Merge pull request #1732 from digitallyinduced/amitaibu-patch-2

Add `accessDeniedWhen`
digitallyinduced · Jul 1, 2023 · 45902cc · 45902cc
2 parents 0bf5b47 + 017eba7
commit 45902cc
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 6 deletions.
diff --git a/Guide/recipes.markdown b/Guide/recipes.markdown
@@ -66,7 +66,7 @@ You can easily upload a user profile picture using [`uploadImageWithOptions`](ht
 ```haskell
 action UpdateUserAction { userId } = do
     user <- fetch userId
-    accessDeniedUnless (userId == currentUserId)
+    accessDeniedWhen (userId /= currentUserId)
 
     let profilePictureOptions = ImageUploadOptions
             { convertTo = "jpg"
@@ -133,11 +133,23 @@ instance View EditView where
 
 ## Checking that the current user has permission to access the action
 
-Use [accessDeniedUnless](https://ihp.digitallyinduced.com/api-docs/IHP-LoginSupport-Helper-Controller.html#v:accessDeniedUnless) like this:
+Use [accessDeniedWhen](https://ihp.digitallyinduced.com/api-docs/IHP-LoginSupport-Helper-Controller.html#v:accessDeniedWhen) like this:
 
 ```haskell
 action EditPostAction { postId } = do
     post <- fetch postId
+    -- Access denied if the current user is not the author of the post.
+    accessDeniedWhen (post.authorId /= currentUserId)
+
+    renderHtml EditView { .. }
+```
+
+Or the opposite command [accessDeniedUnless](https://ihp.digitallyinduced.com/api-docs/IHP-LoginSupport-Helper-Controller.html#v:accessDeniedUnless) like this:
+
+```haskell
+action EditPostAction { postId } = do
+    post <- fetch postId
+    -- Access denied if the current user is not the author of the post.
     accessDeniedUnless (post.authorId == currentUserId)
 
     renderHtml EditView { .. }

diff --git a/IHP/AuthSupport/Authorization.hs b/IHP/AuthSupport/Authorization.hs
@@ -10,16 +10,31 @@ import IHP.Prelude
 class CanView user model where
     canView :: (?modelContext :: ModelContext) => model -> user -> IO Bool
 
--- | Stops the action execution with an error message when the access condition is false.
+-- | Stops the action execution with an error message when the access condition is True.
 --
--- __Example:__ Checking a user is author of a blog post.
+-- __Example:__ Checking a user is the author of a blog post.
+-- 
+-- > action EditPostAction { postId } = do
+-- >     post <- fetch postId
+-- >     accessDeniedWhen (post.authorId /= currentUserId)
+-- >     
+-- >     renderHtml EditView { .. }
+--
+-- This will throw an error and prevent the view from being rendered when the current user is not the author of the post.
+accessDeniedWhen :: Bool -> IO ()
+accessDeniedWhen condition = when condition (fail "Access denied")
+
+-- | Stops the action execution with an error message when the access condition is False.
+--
+-- __Example:__ Checking a user is the author of a blog post.
 -- 
 -- > action EditPostAction { postId } = do
 -- >     post <- fetch postId
 -- >     accessDeniedUnless (post.authorId == currentUserId)
 -- >     
 -- >     renderHtml EditView { .. }
 --
--- This will throw an error and prevent the view from being rendered when the current user is not author of the post.
+-- This will throw an error and prevent the view from being rendered when the current user is not the author of the post.
 accessDeniedUnless :: Bool -> IO ()
-accessDeniedUnless condition = if condition then pure () else fail "Access denied"
+accessDeniedUnless condition = unless condition (fail "Access denied")
+