mapper who doesn't own a topic or synapse should not be able to delete it.
This commit is contained in:
Connor Turland
parent
c61de991af
commit
a048c87356
|
|
@ -2751,14 +2751,18 @@ Metamaps.Control = {
|
||||||
|
|
||||||
var node = Metamaps.Visualize.mGraph.graph.getNode(nodeid);
|
var node = Metamaps.Visualize.mGraph.graph.getNode(nodeid);
|
||||||
var topic = node.getData('topic');
|
var topic = node.getData('topic');
|
||||||
var topicid = topic.id;
|
|
||||||
var mapping = node.getData('mapping');
|
var permToDelete = Metamaps.Active.Mapper.id === topic.get('user_id');
|
||||||
topic.destroy();
|
if (permToDelete) {
|
||||||
Metamaps.Mappings.remove(mapping);
|
var topicid = topic.id;
|
||||||
$(document).trigger(Metamaps.JIT.events.deleteTopic, [{
|
var mapping = node.getData('mapping');
|
||||||
topicid: topicid
|
topic.destroy();
|
||||||
}]);
|
Metamaps.Mappings.remove(mapping);
|
||||||
Metamaps.Control.hideNode(nodeid);
|
$(document).trigger(Metamaps.JIT.events.deleteTopic, [{
|
||||||
|
topicid: topicid
|
||||||
|
}]);
|
||||||
|
Metamaps.Control.hideNode(nodeid);
|
||||||
|
}
|
||||||
},
|
},
|
||||||
removeSelectedNodes: function () { // refers to removing topics permanently from a map
|
removeSelectedNodes: function () { // refers to removing topics permanently from a map
|
||||||
|
|
||||||
|
|
@ -2918,19 +2922,23 @@ Metamaps.Control = {
|
||||||
|
|
||||||
var synapse = edge.getData("synapses")[index];
|
var synapse = edge.getData("synapses")[index];
|
||||||
var mapping = edge.getData("mappings")[index];
|
var mapping = edge.getData("mappings")[index];
|
||||||
var synapseid = synapse.id;
|
|
||||||
synapse.destroy();
|
var permToDelete = Metamaps.Active.Mapper.id === synapse.get('user_id');
|
||||||
|
if (permToDelete) {
|
||||||
|
var synapseid = synapse.id;
|
||||||
|
synapse.destroy();
|
||||||
|
|
||||||
// the server will destroy the mapping, we just need to remove it here
|
// the server will destroy the mapping, we just need to remove it here
|
||||||
Metamaps.Mappings.remove(mapping);
|
Metamaps.Mappings.remove(mapping);
|
||||||
edge.getData("mappings").splice(index, 1);
|
edge.getData("mappings").splice(index, 1);
|
||||||
edge.getData("synapses").splice(index, 1);
|
edge.getData("synapses").splice(index, 1);
|
||||||
if (edge.getData("displayIndex")) {
|
if (edge.getData("displayIndex")) {
|
||||||
delete edge.data.$displayIndex;
|
delete edge.data.$displayIndex;
|
||||||
|
}
|
||||||
|
$(document).trigger(Metamaps.JIT.events.deleteSynapse, [{
|
||||||
|
synapseid: synapseid
|
||||||
|
}]);
|
||||||
}
|
}
|
||||||
$(document).trigger(Metamaps.JIT.events.deleteSynapse, [{
|
|
||||||
synapseid: synapseid
|
|
||||||
}]);
|
|
||||||
},
|
},
|
||||||
removeSelectedEdges: function () {
|
removeSelectedEdges: function () {
|
||||||
var l = Metamaps.Selected.Edges.length,
|
var l = Metamaps.Selected.Edges.length,
|
||||||
|
|
|
||||||
|
|
@ -49,16 +49,16 @@ class SynapsesController < ApplicationController
|
||||||
# DELETE synapses/:id
|
# DELETE synapses/:id
|
||||||
def destroy
|
def destroy
|
||||||
@current = current_user
|
@current = current_user
|
||||||
@synapse = Synapse.find(params[:id]).authorize_to_edit(@current)
|
@synapse = Synapse.find(params[:id]).authorize_to_delete(@current)
|
||||||
|
|
||||||
@synapse.mappings.each do |m|
|
if @synapse
|
||||||
|
@synapse.mappings.each do |m|
|
||||||
m.map.touch(:updated_at)
|
m.map.touch(:updated_at)
|
||||||
|
m.delete
|
||||||
m.delete
|
end
|
||||||
|
|
||||||
|
@synapse.delete
|
||||||
end
|
end
|
||||||
|
|
||||||
@synapse.delete if @synapse
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.json { head :no_content }
|
format.json { head :no_content }
|
||||||
|
|
|
||||||
|
|
@ -200,7 +200,7 @@ class TopicsController < ApplicationController
|
||||||
# DELETE topics/:id
|
# DELETE topics/:id
|
||||||
def destroy
|
def destroy
|
||||||
@current = current_user
|
@current = current_user
|
||||||
@topic = Topic.find(params[:id]).authorize_to_edit(@current)
|
@topic = Topic.find(params[:id]).authorize_to_delete(@current)
|
||||||
|
|
||||||
if @topic
|
if @topic
|
||||||
@synapses = @topic.synapses
|
@synapses = @topic.synapses
|
||||||
|
|
@ -230,7 +230,7 @@ class TopicsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.js { render :json => "success" }
|
format.json { head :no_content }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,13 @@ class Synapse < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
return self
|
return self
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def authorize_to_delete(user)
|
||||||
|
if (self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
||||||
def authorize_to_view(user)
|
def authorize_to_view(user)
|
||||||
|
|
|
||||||
|
|
@ -110,6 +110,13 @@ class Topic < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
return self
|
return self
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def authorize_to_delete(user)
|
||||||
|
if (self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
# returns Boolean if user allowed to view Topic, Synapse, or Map
|
||||||
def authorize_to_view(user)
|
def authorize_to_view(user)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue