From cd89f886d5292fcac2cfc905f4bc5e53712f8739 Mon Sep 17 00:00:00 2001
From: nguyenquockhang1610 <nguyenquockhang1610@users.noreply.github.com>
Date: Tue, 12 May 2026 15:04:53 +0700
Subject: [PATCH] fix: hide Edit Amount and Delete buttons for unauthorized
 users

The Edit Amount and Delete buttons on the org bounties page were
visible to all logged-in users, even though the backend correctly
rejects unauthorized actions. Now the buttons are only rendered
when current_user_role is :admin or :mod.

Fixes #238
---
 lib/algora_web/live/org/bounties_live.ex | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/algora_web/live/org/bounties_live.ex b/lib/algora_web/live/org/bounties_live.ex
index 9dccffbd2..fd511174a 100644
--- a/lib/algora_web/live/org/bounties_live.ex
+++ b/lib/algora_web/live/org/bounties_live.ex
@@ -220,6 +220,7 @@ defmodule AlgoraWeb.Org.BountiesLive do
                       <% end %>
                     </td>
                     <td class="[&:has([role=checkbox])]:pr-0 p-4 align-middle">
+                      <%= if @current_user_role in [:admin, :mod] do %>
                       <div class="flex items-center justify-end gap-2">
                         <.button
                           phx-click="edit-bounty-amount"
@@ -238,6 +239,7 @@ defmodule AlgoraWeb.Org.BountiesLive do
                           Delete
                         </.button>
                       </div>
+                      <% end %>
                     </td>
                   </tr>
                   <%= if MapSet.member?(@expanded_bounties, bounty.id) do %>