammo_group_live/form_component.ex
View File

@@ -4,8 +4,8 @@ defmodule CanneryWeb.AmmoGroupLive.FormComponent do
"""
use CanneryWeb, :live_component
alias Cannery.{Ammo, Accounts.User, Containers, Containers.Container}
alias Cannery.Ammo.{AmmoType, AmmoGroup}
alias Cannery.Ammo.{AmmoGroup, AmmoType}
alias Cannery.{Accounts.User, Ammo, Containers, Containers.Container}
alias Ecto.Changeset
alias Phoenix.LiveView.Socket

70
lib/cannery_web/live/invite_live/form_component.ex
View File

@@ -14,22 +14,20 @@ defmodule CanneryWeb.InviteLive.FormComponent do
Socket.t()
) :: {:ok, Socket.t()}
def update(%{invite: invite} = assigns, socket) do
changeset = Invites.change_invite(invite)
{:ok,
socket
|> assign(assigns)
|> assign(:changeset, changeset)}
{:ok, socket |> assign(assigns) |> assign(:changeset, Invites.change_invite(invite))}
end
@impl true
def handle_event("validate", %{"invite" => invite_params}, socket) do
changeset = socket.assigns.invite |> Invites.change_invite(invite_params)
{:noreply, assign(socket, :changeset, changeset)}
def handle_event(
"validate",
%{"invite" => invite_params},
%{assigns: %{invite: invite}} = socket
) do
{:noreply, socket |> assign(:changeset, invite |> Invites.change_invite(invite_params))}
end
def handle_event("save", %{"invite" => invite_params}, socket) do
save_invite(socket, socket.assigns.action, invite_params)
def handle_event("save", %{"invite" => invite_params}, %{assigns: %{action: action}} = socket) do
save_invite(socket, action, invite_params)
end
@impl true
@@ -71,29 +69,39 @@ defmodule CanneryWeb.InviteLive.FormComponent do
"""
end
defp save_invite(socket, :edit, invite_params) do
case Invites.update_invite(socket.assigns.invite, invite_params) do
{:ok, _invite} ->
{:noreply,
socket
|> put_flash(:info, dgettext("prompts", "Invite updated successfully"))
|> push_redirect(to: socket.assigns.return_to)}
defp save_invite(
%{assigns: %{current_user: current_user, invite: invite, return_to: return_to}} = socket,
:edit,
invite_params
) do
socket =
case invite |> Invites.update_invite(invite_params, current_user) do
{:ok, %{name: invite_name}} ->
prompt = dgettext("prompts", "%{name} updated successfully", name: invite_name)
socket |> put_flash(:info, prompt) |> push_redirect(to: return_to)
{:error, %Changeset{} = changeset} ->
{:noreply, assign(socket, :changeset, changeset)}
end
{:error, %Changeset{} = changeset} ->
socket |> assign(:changeset, changeset)
end
{:noreply, socket}
end
defp save_invite(socket, :new, invite_params) do
case Invites.create_invite(socket.assigns.current_user, invite_params) do
{:ok, _invite} ->
{:noreply,
socket
|> put_flash(:info, dgettext("prompts", "Invite created successfully"))
|> push_redirect(to: socket.assigns.return_to)}
defp save_invite(
%{assigns: %{current_user: current_user, return_to: return_to}} = socket,
:new,
invite_params
) do
socket =
case current_user |> Invites.create_invite(invite_params) do
{:ok, %{name: invite_name}} ->
prompt = dgettext("prompts", "%{name} created successfully", name: invite_name)
socket |> put_flash(:info, prompt) |> push_redirect(to: return_to)
{:error, %Changeset{} = changeset} ->
{:noreply, assign(socket, changeset: changeset)}
end
{:error, %Changeset{} = changeset} ->
socket |> assign(changeset: changeset)
end
{:noreply, socket}
end
end

88
lib/cannery_web/live/invite_live/index.ex
View File

@@ -14,53 +14,87 @@ defmodule CanneryWeb.InviteLive.Index do
end
@impl true
def handle_params(params, _url, socket) do
{:noreply, socket |> apply_action(socket.assigns.live_action, params)}
def handle_params(params, _url, %{assigns: %{live_action: live_action}} = socket) do
{:noreply, socket |> apply_action(live_action, params)}
end
defp apply_action(socket, :edit, %{"id" => id}) do
defp apply_action(%{assigns: %{current_user: current_user}} = socket, :edit, %{"id" => id}) do
socket
|> assign(page_title: gettext("Edit Invite"), invite: Invites.get_invite!(id))
|> assign(page_title: gettext("Edit Invite"), invite: Invites.get_invite!(id, current_user))
end
defp apply_action(socket, :new, _params) do
socket
|> assign(page_title: gettext("New Invite"), invite: %Invite{})
socket |> assign(page_title: gettext("New Invite"), invite: %Invite{})
end
defp apply_action(socket, :index, _params) do
socket
|> assign(page_title: gettext("Listing Invites"), invite: nil)
socket |> assign(page_title: gettext("Listing Invites"), invite: nil)
end
@impl true
def handle_event("delete", %{"id" => id}, socket) do
invite = Invites.get_invite!(id)
{:ok, _} = Invites.delete_invite(invite)
{:noreply, socket |> display_invites()}
def handle_event("delete", %{"id" => id}, %{assigns: %{current_user: current_user}} = socket) do
%{name: invite_name} =
id |> Invites.get_invite!(current_user) |> Invites.delete_invite!(current_user)
prompt = dgettext("prompts", "%{name} deleted succesfully", name: invite_name)
{:noreply, socket |> put_flash(:info, prompt) |> display_invites()}
end
def handle_event("set_unlimited", %{"id" => id}, socket) do
id |> Invites.get_invite!() |> Invites.update_invite(%{"uses_left" => nil})
{:noreply, socket |> display_invites()}
def handle_event(
"set_unlimited",
%{"id" => id},
%{assigns: %{current_user: current_user}} = socket
) do
socket =
Invites.get_invite!(id, current_user)
|> Invites.update_invite(%{"uses_left" => nil}, current_user)
|> case do
{:ok, %{name: invite_name}} ->
prompt = dgettext("prompts", "%{name} updated succesfully", name: invite_name)
socket |> put_flash(:info, prompt) |> display_invites()
{:error, changeset} ->
socket |> put_flash(:error, changeset |> changeset_errors())
end
{:noreply, socket}
end
def handle_event("enable", %{"id" => id}, socket) do
attrs = %{"uses_left" => nil, "disabled_at" => nil}
id |> Invites.get_invite!() |> Invites.update_invite(attrs)
{:noreply, socket |> display_invites()}
def handle_event("enable", %{"id" => id}, %{assigns: %{current_user: current_user}} = socket) do
socket =
Invites.get_invite!(id, current_user)
|> Invites.update_invite(%{"uses_left" => nil, "disabled_at" => nil}, current_user)
|> case do
{:ok, %{name: invite_name}} ->
prompt = dgettext("prompts", "%{name} enabled succesfully", name: invite_name)
socket |> put_flash(:info, prompt) |> display_invites()
{:error, changeset} ->
socket |> put_flash(:error, changeset |> changeset_errors())
end
{:noreply, socket}
end
def handle_event("disable", %{"id" => id}, socket) do
def handle_event("disable", %{"id" => id}, %{assigns: %{current_user: current_user}} = socket) do
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
attrs = %{"uses_left" => 0, "disabled_at" => now}
id |> Invites.get_invite!() |> Invites.update_invite(attrs)
{:noreply, socket |> display_invites()}
socket =
Invites.get_invite!(id, current_user)
|> Invites.update_invite(%{"uses_left" => 0, "disabled_at" => now}, current_user)
|> case do
{:ok, %{name: invite_name}} ->
prompt = dgettext("prompts", "%{name} disabled succesfully", name: invite_name)
socket |> put_flash(:info, prompt) |> display_invites()
{:error, changeset} ->
socket |> put_flash(:error, changeset |> changeset_errors())
end
{:noreply, socket}
end
# redisplays invites to socket
defp display_invites(socket) do
invites = Invites.list_invites()
socket |> assign(:invites, invites)
defp display_invites(%{assigns: %{current_user: current_user}} = socket) do
socket |> assign(:invites, Invites.list_invites(current_user))
end
end

2
lib/cannery_web/live/invite_live/index.html.leex
View File

@@ -69,7 +69,7 @@
<%= if invite.disabled_at |> is_nil() and not(invite.uses_left |> is_nil()) do %>
<a href="#" class="btn btn-primary"
phx-click="set_unlimited" phx-value-id="<%= invite.id %>"
data-confirm={dgettext("prompts", "Are you sure you want to make this invite unlimited?")}>
data-confirm={dgettext("prompts", "Are you sure you want to make %{name} unlimited?", name: invite.name)}>
<%= gettext("Set Unlimited") %>
</a>
<% end %>