add enrollment check plug

apps/core/lib/core/schema/course.ex

@@ -26,6 +26,8 @@ defmodule GoEscuelaLms.Core.Schema.Course do
 
   def find(uuid) do
     Repo.get(Course, uuid)
+    |> Repo.preload(:topics)
+    |> Repo.preload(:enrollments)
   end
 
   def create(attrs \\ %{}) do

apps/web/lib/web/controllers/topics/topics_controller.ex

@@ -10,6 +10,8 @@ defmodule Web.Topics.TopicsController do
 
   plug :is_permit_authorized when action in [:create]
   plug :load_course when action in [:create]
+  plug :load_course when action in [:create]
+  plug :check_enrollment when action in [:create]
 
   @create_params %{
     name: [type: :string, required: true]

apps/web/lib/web/plug/check_request.ex

@@ -8,8 +8,6 @@ defmodule Web.Plug.CheckRequest do
   def load_course(conn, _) do
     course_id = conn.params["courses_id"]
 
-    IO.puts "COURSE_ID ==> #{course_id}"
-
     with :ok <- valid_uuids(course_id),
          course <- Course.find(course_id),
          false <- is_nil(course) do
@@ -21,11 +19,29 @@ defmodule Web.Plug.CheckRequest do
   end
 
   defp valid_uuids(id) do
-    with {:ok, _} <- Ecto.UUID.dump(id) do
+    case Ecto.UUID.dump(id) do
+    {:ok, _} ->
       :ok
-    else
+    _ ->
+      {:error, "invalid params"}
+    end
+  end
+
+  def check_enrollment(%{assigns: %{account: %{role: :organizer}}} = conn, _), do: conn
+
+  def check_enrollment(conn, _) do
+    user_id = conn.assigns.account.uuid
+    course = conn.assigns.course
+
+    case is_nil(
+           course.enrollments
+           |> Enum.find(fn enrollment -> enrollment.user_id == user_id end)
+         ) do
+      false ->
+        conn
+
       _ ->
-        {:error, "invalid params"}
+        Web.FallbackController.call(conn, {:error, :forbidden}) |> halt()
     end
   end
 end