glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

mapper who doesn't own a topic or synapse should not be able to delete it.

Browse source
This commit is contained in:
Connor Turland 2015-01-28 22:35:03 -05:00
parent c61de991af
commit a048c87356
5 changed files with 51 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
app/assets/javascripts/src/Metamaps.js
View file

@ -2751,14 +2751,18 @@ Metamaps.Control = {
var node = Metamaps.Visualize.mGraph.graph.getNode(nodeid);
var topic = node.getData('topic');
var topicid = topic.id;
var mapping = node.getData('mapping');
topic.destroy();
Metamaps.Mappings.remove(mapping);
$(document).trigger(Metamaps.JIT.events.deleteTopic, [{
topicid: topicid
}]);
Metamaps.Control.hideNode(nodeid);
var permToDelete = Metamaps.Active.Mapper.id === topic.get('user_id');
if (permToDelete) {
var topicid = topic.id;
var mapping = node.getData('mapping');
topic.destroy();
Metamaps.Mappings.remove(mapping);
$(document).trigger(Metamaps.JIT.events.deleteTopic, [{
topicid: topicid
}]);
Metamaps.Control.hideNode(nodeid);
}
},
removeSelectedNodes: function () { // refers to removing topics permanently from a map
@ -2918,19 +2922,23 @@ Metamaps.Control = {
var synapse = edge.getData("synapses")[index];
var mapping = edge.getData("mappings")[index];
var synapseid = synapse.id;
synapse.destroy();
var permToDelete = Metamaps.Active.Mapper.id === synapse.get('user_id');
if (permToDelete) {
var synapseid = synapse.id;
synapse.destroy();
// the server will destroy the mapping, we just need to remove it here
Metamaps.Mappings.remove(mapping);
edge.getData("mappings").splice(index, 1);
edge.getData("synapses").splice(index, 1);
if (edge.getData("displayIndex")) {
delete edge.data.$displayIndex;
// the server will destroy the mapping, we just need to remove it here
Metamaps.Mappings.remove(mapping);
edge.getData("mappings").splice(index, 1);
edge.getData("synapses").splice(index, 1);
if (edge.getData("displayIndex")) {
delete edge.data.$displayIndex;
}
$(document).trigger(Metamaps.JIT.events.deleteSynapse, [{
synapseid: synapseid
}]);
}
$(document).trigger(Metamaps.JIT.events.deleteSynapse, [{
synapseid: synapseid
}]);
},
removeSelectedEdges: function () {
var l = Metamaps.Selected.Edges.length,

16
app/controllers/synapses_controller.rb
View file

@ -49,16 +49,16 @@ class SynapsesController < ApplicationController
# DELETE synapses/:id
def destroy
@current = current_user
@synapse = Synapse.find(params[:id]).authorize_to_edit(@current)
@synapse = Synapse.find(params[:id]).authorize_to_delete(@current)
@synapse.mappings.each do |m|
m.map.touch(:updated_at)
m.delete
if @synapse
@synapse.mappings.each do |m|
m.map.touch(:updated_at)
m.delete
end
@synapse.delete
end
@synapse.delete if @synapse
respond_to do |format|
format.json { head :no_content }

4
app/controllers/topics_controller.rb
View file

@ -200,7 +200,7 @@ class TopicsController < ApplicationController
# DELETE topics/:id
def destroy
@current = current_user
@topic = Topic.find(params[:id]).authorize_to_edit(@current)
@topic = Topic.find(params[:id]).authorize_to_delete(@current)
if @topic
@synapses = @topic.synapses
@ -230,7 +230,7 @@ class TopicsController < ApplicationController
end
respond_to do |format|
format.js { render :json => "success" }
format.json { head :no_content }
end
end
end

7
app/models/synapse.rb
View file

@ -39,6 +39,13 @@ class Synapse < ActiveRecord::Base
end
return self
end
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns Boolean if user allowed to view Topic, Synapse, or Map
def authorize_to_view(user)

7
app/models/topic.rb
View file

@ -110,6 +110,13 @@ class Topic < ActiveRecord::Base
end
return self
end
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns Boolean if user allowed to view Topic, Synapse, or Map
def authorize_to_view(user)