aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
-rw-r--r--controllers/system.js35
-rw-r--r--routes.js3
-rw-r--r--views/project.ejs15
3 files changed, 46 insertions, 7 deletions
diff --git a/controllers/system.js b/controllers/system.js
index 6432062..eaafefa 100644
--- a/controllers/system.js
+++ b/controllers/system.js
@@ -143,15 +143,26 @@ exports.project = function(req, res) {
if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
Access.loadProject(project._id, function(err, access) {
if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ access.forEach(function(a) {
+ if (String(a.user._id) === String(req.user._id)) req.user.permissions = a.permissions;
+ });
pPost.loadProject(project._id, function(err, posts) {
if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
- res.render('project', { title: project.name, user: req.user, req: req, project: project, access: access, posts: posts });
+ res.render('project', {
+ title: project.name
+ , user: req.user
+ , req: req
+ , project: project
+ , access: access
+ , posts: posts
+ });
});
});
});
}
+
exports.projectParticipants = function(req, res) {
if (req.user.status < 3) {
console.log(req.header('Referer'));
@@ -255,3 +266,25 @@ exports.postNewProject = function(req, res) {
}
+
+exports.deleteProjectPost = function(req, res) {
+ Project.findOne({ shortURL: req.params.short }).select('_id').exec(function(err, project) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ Access.findOne({project: project._id, user: req.user._id}, function(err, access) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ if (!access) return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' });
+ pPost.load(req.params.post, function(err, post) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ if (post.user._id === req.user._id || access.permissions >= 6) {
+ pPost.remove({ _id: post._id }, function(err) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ console.log('deleted post ' + post._id);
+ return res.redirect('back');
+ })
+ } else { return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); }
+ })
+ })
+ });
+}
+
+
diff --git a/routes.js b/routes.js
index 1717766..e535206 100644
--- a/routes.js
+++ b/routes.js
@@ -75,4 +75,7 @@ module.exports = function(app, passport, auth) {
app.get('/project/:short/participants', auth.requiresLogin, system.projectParticipants);
app.post('/project/:short/participants', auth.requiresLogin, users.postProjectParticipants); // goes to the usercontroller because participants are users
+
+ app.get('/project/:short/delete/:post', auth.requiresLogin, system.deleteProjectPost);
+
};
diff --git a/views/project.ejs b/views/project.ejs
index caa6fd2..b4db87b 100644
--- a/views/project.ejs
+++ b/views/project.ejs
@@ -36,12 +36,12 @@
<% access.forEach(function(participants) { %>
<%- participants.user.name %><% if (participants.permissions >= 6) { %> <span class="muted">(<%= participants.permissions === 9 ? 'eier' : 'admin' %>)</span><% } %><br>
<% }); %>
- <small><a href="/project/<%= req.params.short %>/participants">Legg til flere deltakere</a></small>
+ <small><a href="/project/<%= project.shortURL %>/participants">Legg til flere deltakere</a></small>
</div>
</div>
<div class="row-fluid">
<div class="span10 offset2">
- <a class="btn btn-large" href="/project/<%= req.params.short %>/post">Før utgift</a>
+ <a class="btn btn-large" href="/project/<%= project.shortURL %>/post">Før utgift</a>
</div>
</div>
</div><!-- /div.span6 -->
@@ -142,11 +142,14 @@
</div>
</div>
</div>
- <div class="span2">
- <div class="row-fluid info">
- <a href="#edit">[edit]</a>
+ <% if (String(post.user._id) === String(req.user._id) || req.user.permissions >= 6) { %>
+ <div class="span1">
+ <small><a href="/project/<%= project.shortURL %>/edit/<%= post._id %>">[edit]</a></small>
</div>
- </div>
+ <div class="span1">
+ <small><a href="/project/<%= project.shortURL %>/delete/<%= post._id %>">[delete]</a></small>
+ </div>
+ <% } %>
</div>
</div>