Fixes #19: Unable to delete my comments

2011-09-14 12:52:49 -04:00
parent e578be0111
commit 1c8a893450
4 changed files with 26 additions and 3 deletions
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,6 +1,7 @@
 class CommentsController < ApplicationController
  respond_to :html, :xml, :json
-  before_filter :member_only, :only => [:update, :create, :edit]
+  before_filter :member_only, :only => [:update, :create, :edit, :destroy]
+  rescue_from User::PrivilegeError, :with => "static/access_denied"

  def index
    if params[:group_by] == "post"
@@ -18,6 +19,7 @@ class CommentsController < ApplicationController
  
  def update
    @comment = Comment.find(params[:id])
+    check_privilege(@comment)
    @comment.update_attributes(params[:comment])
    respond_with(@comment, :location => post_path(@comment.post_id))
  end
@@ -33,6 +35,7 @@ class CommentsController < ApplicationController
  
  def edit
    @comment = Comment.find(params[:id])
+    check_privilege(@comment)
    respond_with(@comment)
  end
  
@@ -43,6 +46,15 @@ class CommentsController < ApplicationController
    end
  end
  
+  def destroy
+    @comment = Comment.find(params[:id])
+    check_privilege(@comment)
+    @comment.destroy
+    respond_with(@comment) do |format|
+      format.js
+    end
+  end
+  
 private
  def index_for_post
    @post = Post.find(params[:post_id])
@@ -65,4 +77,10 @@ private
      format.html {render :action => "index_by_comment"}
    end
  end
+  
+  def check_privilege(comment)
+    if !comment.editable_by?(CurrentUser.user)
+      raise User::PrivilegeError
+    end
+  end
 end
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -52,6 +52,10 @@ class Comment < ActiveRecord::Base
  def creator_name
    creator.name
  end
+  
+  def editable_by?(user)
+    creator_id == user.id || user.is_moderator?
+  end
 end

 Comment.connection.extend(PostgresExtensions)
--- a/app/views/comments/destroy.js.erb
+++ b/app/views/comments/destroy.js.erb
@@ -0,0 +1 @@
+$(".comment[data-comment-id=<%= @comment.id %>]").remove();
--- a/app/views/comments/partials/show/_comment.html.erb
+++ b/app/views/comments/partials/show/_comment.html.erb
@@ -11,8 +11,8 @@
    </div>
    <menu> 
      <li><%= link_to "Reply", new_comment_path(:post_id => comment.post_id), :class => "reply-link", "data-comment-id" => comment.id %></li>
-      <% if CurrentUser.user.is_janitor? || CurrentUser.user.id == comment.creator_id %>
-        <li><%= link_to "Delete", comment_path(comment.id), :confirm => "Do you really want to delete this comment?", :method => :delete %></li>
+      <% if comment.editable_by?(CurrentUser.user) %>
+        <li><%= link_to "Delete", comment_path(comment.id), :confirm => "Do you really want to delete this comment?", :method => :delete, :remote => true %></li>
        <li><%= link_to "Edit", edit_comment_path(comment.id) %></li>
      <% end %>
      <li><%= link_to "Vote up", comment_votes_path(:comment_id => comment.id, :score => "up"), :method => :post, :remote => true %></li>
				`@@ -0,0 +1 @@`
				`$(".comment[data-comment-id=<%= @comment.id %>]").remove();`