Skip to content

Instantly share code, notes, and snippets.

@hassox hassox/user_controllrer.ex Secret
Last active Dec 21, 2015

Embed
What would you like to do?
defmodule SecretKeeper.UserController do
use SecretKeeper.Web, :controller
# Provides easier access to the currently logged in user, and the claims for the
# current token. Each action in this controller now has the following call pattern
# def action(conn, params, current_user, claims_map)
# Should be considered totally optional. If you do not want to use this (and have the LoadResource plug in your pipeline)
# then you can fetch the current user with current_user = Guardian.Plug.current_resource(conn)
use Guardian.Phoenix.Controller
alias SecretKeeper.User
alias Guardian.Plug.EnsureAuthenticated
plug EnsureAuthenticated, [handler: __MODULE__] when action in [:show, :edit, :udpate, :delete]
plug EnsurePermissions, [handler: __MODULE__, default: [:admin]] when action in [:show, :edit, :update, :delete]
# Or you may want to not have to handle the unauthenticated function in another controller
# In that case, you can declare another module that will be used by the handler. It should implement
# unauthenticated(Plug.Conn.t, Map.t) :: Plug.Conn.t
# plug EnsureAuthenticated, [handler: BrowserAuthErrorHandler] when action in [:show, :edit, :udpate, :delete]
plug :scrub_params, "user" when action in [:create, :update]
def index(conn, _params, _user, _claims) do
users = Repo.all(User)
render(conn, "index.html", users: users)
end
def new(conn, _params) do
changeset = User.changeset(%User{})
render(conn, "new.html", changeset: changeset)
end
def create(conn, %{"user" => user_params}, _user, _claims) do
changeset = User.changeset(%User{}, user_params) |> Ecto.Changeset.put_change(:password_hash, Comeonin.Bcrypt.hashpwsalt(user_params["password"]))
case Repo.insert(changeset) do
{:ok, _user} ->
conn
|> put_flash(:info, "User created successfully.")
|> redirect(to: user_path(conn, :index))
{:error, changeset} ->
render(conn, "new.html", changeset: changeset)
end
end
def show(conn, %{"id" => id}, _current_user, _claims) do
user = Repo.get!(User, id)
render(conn, "show.html", user: user)
end
def edit(conn, %{"id" => id}, _current_user, _claims) do
user = Repo.get!(User, id)
changeset = User.changeset(user)
render(conn, "edit.html", user: user, changeset: changeset)
end
def update(conn, %{"id" => id, "user" => user_params}, _current_user, _claims) do
user = Repo.get!(User, id)
changeset = User.changeset(user, user_params)
case Repo.update(changeset) do
{:ok, user} ->
conn
|> put_flash(:info, "User updated successfully.")
|> redirect(to: user_path(conn, :show, user))
{:error, changeset} ->
render(conn, "edit.html", user: user, changeset: changeset)
end
end
def delete(conn, %{"id" => id}, _current_user, _claims) do
user = Repo.get!(User, id)
# Here we use delete! (with a bang) because we expect
# it to always work (and if it does not, it will raise).
Repo.delete!(user)
conn
|> put_flash(:info, "User deleted successfully.")
|> redirect(to: user_path(conn, :index))
end
# This could be implemented anywhere, wherever it's implemented should be used as the
# handler in EnsureAuthenticated
def unauthenticated(conn, _params) do
conn
|> put_status(401)
|> put_flash(:error, "Authentication required")
|> redirect(to: "/")
end
# This could be implemented anywhere, wherever it's implemented should be used as the
# handler in EnsureAuthenticated
def unauthorized(conn, _params) do
conn
|> put_status(403)
|> put_flash(:error, "Not authorized")
|> redirect(to: "/")
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.