From 705097dab91c57524d2311dd839615840044437c Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 15 Apr 2018 23:09:44 +0200 Subject: feat(handlers/render): Display edit form for user's own posts Displays an edit form for posts that are owned by a user (which is currently defined as "email addresses match"). --- src/handlers.rs | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'src/handlers.rs') diff --git a/src/handlers.rs b/src/handlers.rs index 8bfd3c1511e6..cbe4e4292b7c 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -189,6 +189,41 @@ pub fn reply_thread(state: State, .responder() } +/// This handler presents the user with the form to edit a post. If +/// the user attempts to edit a post that they do not have access to, +/// they are currently ungracefully redirected back to the post +/// itself. +pub fn edit_form(state: State, + mut req: HttpRequest, + query: Path) -> ConverseResponse { + let author: Option = req.session().get(AUTHOR) + .unwrap_or_else(|_| None); + + state.db.send(query.into_inner()) + .flatten() + .from_err() + .and_then(move |post| { + if let Some(author) = author { + if author.email.eq(&post.author_email) { + return Ok(post); + } + } + + Err(ConverseError::PostEditForbidden { id: post.id }) + }) + .and_then(move |post| { + let edit_msg = EditPostPage { + id: post.id, + post: post.body, + }; + + state.renderer.send(edit_msg).from_err() + }) + .flatten() + .map(|page| HttpResponse::Ok().content_type(HTML).body(page)) + .responder() +} + /// This handler executes a full-text search on the forum database and /// displays the results to the user. pub fn search_forum(state: State, -- cgit 1.4.1