From bd2e040b616f3848911931d3fbf5475d3c06a56e Mon Sep 17 00:00:00 2001 From: VO VAN QUOC BAO Date: Thu, 21 May 2026 23:11:29 +0700 Subject: [PATCH] fix(bounties): hide Edit/Delete buttons from unauthorized users The Edit Amount and Delete buttons on the org bounties page were rendered for all logged-in users regardless of role. Only admins and moderators should see these buttons, matching the existing backend authorization check (current_user_role in [:admin, :mod]). Wraps both buttons in a frontend guard so non-owners never see actions they cannot perform, eliminating the confusing "You are not authorized" error on click. Fixes #238 --- lib/algora_web/live/org/bounties_live.ex | 34 +++++++++++++----------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/lib/algora_web/live/org/bounties_live.ex b/lib/algora_web/live/org/bounties_live.ex index 9dccffbd2..3048e4234 100644 --- a/lib/algora_web/live/org/bounties_live.ex +++ b/lib/algora_web/live/org/bounties_live.ex @@ -221,22 +221,24 @@ defmodule AlgoraWeb.Org.BountiesLive do
- <.button - phx-click="edit-bounty-amount" - phx-value-id={bounty.id} - variant="secondary" - size="sm" - > - Edit Amount - - <.button - phx-click="delete-bounty" - phx-value-id={bounty.id} - variant="destructive" - size="sm" - > - Delete - + <%= if @current_user_role in [:admin, :mod] do %> + <.button + phx-click="edit-bounty-amount" + phx-value-id={bounty.id} + variant="secondary" + size="sm" + > + Edit Amount + + <.button + phx-click="delete-bounty" + phx-value-id={bounty.id} + variant="destructive" + size="sm" + > + Delete + + <% end %>