From a2828f4ebb005d91a09952f444239c5b45ecb08d Mon Sep 17 00:00:00 2001
From: River Tae Smith <22485304+r-tae@users.noreply.github.com>
Date: Thu, 29 Aug 2024 17:38:12 +1000
Subject: [PATCH] Redirect unpublished signs to login if not editor

---
 lib/signbank/dictionary.ex                    | 62 +++++++++++--------
 lib/signbank/sign_order.ex                    |  7 ++-
 .../live/entry_live/basic_view.ex             | 46 ++++++++------
 .../live/entry_live/basic_view.html.heex      |  2 +-
 .../live/entry_live/linguistic_view.ex        | 17 +++--
 5 files changed, 81 insertions(+), 53 deletions(-)

diff --git a/lib/signbank/dictionary.ex b/lib/signbank/dictionary.ex
index 0d9dc86..c155708 100644
--- a/lib/signbank/dictionary.ex
+++ b/lib/signbank/dictionary.ex
@@ -64,27 +64,36 @@ defmodule Signbank.Dictionary do
 
   ## Examples
 
-      iex> get_sign_by_id_gloss!("house1a")
+      iex> get_sign_by_id_gloss("house1a")
       %Sign{}
 
   """
-  def get_sign_by_id_gloss!(id_gloss),
-    do:
-      Repo.get_by!(
-        from(s in Sign,
-          preload: [
-            citation: [definitions: [], variants: []],
-            definitions: [],
-            variants: [videos: [], regions: []],
-            regions: [],
-            videos: [],
-            suggested_signs: [],
-            active_video: []
-          ]
-        ),
-        id_gloss: id_gloss
+  def get_sign_by_id_gloss(id_gloss, current_user \\ nil) do
+    query =
+      from(s in Sign,
+        preload: [
+          citation: [definitions: [], variants: []],
+          definitions: [],
+          variants: [videos: [], regions: []],
+          regions: [],
+          videos: [],
+          suggested_signs: [],
+          active_video: []
+        ],
+        where: s.id_gloss == ^id_gloss
       )
 
+    Repo.one(
+      case current_user do
+        %User{role: role} when role in [:tech, :editor] ->
+          query
+
+        _ ->
+          from s in query, where: s.published == true
+      end
+    )
+  end
+
   @doc """
   Returns a sign with the given `id_gloss`. It only returns citation entries.
 
@@ -198,15 +207,18 @@ defmodule Signbank.Dictionary do
         end
       )
 
-    Repo.one!(
-      from so in subquery(query),
-        left_join: p in Sign,
-        on: [id: so.previous],
-        left_join: n in Sign,
-        on: [id: so.next],
-        select: %{previous: p, next: n, position: so.position},
-        where: so.id == ^id
-    )
+    case Repo.one(
+           from so in subquery(query),
+             left_join: p in Sign,
+             on: [id: so.previous],
+             left_join: n in Sign,
+             on: [id: so.next],
+             select: %{previous: p, next: n, position: so.position},
+             where: so.id == ^id
+         ) do
+      nil -> %{previous: nil, next: nil, position: nil}
+      record -> record
+    end
   end
 
   @doc """
diff --git a/lib/signbank/sign_order.ex b/lib/signbank/sign_order.ex
index 1495fe7..dc897be 100644
--- a/lib/signbank/sign_order.ex
+++ b/lib/signbank/sign_order.ex
@@ -33,8 +33,11 @@ defmodule Signbank.SignOrder do
         select: %{
           id: selected_as(s.id, :id),
           position:
-            selected_as(row_number()
-            |> over(:sign_order), :position),
+            selected_as(
+              row_number()
+              |> over(:sign_order),
+              :position
+            ),
           previous: selected_as(lag(s.id) |> over(:sign_order), :previous),
           next: selected_as(lead(s.id) |> over(:sign_order), :next)
         }
diff --git a/lib/signbank_web/live/entry_live/basic_view.ex b/lib/signbank_web/live/entry_live/basic_view.ex
index 1d6886b..c184c7d 100644
--- a/lib/signbank_web/live/entry_live/basic_view.ex
+++ b/lib/signbank_web/live/entry_live/basic_view.ex
@@ -15,26 +15,32 @@ defmodule SignbankWeb.SignLive.BasicView do
   def handle_params(%{"id" => id_gloss} = params, _, socket) do
     search_query = Map.get(params, "q")
 
-    socket =
-      assign(
-        socket,
-        :search_results,
-        if is_nil(search_query) do
-          []
-        else
-          {:ok, search_results} = Dictionary.get_sign_by_keyword!(search_query)
-          search_results
-        end
-      )
-
-    # TODO: this is really quite broken, it doesn't take into account the logged in user
-    sign = Dictionary.get_sign_by_id_gloss!(id_gloss)
-
-    {:noreply,
-     socket
-     |> assign(:page_title, page_title(socket.assigns.live_action))
-     |> assign(:sign, sign)
-     |> assign(:search_query, search_query)}
+    case Dictionary.get_sign_by_id_gloss(id_gloss, socket.assigns.current_user) do
+      nil ->
+        {:noreply,
+         socket
+         |> put_flash(:error, "You do not have permission to access this page, please log in.")
+         |> redirect(to: ~p"/users/log_in")}
+
+      sign ->
+        socket =
+          assign(
+            socket,
+            :search_results,
+            if is_nil(search_query) do
+              []
+            else
+              {:ok, search_results} = Dictionary.get_sign_by_keyword!(search_query)
+              search_results
+            end
+          )
+
+        {:noreply,
+         socket
+         |> assign(:page_title, page_title(socket.assigns.live_action))
+         |> assign(:sign, sign)
+         |> assign(:search_query, search_query)}
+    end
   end
 
   # TODO: fix the page title
diff --git a/lib/signbank_web/live/entry_live/basic_view.html.heex b/lib/signbank_web/live/entry_live/basic_view.html.heex
index 1e5f24d..8a87335 100644
--- a/lib/signbank_web/live/entry_live/basic_view.html.heex
+++ b/lib/signbank_web/live/entry_live/basic_view.html.heex
@@ -1,5 +1,5 @@
 <nav class="level entry-page__switch_entry">
-  <.entry_nav class="level-left" sign={@sign} current_user={@current_user}/>
+  <.entry_nav class="level-left" sign={@sign} current_user={@current_user} />
 
   <div class="level-right">
     <%!-- <p :if={@search_query != nil and not Enum.empty?(@search_results)}> --%>
diff --git a/lib/signbank_web/live/entry_live/linguistic_view.ex b/lib/signbank_web/live/entry_live/linguistic_view.ex
index a2fdeac..9ace15f 100644
--- a/lib/signbank_web/live/entry_live/linguistic_view.ex
+++ b/lib/signbank_web/live/entry_live/linguistic_view.ex
@@ -12,12 +12,19 @@ defmodule SignbankWeb.SignLive.LinguisticView do
 
   @impl true
   def handle_params(%{"id" => id_gloss}, _, socket) do
-    sign = Dictionary.get_sign_by_id_gloss!(id_gloss)
+    case Dictionary.get_sign_by_id_gloss(id_gloss, socket.assigns.current_user) do
+      nil ->
+        {:noreply,
+         socket
+         |> put_flash(:error, "You do not have permission to access this page, please log in.")
+         |> redirect(to: ~p"/users/log_in")}
 
-    {:noreply,
-     socket
-     |> assign(:page_title, page_title(socket.assigns.live_action))
-     |> assign(:sign, sign)}
+      sign ->
+        {:noreply,
+         socket
+         |> assign(:page_title, page_title(socket.assigns.live_action))
+         |> assign(:sign, sign)}
+    end
   end
 
   # TODO: fix the page title