-
-
Save hassox/55c9f835d67950d85109 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
defmodule SecretKeeper.UserController do | |
use SecretKeeper.Web, :controller | |
# Provides easier access to the currently logged in user, and the claims for the | |
# current token. Each action in this controller now has the following call pattern | |
# def action(conn, params, current_user, claims_map) | |
# Should be considered totally optional. If you do not want to use this (and have the LoadResource plug in your pipeline) | |
# then you can fetch the current user with current_user = Guardian.Plug.current_resource(conn) | |
use Guardian.Phoenix.Controller | |
alias SecretKeeper.User | |
alias Guardian.Plug.EnsureAuthenticated | |
plug EnsureAuthenticated, [handler: __MODULE__] when action in [:show, :edit, :udpate, :delete] | |
plug EnsurePermissions, [handler: __MODULE__, default: [:admin]] when action in [:show, :edit, :update, :delete] | |
# Or you may want to not have to handle the unauthenticated function in another controller | |
# In that case, you can declare another module that will be used by the handler. It should implement | |
# unauthenticated(Plug.Conn.t, Map.t) :: Plug.Conn.t | |
# plug EnsureAuthenticated, [handler: BrowserAuthErrorHandler] when action in [:show, :edit, :udpate, :delete] | |
plug :scrub_params, "user" when action in [:create, :update] | |
def index(conn, _params, _user, _claims) do | |
users = Repo.all(User) | |
render(conn, "index.html", users: users) | |
end | |
def new(conn, _params) do | |
changeset = User.changeset(%User{}) | |
render(conn, "new.html", changeset: changeset) | |
end | |
def create(conn, %{"user" => user_params}, _user, _claims) do | |
changeset = User.changeset(%User{}, user_params) |> Ecto.Changeset.put_change(:password_hash, Comeonin.Bcrypt.hashpwsalt(user_params["password"])) | |
case Repo.insert(changeset) do | |
{:ok, _user} -> | |
conn | |
|> put_flash(:info, "User created successfully.") | |
|> redirect(to: user_path(conn, :index)) | |
{:error, changeset} -> | |
render(conn, "new.html", changeset: changeset) | |
end | |
end | |
def show(conn, %{"id" => id}, _current_user, _claims) do | |
user = Repo.get!(User, id) | |
render(conn, "show.html", user: user) | |
end | |
def edit(conn, %{"id" => id}, _current_user, _claims) do | |
user = Repo.get!(User, id) | |
changeset = User.changeset(user) | |
render(conn, "edit.html", user: user, changeset: changeset) | |
end | |
def update(conn, %{"id" => id, "user" => user_params}, _current_user, _claims) do | |
user = Repo.get!(User, id) | |
changeset = User.changeset(user, user_params) | |
case Repo.update(changeset) do | |
{:ok, user} -> | |
conn | |
|> put_flash(:info, "User updated successfully.") | |
|> redirect(to: user_path(conn, :show, user)) | |
{:error, changeset} -> | |
render(conn, "edit.html", user: user, changeset: changeset) | |
end | |
end | |
def delete(conn, %{"id" => id}, _current_user, _claims) do | |
user = Repo.get!(User, id) | |
# Here we use delete! (with a bang) because we expect | |
# it to always work (and if it does not, it will raise). | |
Repo.delete!(user) | |
conn | |
|> put_flash(:info, "User deleted successfully.") | |
|> redirect(to: user_path(conn, :index)) | |
end | |
# This could be implemented anywhere, wherever it's implemented should be used as the | |
# handler in EnsureAuthenticated | |
def unauthenticated(conn, _params) do | |
conn | |
|> put_status(401) | |
|> put_flash(:error, "Authentication required") | |
|> redirect(to: "/") | |
end | |
# This could be implemented anywhere, wherever it's implemented should be used as the | |
# handler in EnsureAuthenticated | |
def unauthorized(conn, _params) do | |
conn | |
|> put_status(403) | |
|> put_flash(:error, "Not authorized") | |
|> redirect(to: "/") | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment