Add access restrictions to UI (#19)

- Vary default user access for new web logs (#19) - Add htmx detection to not auth/404 handlers - Bump version
2022-07-16 22:17:57 -04:00
parent eae1509d81
commit d30312c23f
19 changed files with 229 additions and 137 deletions
--- a/src/admin-theme/post-list.liquid
+++ b/src/admin-theme/post-list.liquid
@@ -46,15 +46,18 @@
            {{ post.title }}<br>
            <small>
              <a href="{{ post | relative_link }}" target="_blank">View Post</a>
-              <span class="text-muted"> &bull; </span>
-              <a href="{{ post | edit_post_link }}">Edit</a>
-              <span class="text-muted"> &bull; </span>
-              {%- capture post_del %}admin/post/{{ post.id }}/delete{% endcapture -%}
-              {%- capture post_del_link %}{{ post_del | relative_link }}{% endcapture -%}
-              <a href="{{ post_del_link }}" hx-post="{{ post_del_link }}" class="text-danger"
-                 hx-confirm="Are you sure you want to delete the page &ldquo;{{ post.title | strip_html | escape }}&rdquo;? This action cannot be undone.">
-                Delete
-              </a>
+              {% if is_editor or is_author and user_id == post.author_id %}
+                <span class="text-muted"> &bull; </span>
+                <a href="{{ post | edit_post_link }}">Edit</a>
+              {% endif %}
+              {% if is_web_log_admin %}
+                <span class="text-muted"> &bull; </span>
+                {%- assign post_del_link = "admin/post/" | append: post.id | append: "/delete" | relative_link -%}
+                <a href="{{ post_del_link }}" hx-post="{{ post_del_link }}" class="text-danger"
+                   hx-confirm="Are you sure you want to delete the page &ldquo;{{ post.title | strip_html | escape }}&rdquo;? This action cannot be undone.">
+                  Delete
+                </a>
+              {% endif %}
            </small>
          </div>
          <div class="{{ author_col }}">