diff options
| author | Dennis Eriksen <dennis.se@gmail.com> | 2013-05-24 16:11:09 +0200 |
|---|---|---|
| committer | Dennis Eriksen <dennis.se@gmail.com> | 2013-05-24 16:11:09 +0200 |
| commit | 4cec8e5d2e520218725a506b5f6532e3e0aa0e2b (patch) | |
| tree | 1f206662ed2cc3d112cc14b6d39c9c3d03d1c8e9 | |
| parent | don't get som many fields.. faster loading (diff) | |
| download | Divid-4cec8e5d2e520218725a506b5f6532e3e0aa0e2b.tar.gz | |
added delete post option
| -rw-r--r-- | controllers/system.js | 35 | ||||
| -rw-r--r-- | routes.js | 3 | ||||
| -rw-r--r-- | views/project.ejs | 15 |
3 files changed, 46 insertions, 7 deletions
diff --git a/controllers/system.js b/controllers/system.js index 6432062..eaafefa 100644 --- a/controllers/system.js +++ b/controllers/system.js @@ -143,15 +143,26 @@ exports.project = function(req, res) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); Access.loadProject(project._id, function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + access.forEach(function(a) { + if (String(a.user._id) === String(req.user._id)) req.user.permissions = a.permissions; + }); pPost.loadProject(project._id, function(err, posts) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - res.render('project', { title: project.name, user: req.user, req: req, project: project, access: access, posts: posts }); + res.render('project', { + title: project.name + , user: req.user + , req: req + , project: project + , access: access + , posts: posts + }); }); }); }); } + exports.projectParticipants = function(req, res) { if (req.user.status < 3) { console.log(req.header('Referer')); @@ -255,3 +266,25 @@ exports.postNewProject = function(req, res) { } + +exports.deleteProjectPost = function(req, res) { + Project.findOne({ shortURL: req.params.short }).select('_id').exec(function(err, project) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + Access.findOne({project: project._id, user: req.user._id}, function(err, access) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + if (!access) return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); + pPost.load(req.params.post, function(err, post) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + if (post.user._id === req.user._id || access.permissions >= 6) { + pPost.remove({ _id: post._id }, function(err) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + console.log('deleted post ' + post._id); + return res.redirect('back'); + }) + } else { return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); } + }) + }) + }); +} + + @@ -75,4 +75,7 @@ module.exports = function(app, passport, auth) { app.get('/project/:short/participants', auth.requiresLogin, system.projectParticipants); app.post('/project/:short/participants', auth.requiresLogin, users.postProjectParticipants); // goes to the usercontroller because participants are users + + app.get('/project/:short/delete/:post', auth.requiresLogin, system.deleteProjectPost); + }; diff --git a/views/project.ejs b/views/project.ejs index caa6fd2..b4db87b 100644 --- a/views/project.ejs +++ b/views/project.ejs @@ -36,12 +36,12 @@ <% access.forEach(function(participants) { %> <%- participants.user.name %><% if (participants.permissions >= 6) { %> <span class="muted">(<%= participants.permissions === 9 ? 'eier' : 'admin' %>)</span><% } %><br> <% }); %> - <small><a href="/project/<%= req.params.short %>/participants">Legg til flere deltakere</a></small> + <small><a href="/project/<%= project.shortURL %>/participants">Legg til flere deltakere</a></small> </div> </div> <div class="row-fluid"> <div class="span10 offset2"> - <a class="btn btn-large" href="/project/<%= req.params.short %>/post">Før utgift</a> + <a class="btn btn-large" href="/project/<%= project.shortURL %>/post">Før utgift</a> </div> </div> </div><!-- /div.span6 --> @@ -142,11 +142,14 @@ </div> </div> </div> - <div class="span2"> - <div class="row-fluid info"> - <a href="#edit">[edit]</a> + <% if (String(post.user._id) === String(req.user._id) || req.user.permissions >= 6) { %> + <div class="span1"> + <small><a href="/project/<%= project.shortURL %>/edit/<%= post._id %>">[edit]</a></small> </div> - </div> + <div class="span1"> + <small><a href="/project/<%= project.shortURL %>/delete/<%= post._id %>">[delete]</a></small> + </div> + <% } %> </div> </div> |