force authorization

This commit is contained in:
byte[] 2019-12-08 12:50:44 -05:00
parent 9f6ac9753d
commit dc1cacbcc7

View file

@ -8,6 +8,7 @@ defmodule PhilomenaWeb.Admin.ReportController do
alias Philomena.Repo alias Philomena.Repo
import Ecto.Query import Ecto.Query
plug :verify_authorized
plug :load_and_authorize_resource, model: Report, only: [:show], preload: [:admin, user: [:linked_tags, awards: :badge]] plug :load_and_authorize_resource, model: Report, only: [:show], preload: [:admin, user: [:linked_tags, awards: :badge]]
def index(conn, %{"rq" => query_string}) do def index(conn, %{"rq" => query_string}) do
@ -80,4 +81,11 @@ defmodule PhilomenaWeb.Admin.ReportController do
%{created_at: :desc} %{created_at: :desc}
] ]
end end
defp verify_authorized(conn, _opts) do
case Canada.Can.can?(conn.assigns.current_user, :index, Report) do
true -> conn
false -> PhilomenaWeb.NotAuthorizedPlug.call(conn)
end
end
end end