3 files changed, 46 insertions, 7 deletions

diff --git a/controllers/system.js b/controllers/system.js
index 6432062..eaafefa 100644
--- a/controllers/system.js
+++ b/controllers/system.js
@@ -143,15 +143,26 @@ exports.project = function(req, res) {
         if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
         Access.loadProject(project._id, function(err, access) {
             if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+            access.forEach(function(a) {
+                if (String(a.user._id) === String(req.user._id)) req.user.permissions = a.permissions;
+            });
             pPost.loadProject(project._id, function(err, posts) {
                 if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
-                res.render('project', { title: project.name, user: req.user, req: req, project: project, access: access, posts: posts });
+                res.render('project', {
+                    title: project.name
+                  , user: req.user
+                  , req: req
+                  , project: project
+                  , access: access
+                  , posts: posts
+                });
             });
         });
 
     });
 }
 
+
 exports.projectParticipants = function(req, res) {
     if (req.user.status < 3) {
         console.log(req.header('Referer'));
@@ -255,3 +266,25 @@ exports.postNewProject = function(req, res) {
 
 }
 
+
+exports.deleteProjectPost = function(req, res) {
+    Project.findOne({ shortURL: req.params.short }).select('_id').exec(function(err, project) {
+        if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+        Access.findOne({project: project._id, user: req.user._id}, function(err, access) {
+            if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+            if (!access) return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' });
+            pPost.load(req.params.post, function(err, post) {
+                if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+                if (post.user._id === req.user._id || access.permissions >= 6) {
+                    pPost.remove({ _id: post._id }, function(err) {
+                        if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+                        console.log('deleted post ' + post._id);
+                        return res.redirect('back');
+                    })
+                } else { return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); }
+            })
+        })
+    });
+}
+
+
diff --git a/routes.js b/routes.js
index 1717766..e535206 100644
--- a/routes.js
+++ b/routes.js
@@ -75,4 +75,7 @@ module.exports = function(app, passport, auth) {
     app.get('/project/:short/participants', auth.requiresLogin, system.projectParticipants);
 
     app.post('/project/:short/participants', auth.requiresLogin, users.postProjectParticipants); // goes to the usercontroller because participants are users
+
+    app.get('/project/:short/delete/:post', auth.requiresLogin, system.deleteProjectPost);
+
 };
diff --git a/views/project.ejs b/views/project.ejs
index caa6fd2..b4db87b 100644
--- a/views/project.ejs
+++ b/views/project.ejs
@@ -36,12 +36,12 @@
                     <% access.forEach(function(participants) { %>
                         <%- participants.user.name %><% if (participants.permissions >= 6) { %> <span class="muted">(<%= participants.permissions === 9 ? 'eier' : 'admin' %>)</span><% } %><br>
                     <% }); %>
-                    <small><a href="/project/<%= req.params.short %>/participants">Legg til flere deltakere</a></small>
+                    <small><a href="/project/<%= project.shortURL %>/participants">Legg til flere deltakere</a></small>
                 </div>
             </div>
             <div class="row-fluid">
                 <div class="span10 offset2">
-                    <a class="btn btn-large" href="/project/<%= req.params.short %>/post">Før utgift</a>
+                    <a class="btn btn-large" href="/project/<%= project.shortURL %>/post">Før utgift</a>
                 </div>
             </div>
         </div><!-- /div.span6 -->
@@ -142,11 +142,14 @@
                                         </div>
                                     </div>
                                 </div>
-                                <div class="span2">
-                                    <div class="row-fluid info">
-                                        <a href="#edit">[edit]</a>
+                                <% if (String(post.user._id) === String(req.user._id) || req.user.permissions >= 6) { %>
+                                    <div class="span1">
+                                        <small><a href="/project/<%= project.shortURL %>/edit/<%= post._id %>">[edit]</a></small>
                                     </div>
-                                </div>
+                                    <div class="span1">
+                                        <small><a href="/project/<%= project.shortURL %>/delete/<%= post._id %>">[delete]</a></small>
+                                    </div>
+                                <% } %>
                             </div>
                         </div>