Update user

2026-03-10 12:34:38 +00:00 · 2023-02-18 17:26:27 +00:00
parent 47c92ad44a
commit 471fa9ceb5
4 changed files with 38 additions and 2 deletions
--- a/lib/phoenix_api_template_web/auth/error_response.ex
+++ b/lib/phoenix_api_template_web/auth/error_response.ex
@@ -1,3 +1,7 @@
 defmodule PhoenixApiTemplateWeb.Auth.ErrorResponse.Unauthorized do
  defexception message: "Unauthorized", plug_status: 401
 end
+
+defmodule PhoenixApiTemplateWeb.Auth.ErrorResponse.Forbidden do
+  defexception message: "Forbidden", plug_status: 403
+end
--- a/lib/phoenix_api_template_web/controllers/user_controller.ex
+++ b/lib/phoenix_api_template_web/controllers/user_controller.ex
@@ -1,6 +1,7 @@
 defmodule PhoenixApiTemplateWeb.UserController do
  use PhoenixApiTemplateWeb, :controller

+  alias PhoenixApiTemplateWeb.Auth.ErrorResponse
  alias PhoenixApiTemplateWeb.Auth.ErrorResponse.Unauthorized
  alias PhoenixApiTemplateWeb.Auth.Guardian
  alias PhoenixApiTemplate.Accounts
@@ -8,8 +9,21 @@ defmodule PhoenixApiTemplateWeb.UserController do
  alias PhoenixApiTemplate.Profiles
  alias PhoenixApiTemplate.Profiles.Profile

+  plug :is_authorized_user when action in [:update, :delete]
+
  action_fallback(PhoenixApiTemplateWeb.FallbackController)

+  defp is_authorized_user(conn, _options) do
+    %{params: %{"id" => id}} = conn
+    user = Accounts.get_user!(id)
+
+    if conn.assigns.user.id == user.id do
+      conn
+    else
+      raise ErrorResponse.Forbidden
+    end
+  end
+
  def index(conn, _params) do
    users = Accounts.list_users()
    render(conn, "index.json", users: users)
--- a/lib/phoenix_api_template_web/router.ex
+++ b/lib/phoenix_api_template_web/router.ex
@@ -2,18 +2,26 @@ defmodule PhoenixApiTemplateWeb.Router do
  use PhoenixApiTemplateWeb, :router
  use Plug.ErrorHandler

-  defp handle_errors(conn, %{reason: %Phoenix.Router.NoRouteError{message: message}}) do
+  def handle_errors(conn, %{reason: %Phoenix.Router.NoRouteError{message: message}}) do
    conn
    |> json(%{errors: message})
    |> halt()
  end

-  defp handle_errors(conn, %{reason: %{message: message}}) do
+  def handle_errors(conn, %{reason: %{message: message}}) do
    conn
    |> json(%{errors: message})
    |> halt()
  end

+  def handle_errors(conn, error) do
+    IO.inspect(error)
+
+    conn
+    |> json(%{errors: "unknown error"})
+    |> halt()
+  end
+
  pipeline :api do
    plug(:accepts, ["json"])
    plug :fetch_session
@@ -36,5 +44,6 @@ defmodule PhoenixApiTemplateWeb.Router do
    pipe_through([:api, :auth])

    get "/users/by_id/:id", UserController, :show
+    put "/users/:id", UserController, :update
  end
 end