about summary refs log tree commit diff
path: root/src/handlers.rs
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@gmail.com>2018-04-15T21·09+0200
committerVincent Ambo <tazjin@gmail.com>2018-04-15T21·09+0200
commit705097dab91c57524d2311dd839615840044437c (patch)
tree2b7763180fb25d3e85107a086b8fb1739e0e6688 /src/handlers.rs
parent7a557865528d6dba78b4dcb90248623aa100f930 (diff)
feat(handlers/render): Display edit form for user's own posts
Displays an edit form for posts that are owned by a user (which is
currently defined as "email addresses match").
Diffstat (limited to 'src/handlers.rs')
-rw-r--r--src/handlers.rs35
1 files changed, 35 insertions, 0 deletions
diff --git a/src/handlers.rs b/src/handlers.rs
index 8bfd3c1511e6..cbe4e4292b7c 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -189,6 +189,41 @@ pub fn reply_thread(state: State<AppState>,
         .responder()
 }
 
+/// This handler presents the user with the form to edit a post. If
+/// the user attempts to edit a post that they do not have access to,
+/// they are currently ungracefully redirected back to the post
+/// itself.
+pub fn edit_form(state: State<AppState>,
+                 mut req: HttpRequest<AppState>,
+                 query: Path<GetPost>) -> ConverseResponse {
+    let author: Option<Author> = req.session().get(AUTHOR)
+        .unwrap_or_else(|_| None);
+
+    state.db.send(query.into_inner())
+        .flatten()
+        .from_err()
+        .and_then(move |post| {
+            if let Some(author) = author {
+                if author.email.eq(&post.author_email) {
+                    return Ok(post);
+                }
+            }
+
+            Err(ConverseError::PostEditForbidden { id: post.id })
+        })
+        .and_then(move |post| {
+            let edit_msg = EditPostPage {
+                id: post.id,
+                post: post.body,
+            };
+
+            state.renderer.send(edit_msg).from_err()
+        })
+        .flatten()
+        .map(|page| HttpResponse::Ok().content_type(HTML).body(page))
+        .responder()
+}
+
 /// This handler executes a full-text search on the forum database and
 /// displays the results to the user.
 pub fn search_forum(state: State<AppState>,