glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #381 from metamaps/dont.delete

Browse source 
mapper who wasn't creator of a topic or synapse should not be able to delete it
This commit is contained in:
Connor Turland 2015-01-29 22:25:21 -05:00
commit 84e03d5475
5 changed files with 59 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
app/assets/javascripts/src/Metamaps.js
View file

@ -2751,14 +2751,20 @@ Metamaps.Control = {
var node = Metamaps.Visualize.mGraph.graph.getNode(nodeid); var node = Metamaps.Visualize.mGraph.graph.getNode(nodeid);
var topic = node.getData('topic'); var topic = node.getData('topic');
var topicid = topic.id;
var mapping = node.getData('mapping'); var permToDelete = Metamaps.Active.Mapper.id === topic.get('user_id');
topic.destroy(); if (permToDelete) {
Metamaps.Mappings.remove(mapping); var topicid = topic.id;
$(document).trigger(Metamaps.JIT.events.deleteTopic, [{ var mapping = node.getData('mapping');
topicid: topicid topic.destroy();
}]); Metamaps.Mappings.remove(mapping);
Metamaps.Control.hideNode(nodeid); $(document).trigger(Metamaps.JIT.events.deleteTopic, [{
topicid: topicid
}]);
Metamaps.Control.hideNode(nodeid);
} else {
Metamaps.GlobalUI.notifyUser('Only topics you created can be deleted');
}
}, },
removeSelectedNodes: function () { // refers to removing topics permanently from a map removeSelectedNodes: function () { // refers to removing topics permanently from a map
@ -2910,27 +2916,33 @@ Metamaps.Control = {
return; return;
} }
if (edge.getData("synapses").length - 1 === 0) {
Metamaps.Control.hideEdge(edge);
}
var index = edge.getData("displayIndex") ? edge.getData("displayIndex") : 0; var index = edge.getData("displayIndex") ? edge.getData("displayIndex") : 0;
var synapse = edge.getData("synapses")[index]; var synapse = edge.getData("synapses")[index];
var mapping = edge.getData("mappings")[index]; var mapping = edge.getData("mappings")[index];
var synapseid = synapse.id;
synapse.destroy();
// the server will destroy the mapping, we just need to remove it here var permToDelete = Metamaps.Active.Mapper.id === synapse.get('user_id');
Metamaps.Mappings.remove(mapping); if (permToDelete) {
edge.getData("mappings").splice(index, 1); if (edge.getData("synapses").length - 1 === 0) {
edge.getData("synapses").splice(index, 1); Metamaps.Control.hideEdge(edge);
if (edge.getData("displayIndex")) { }
delete edge.data.$displayIndex;
var synapseid = synapse.id;
synapse.destroy();
// the server will destroy the mapping, we just need to remove it here
Metamaps.Mappings.remove(mapping);
edge.getData("mappings").splice(index, 1);
edge.getData("synapses").splice(index, 1);
if (edge.getData("displayIndex")) {
delete edge.data.$displayIndex;
}
$(document).trigger(Metamaps.JIT.events.deleteSynapse, [{
synapseid: synapseid
}]);
} else {
Metamaps.GlobalUI.notifyUser('Only synapses you created can be deleted');
} }
$(document).trigger(Metamaps.JIT.events.deleteSynapse, [{
synapseid: synapseid
}]);
}, },
removeSelectedEdges: function () { removeSelectedEdges: function () {
var l = Metamaps.Selected.Edges.length, var l = Metamaps.Selected.Edges.length,

14
app/controllers/synapses_controller.rb
View file

@ -49,17 +49,17 @@ class SynapsesController < ApplicationController
# DELETE synapses/:id # DELETE synapses/:id
def destroy def destroy
@current = current_user @current = current_user
@synapse = Synapse.find(params[:id]).authorize_to_edit(@current) @synapse = Synapse.find(params[:id]).authorize_to_delete(@current)
@synapse.mappings.each do |m| if @synapse
@synapse.mappings.each do |m|
m.map.touch(:updated_at)
m.delete
end
m.map.touch(:updated_at) @synapse.delete
m.delete
end end
@synapse.delete if @synapse
respond_to do |format| respond_to do |format|
format.json { head :no_content } format.json { head :no_content }
end end

4
app/controllers/topics_controller.rb
View file

@ -200,7 +200,7 @@ class TopicsController < ApplicationController
# DELETE topics/:id # DELETE topics/:id
def destroy def destroy
@current = current_user @current = current_user
@topic = Topic.find(params[:id]).authorize_to_edit(@current) @topic = Topic.find(params[:id]).authorize_to_delete(@current)
if @topic if @topic
@synapses = @topic.synapses @synapses = @topic.synapses
@ -230,7 +230,7 @@ class TopicsController < ApplicationController
end end
respond_to do |format| respond_to do |format|
format.js { render :json => "success" } format.json { head :no_content }
end end
end end
end end

7
app/models/synapse.rb
View file

@ -40,6 +40,13 @@ class Synapse < ActiveRecord::Base
return self return self
end end
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns Boolean if user allowed to view Topic, Synapse, or Map # returns Boolean if user allowed to view Topic, Synapse, or Map
def authorize_to_view(user) def authorize_to_view(user)
if (self.permission == "private" && self.user != user) if (self.permission == "private" && self.user != user)

7
app/models/topic.rb
View file

@ -111,6 +111,13 @@ class Topic < ActiveRecord::Base
return self return self
end end
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns Boolean if user allowed to view Topic, Synapse, or Map # returns Boolean if user allowed to view Topic, Synapse, or Map
def authorize_to_view(user) def authorize_to_view(user)
if (self.permission == "private" && self.user != user) if (self.permission == "private" && self.user != user)