diff options
Diffstat (limited to 'controllers/system.js')
-rw-r--r-- | controllers/system.js | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/controllers/system.js b/controllers/system.js index 6432062..eaafefa 100644 --- a/controllers/system.js +++ b/controllers/system.js @@ -143,15 +143,26 @@ exports.project = function(req, res) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); Access.loadProject(project._id, function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + access.forEach(function(a) { + if (String(a.user._id) === String(req.user._id)) req.user.permissions = a.permissions; + }); pPost.loadProject(project._id, function(err, posts) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - res.render('project', { title: project.name, user: req.user, req: req, project: project, access: access, posts: posts }); + res.render('project', { + title: project.name + , user: req.user + , req: req + , project: project + , access: access + , posts: posts + }); }); }); }); } + exports.projectParticipants = function(req, res) { if (req.user.status < 3) { console.log(req.header('Referer')); @@ -255,3 +266,25 @@ exports.postNewProject = function(req, res) { } + +exports.deleteProjectPost = function(req, res) { + Project.findOne({ shortURL: req.params.short }).select('_id').exec(function(err, project) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + Access.findOne({project: project._id, user: req.user._id}, function(err, access) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + if (!access) return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); + pPost.load(req.params.post, function(err, post) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + if (post.user._id === req.user._id || access.permissions >= 6) { + pPost.remove({ _id: post._id }, function(err) { + if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + console.log('deleted post ' + post._id); + return res.redirect('back'); + }) + } else { return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); } + }) + }) + }); +} + + |