Update user

2026-01-14 20:04:41 +00:00 · 2023-02-18 17:26:27 +00:00
parent 47c92ad44a
commit 471fa9ceb5
4 changed files with 38 additions and 2 deletions
--- a/lib/phoenix_api_template_web/auth/error_response.ex
+++ b/lib/phoenix_api_template_web/auth/error_response.ex
@@ -1,3 +1,7 @@
 defmodule PhoenixApiTemplateWeb.Auth.ErrorResponse.Unauthorized do
  defexception message: "Unauthorized", plug_status: 401
 end
 defmodule PhoenixApiTemplateWeb.Auth.ErrorResponse.Forbidden do
  defexception message: "Forbidden", plug_status: 403
 end
--- a/lib/phoenix_api_template_web/controllers/user_controller.ex
+++ b/lib/phoenix_api_template_web/controllers/user_controller.ex
@@ -1,6 +1,7 @@
 defmodule PhoenixApiTemplateWeb.UserController do
  use PhoenixApiTemplateWeb, :controller
  alias PhoenixApiTemplateWeb.Auth.ErrorResponse
  alias PhoenixApiTemplateWeb.Auth.ErrorResponse.Unauthorized
  alias PhoenixApiTemplateWeb.Auth.Guardian
  alias PhoenixApiTemplate.Accounts
@@ -8,8 +9,21 @@ defmodule PhoenixApiTemplateWeb.UserController do
  alias PhoenixApiTemplate.Profiles
  alias PhoenixApiTemplate.Profiles.Profile
  plug :is_authorized_user when action in [:update, :delete]
  action_fallback(PhoenixApiTemplateWeb.FallbackController)
  defp is_authorized_user(conn, _options) do
    %{params: %{"id" => id}} = conn
    user = Accounts.get_user!(id)
    if conn.assigns.user.id == user.id do
      conn
    else
      raise ErrorResponse.Forbidden
    end
  end
  def index(conn, _params) do
    users = Accounts.list_users()
    render(conn, "index.json", users: users)
--- a/lib/phoenix_api_template_web/router.ex
+++ b/lib/phoenix_api_template_web/router.ex
@@ -2,18 +2,26 @@ defmodule PhoenixApiTemplateWeb.Router do
  use PhoenixApiTemplateWeb, :router
  use Plug.ErrorHandler
-  defp handle_errors(conn, %{reason: %Phoenix.Router.NoRouteError{message: message}}) do
+  def handle_errors(conn, %{reason: %Phoenix.Router.NoRouteError{message: message}}) do
    conn
    |> json(%{errors: message})
    |> halt()
  end
-  defp handle_errors(conn, %{reason: %{message: message}}) do
+  def handle_errors(conn, %{reason: %{message: message}}) do
    conn
    |> json(%{errors: message})
    |> halt()
  end
  def handle_errors(conn, error) do
    IO.inspect(error)
    conn
    |> json(%{errors: "unknown error"})
    |> halt()
  end
  pipeline :api do
    plug(:accepts, ["json"])
    plug :fetch_session
@@ -36,5 +44,6 @@ defmodule PhoenixApiTemplateWeb.Router do
    pipe_through([:api, :auth])
    get "/users/by_id/:id", UserController, :show
    put "/users/:id", UserController, :update
  end
 end
--- a/test_requests/update_user.http
+++ b/test_requests/update_user.http
@@ -0,0 +1,9 @@
 PUT http://localhost:4000/api/users/eae6f03c-6276-48e3-b6df-0797b2f8cb99 HTTP/1.1
 content-type: application/json
 Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJwaG9lbml4X2FwaV90ZW1wbGF0ZSIsImV4cCI6MTY3OTE1Njk5NiwiaWF0IjoxNjc2NzM3Nzk2LCJpc3MiOiJwaG9lbml4X2FwaV90ZW1wbGF0ZSIsImp0aSI6Ijk0ZjJlOGQ5LTJkZmYtNDM4Zi1hY2Y4LWZiMzAwODJmZDU2YiIsIm5iZiI6MTY3NjczNzc5NSwic3ViIjoiZWFlNmYwM2MtNjI3Ni00OGUzLWI2ZGYtMDc5N2IyZjhjYjk5IiwidHlwIjoiYWNjZXNzIn0.32jNDsUQZemN6V_sR8xZtmlQp1kECPEcS63yCR655HlyWYsaNYCF3t4Wi37to6lmYUuE8QUD0qI3BHkqhroScQ
 {
    "user": {
        "password": "safe"
    }
 }