Yes, you can do this either in a controller or a liveview, with something such as:
def edit(conn, %{"id" => id}) do
with article <- Articles.get_article!(id),
true <- article.user_id == conn.assigns.current_user.id do
# do the update
end
end
You can also abstract this to a module, such as Authorization, and have functions like:
I get what this does but what kind of dark magic is going on here. Hoping you can explain these lines… .typically I expect something like if user1 is member of (allowed list), user1 can edit/do xyz. Still getting used to this syntax. thx.
def edit(conn, %{"id" => id}) do
# This probably raises an error if no article matches? If not, you'd need more conditionals
article = Articles.get_article!(id)
if article.user_id == conn.assigns.current_user.id do
# do the update
else
end
end