From a7f23e2e40a726da82829b64079f401ea638bef1 Mon Sep 17 00:00:00 2001
From: xh-stack <xh17358536114@gmail.com>
Date: Wed, 13 May 2026 17:27:11 +0800
Subject: [PATCH 1/2] Hide bounty management actions from unauthorized users

---
 lib/algora_web/live/org/bounties_live.ex | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/lib/algora_web/live/org/bounties_live.ex b/lib/algora_web/live/org/bounties_live.ex
index 9dccffbd2..6de0d8a02 100644
--- a/lib/algora_web/live/org/bounties_live.ex
+++ b/lib/algora_web/live/org/bounties_live.ex
@@ -26,6 +26,8 @@ defmodule AlgoraWeb.Org.BountiesLive do
     |> Algora.Validations.validate_money_positive(:amount)
   end
 
+  defp can_manage_bounties?(role), do: role in [:admin, :mod]
+
   def mount(_params, _session, socket) do
     {:ok,
      socket
@@ -219,7 +221,10 @@ defmodule AlgoraWeb.Org.BountiesLive do
                         </div>
                       <% end %>
                     </td>
-                    <td class="[&:has([role=checkbox])]:pr-0 p-4 align-middle">
+                    <td
+                      :if={can_manage_bounties?(@current_user_role)}
+                      class="[&:has([role=checkbox])]:pr-0 p-4 align-middle"
+                    >
                       <div class="flex items-center justify-end gap-2">
                         <.button
                           phx-click="edit-bounty-amount"
@@ -363,7 +368,12 @@ defmodule AlgoraWeb.Org.BountiesLive do
     </div>
 
     <!-- Edit Amount Drawer -->
-    <.drawer show={@show_edit_modal} direction="right" on_cancel="cancel-edit">
+    <.drawer
+      :if={can_manage_bounties?(@current_user_role)}
+      show={@show_edit_modal}
+      direction="right"
+      on_cancel="cancel-edit"
+    >
       <.drawer_header>
         <.drawer_title>Edit Bounty Amount</.drawer_title>
         <.drawer_description>
@@ -415,7 +425,7 @@ defmodule AlgoraWeb.Org.BountiesLive do
 
   def handle_event("delete-bounty", %{"id" => bounty_id}, socket) do
     cond do
-      socket.assigns.current_user_role in [:admin, :mod] ->
+      can_manage_bounties?(socket.assigns.current_user_role) ->
         bounty =
           Bounty
           |> Repo.get(bounty_id)
@@ -475,7 +485,7 @@ defmodule AlgoraWeb.Org.BountiesLive do
 
   def handle_event("edit-bounty-amount", %{"id" => bounty_id}, socket) do
     cond do
-      socket.assigns.current_user_role in [:admin, :mod] ->
+      can_manage_bounties?(socket.assigns.current_user_role) ->
         [bounty] = Bounties.list_bounties(id: bounty_id)
         changeset = edit_amount_changeset(%{amount: bounty.amount})
 
@@ -706,4 +716,4 @@ defmodule AlgoraWeb.Org.BountiesLive do
 
     assign(socket, :bounty_rows, to_bounty_rows(bounties))
   end
-end
+end
\ No newline at end of file

From 781c534f353b7321318494aa72fd6902d6cd1dba Mon Sep 17 00:00:00 2001
From: xh-stack <xh17358536114@gmail.com>
Date: Wed, 13 May 2026 17:34:31 +0800
Subject: [PATCH 2/2] Ensure bounty live view ends with newline

---
 lib/algora_web/live/org/bounties_live.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/algora_web/live/org/bounties_live.ex b/lib/algora_web/live/org/bounties_live.ex
index 6de0d8a02..ad0589a72 100644
--- a/lib/algora_web/live/org/bounties_live.ex
+++ b/lib/algora_web/live/org/bounties_live.ex
@@ -716,4 +716,4 @@ defmodule AlgoraWeb.Org.BountiesLive do
 
     assign(socket, :bounty_rows, to_bounty_rows(bounties))
   end
-end
\ No newline at end of file
+end