Allow admins (crew) to edit sessions

GaiwanTeam · Aug 26, 2024 · ffddda0 · ffddda0
1 parent c2d361c
commit ffddda0
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/src/co/gaiwan/compass/html/sessions.clj b/src/co/gaiwan/compass/html/sessions.clj
@@ -9,6 +9,7 @@
    [co.gaiwan.compass.html.graphics :as graphics]
    [co.gaiwan.compass.http.routing :refer [url-for]]
    [co.gaiwan.compass.model.session :as session]
+   [co.gaiwan.compass.model.user :as user]
    [java-time.api :as time]
    [lambdaisland.ornament :as o]
    [markdown-to-hiccup.core :as m]))
@@ -225,8 +226,8 @@
        [:p "Ticket Required"])
      [:div.actions
       [participate-btn session user]
-      (when (session/organizing? session user)
-        ;; Only allow the event organizer to edit this event
+      (when (or (user/admin? user)
+                (session/organizing? session user))
         [:<>
          [:a {:href (str "/sessions/" (:db/id session) "/edit")}
           [:button  "Edit"]]

diff --git a/src/co/gaiwan/compass/model/user.clj b/src/co/gaiwan/compass/model/user.clj
@@ -44,6 +44,10 @@
 (defn assigned-ticket [user]
   (first (:tito.ticket/_assigned-to user)))
 
+(defn admin? [user]
+  (when-let [ticket (assigned-ticket user)]
+    (= "crew" (:tito.release/slug (:tito.ticket/release ticket)))))
+
 (comment
   (def r (hato/get "https://cdn.discordapp.com/avatars/758588684177768469/8b32119c1ae262544e2952ea60aaf9a7.png" {:as :byte-array}))
 

diff --git a/src/co/gaiwan/compass/routes/sessions.clj b/src/co/gaiwan/compass/routes/sessions.clj
@@ -14,7 +14,7 @@
    [co.gaiwan.compass.html.sessions :as session-html]
    [co.gaiwan.compass.http.response :as response]
    [co.gaiwan.compass.model.session :as session]
-   [io.pedestal.log :as log]
+   [co.gaiwan.compass.model.user :as user]
    [java-time.api :as time]))
 
 (defn GET-session-new [req]
@@ -109,14 +109,14 @@
     (response/redirect ["/sessions" (get tempids "session")]
                        {:flash "Successfully created!"})))
 
-;; TODO: wrap-authorize middleware
 (defn PATCH-edit-session
   "Same as [[POST-create-session]], but edits an existing session."
   [{{:keys [id]} :path-params {:keys [image]} :params :keys [params identity]}]
   (let [id (parse-long id)
         {prev-image :session/image {organizer-id :db/id} :session/organized :as session} (db/pull '[*] id)]
     (if session
-      (if (= (:db/id identity) organizer-id)
+      (if (or (user/admin? identity)
+              (= (:db/id identity) organizer-id))
         (do
           (when (and prev-image image)
             ;; Delete old image if exists