add authorize to delete to controller, fix private map message, fix new map css issue

2014-10-27 13:26:24 -04:00 · 2014-10-27 13:26:24 -04:00 · acfd55a258
parent f58db49bc1
commit acfd55a258
3 changed files with 23 additions and 8 deletions
--- a/app/assets/stylesheets/application.css
+++ b/app/assets/stylesheets/application.css
@ -2297,7 +2297,7 @@ and it won't be important on password protected instances */
 #newmap_co:hover, #newmap_co.selected {
    background-position: 0 -64px;
 }
-#newmap_pu:hover, #newmap_co.selected {
+#newmap_pu:hover, #newmap_pu.selected {
    background-position: -64px -64px;
 }
 #newmap_pr:hover, #newmap_pr.selected {
--- a/app/controllers/maps_controller.rb
+++ b/app/controllers/maps_controller.rb
@ -208,18 +208,26 @@ class MapsController < ApplicationController
    def destroy
        @current = current_user

-        @map = Map.find(params[:id])
+        @map = Map.find(params[:id]).authorize_to_delete(@current)

-        @mappings = @map.mappings
+        if @map 
+            @mappings = @map.mappings

-        @mappings.each do |mapping| 
-            mapping.delete
+            @mappings.each do |mapping| 
+                mapping.delete
+            end
+
+            @map.delete
        end

-        @map.delete
-
        respond_to do |format|
-            format.html { redirect_to "/maps/mappers/" + @current.id.to_s, notice: "Map deleted." }
+            format.json { 
+                if @map
+                    render json: "success"
+                else
+                    render json: "unauthorized"
+                end
+            }
        end
    end
 end
--- a/app/models/map.rb
+++ b/app/models/map.rb
@ -86,6 +86,13 @@ class Map < ActiveRecord::Base

  ##### PERMISSIONS ######
  
+  def authorize_to_delete(user)
+    if (self.user != user)
+      return false
+    end
+    return self
+  end
+
  # returns false if user not allowed to 'show' Topic, Synapse, or Map
  def authorize_to_show(user)
    if (self.permission == "private" && self.user != user)