From 56d57edfd0df66978ff069651fc4c21dee856b0a Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 15 Apr 2018 23:30:22 +0200 Subject: [PATCH] feat(handlers): Implement post editing handler Implements a handler that receives the edit form result and updates the database accordingly if the user identity matches. --- src/db.rs | 4 ++-- src/handlers.rs | 28 ++++++++++++++++++++++++++++ src/main.rs | 1 + 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/db.rs b/src/db.rs index 3641bddb5..e7af0fdd4 100644 --- a/src/db.rs +++ b/src/db.rs @@ -90,8 +90,8 @@ impl Handler for DbExecutor { /// Message used to update the content of a post. #[derive(Deserialize)] pub struct UpdatePost { - post_id: i32, - post: String, + pub post_id: i32, + pub post: String, } message!(UpdatePost, Result); diff --git a/src/handlers.rs b/src/handlers.rs index cbe4e4292..feac6b864 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -224,6 +224,34 @@ pub fn edit_form(state: State, .responder() } +/// This handler "executes" an edit to a post if the current user owns +/// the edited post. +pub fn edit_post(state: State, + mut req: HttpRequest, + update: Form) -> ConverseResponse { + let author: Option = req.session().get(AUTHOR) + .unwrap_or_else(|_| None); + + state.db.send(GetPost { id: update.post_id }) + .flatten() + .from_err() + .and_then(move |post| { + if let Some(author) = author { + if author.email.eq(&post.author_email) { + return Ok(()); + } + } + Err(ConverseError::PostEditForbidden { id: post.id }) + }) + .and_then(move |_| state.db.send(update.0).from_err()) + .flatten() + .map(|updated| HttpResponse::SeeOther() + .header("Location", format!("/thread/{}#post-{}", + updated.thread_id, updated.id)) + .finish()) + .responder() +} + /// This handler executes a full-text search on the forum database and /// displays the results to the user. pub fn search_forum(state: State, diff --git a/src/main.rs b/src/main.rs index 55b19b0be..30b371eae 100644 --- a/src/main.rs +++ b/src/main.rs @@ -182,6 +182,7 @@ fn start_http_server(base_url: String, .resource("/thread/reply", |r| r.method(Method::POST).with3(reply_thread)) .resource("/thread/{id}", |r| r.method(Method::GET).with3(forum_thread)) .resource("/post/{id}/edit", |r| r.method(Method::GET).with3(edit_form)) + .resource("/post/edit", |r| r.method(Method::POST).with3(edit_post)) .resource("/search", |r| r.method(Method::GET).with2(search_forum)) .resource("/oidc/login", |r| r.method(Method::GET).with(login)) .resource("/oidc/callback", |r| r.method(Method::POST).with3(callback));