diff options
author | Vincent Ambo <tazjin@gmail.com> | 2018-04-15T21·09+0200 |
---|---|---|
committer | Vincent Ambo <tazjin@gmail.com> | 2018-04-15T21·09+0200 |
commit | 705097dab91c57524d2311dd839615840044437c (patch) | |
tree | 2b7763180fb25d3e85107a086b8fb1739e0e6688 /src/handlers.rs | |
parent | 7a557865528d6dba78b4dcb90248623aa100f930 (diff) |
feat(handlers/render): Display edit form for user's own posts
Displays an edit form for posts that are owned by a user (which is currently defined as "email addresses match").
Diffstat (limited to 'src/handlers.rs')
-rw-r--r-- | src/handlers.rs | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/handlers.rs b/src/handlers.rs index 8bfd3c1511e6..cbe4e4292b7c 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -189,6 +189,41 @@ pub fn reply_thread(state: State<AppState>, .responder() } +/// This handler presents the user with the form to edit a post. If +/// the user attempts to edit a post that they do not have access to, +/// they are currently ungracefully redirected back to the post +/// itself. +pub fn edit_form(state: State<AppState>, + mut req: HttpRequest<AppState>, + query: Path<GetPost>) -> ConverseResponse { + let author: Option<Author> = req.session().get(AUTHOR) + .unwrap_or_else(|_| None); + + state.db.send(query.into_inner()) + .flatten() + .from_err() + .and_then(move |post| { + if let Some(author) = author { + if author.email.eq(&post.author_email) { + return Ok(post); + } + } + + Err(ConverseError::PostEditForbidden { id: post.id }) + }) + .and_then(move |post| { + let edit_msg = EditPostPage { + id: post.id, + post: post.body, + }; + + state.renderer.send(edit_msg).from_err() + }) + .flatten() + .map(|page| HttpResponse::Ok().content_type(HTML).body(page)) + .responder() +} + /// This handler executes a full-text search on the forum database and /// displays the results to the user. pub fn search_forum(state: State<AppState>, |