add authorize to delete to controller, fix private map message, fix new map css issue

This commit is contained in:
Connor Turland 2014-10-27 13:26:24 -04:00
parent f58db49bc1
commit acfd55a258
3 changed files with 23 additions and 8 deletions

View file

@ -2297,7 +2297,7 @@ and it won't be important on password protected instances */
#newmap_co:hover, #newmap_co.selected { #newmap_co:hover, #newmap_co.selected {
background-position: 0 -64px; background-position: 0 -64px;
} }
#newmap_pu:hover, #newmap_co.selected { #newmap_pu:hover, #newmap_pu.selected {
background-position: -64px -64px; background-position: -64px -64px;
} }
#newmap_pr:hover, #newmap_pr.selected { #newmap_pr:hover, #newmap_pr.selected {

View file

@ -208,8 +208,9 @@ class MapsController < ApplicationController
def destroy def destroy
@current = current_user @current = current_user
@map = Map.find(params[:id]) @map = Map.find(params[:id]).authorize_to_delete(@current)
if @map
@mappings = @map.mappings @mappings = @map.mappings
@mappings.each do |mapping| @mappings.each do |mapping|
@ -217,9 +218,16 @@ class MapsController < ApplicationController
end end
@map.delete @map.delete
end
respond_to do |format| respond_to do |format|
format.html { redirect_to "/maps/mappers/" + @current.id.to_s, notice: "Map deleted." } format.json {
if @map
render json: "success"
else
render json: "unauthorized"
end
}
end end
end end
end end

View file

@ -86,6 +86,13 @@ class Map < ActiveRecord::Base
##### PERMISSIONS ###### ##### PERMISSIONS ######
def authorize_to_delete(user)
if (self.user != user)
return false
end
return self
end
# returns false if user not allowed to 'show' Topic, Synapse, or Map # returns false if user not allowed to 'show' Topic, Synapse, or Map
def authorize_to_show(user) def authorize_to_show(user)
if (self.permission == "private" && self.user != user) if (self.permission == "private" && self.user != user)