add authorize to delete to controller, fix private map message, fix new map css issue
This commit is contained in:
parent
f58db49bc1
commit
acfd55a258
3 changed files with 23 additions and 8 deletions
|
@ -2297,7 +2297,7 @@ and it won't be important on password protected instances */
|
||||||
#newmap_co:hover, #newmap_co.selected {
|
#newmap_co:hover, #newmap_co.selected {
|
||||||
background-position: 0 -64px;
|
background-position: 0 -64px;
|
||||||
}
|
}
|
||||||
#newmap_pu:hover, #newmap_co.selected {
|
#newmap_pu:hover, #newmap_pu.selected {
|
||||||
background-position: -64px -64px;
|
background-position: -64px -64px;
|
||||||
}
|
}
|
||||||
#newmap_pr:hover, #newmap_pr.selected {
|
#newmap_pr:hover, #newmap_pr.selected {
|
||||||
|
|
|
@ -208,18 +208,26 @@ class MapsController < ApplicationController
|
||||||
def destroy
|
def destroy
|
||||||
@current = current_user
|
@current = current_user
|
||||||
|
|
||||||
@map = Map.find(params[:id])
|
@map = Map.find(params[:id]).authorize_to_delete(@current)
|
||||||
|
|
||||||
@mappings = @map.mappings
|
if @map
|
||||||
|
@mappings = @map.mappings
|
||||||
|
|
||||||
@mappings.each do |mapping|
|
@mappings.each do |mapping|
|
||||||
mapping.delete
|
mapping.delete
|
||||||
|
end
|
||||||
|
|
||||||
|
@map.delete
|
||||||
end
|
end
|
||||||
|
|
||||||
@map.delete
|
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { redirect_to "/maps/mappers/" + @current.id.to_s, notice: "Map deleted." }
|
format.json {
|
||||||
|
if @map
|
||||||
|
render json: "success"
|
||||||
|
else
|
||||||
|
render json: "unauthorized"
|
||||||
|
end
|
||||||
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -86,6 +86,13 @@ class Map < ActiveRecord::Base
|
||||||
|
|
||||||
##### PERMISSIONS ######
|
##### PERMISSIONS ######
|
||||||
|
|
||||||
|
def authorize_to_delete(user)
|
||||||
|
if (self.user != user)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return self
|
||||||
|
end
|
||||||
|
|
||||||
# returns false if user not allowed to 'show' Topic, Synapse, or Map
|
# returns false if user not allowed to 'show' Topic, Synapse, or Map
|
||||||
def authorize_to_show(user)
|
def authorize_to_show(user)
|
||||||
if (self.permission == "private" && self.user != user)
|
if (self.permission == "private" && self.user != user)
|
||||||
|
|
Loading…
Reference in a new issue