diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index b7a33c00c..eed337571 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -1,6 +1,7 @@ class CommentsController < ApplicationController respond_to :html, :xml, :json - before_filter :member_only, :only => [:update, :create, :edit] + before_filter :member_only, :only => [:update, :create, :edit, :destroy] + rescue_from User::PrivilegeError, :with => "static/access_denied" def index if params[:group_by] == "post" @@ -18,6 +19,7 @@ class CommentsController < ApplicationController def update @comment = Comment.find(params[:id]) + check_privilege(@comment) @comment.update_attributes(params[:comment]) respond_with(@comment, :location => post_path(@comment.post_id)) end @@ -33,6 +35,7 @@ class CommentsController < ApplicationController def edit @comment = Comment.find(params[:id]) + check_privilege(@comment) respond_with(@comment) end @@ -43,6 +46,15 @@ class CommentsController < ApplicationController end end + def destroy + @comment = Comment.find(params[:id]) + check_privilege(@comment) + @comment.destroy + respond_with(@comment) do |format| + format.js + end + end + private def index_for_post @post = Post.find(params[:post_id]) @@ -65,4 +77,10 @@ private format.html {render :action => "index_by_comment"} end end + + def check_privilege(comment) + if !comment.editable_by?(CurrentUser.user) + raise User::PrivilegeError + end + end end diff --git a/app/models/comment.rb b/app/models/comment.rb index 6bd4f0c80..a974527fb 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -52,6 +52,10 @@ class Comment < ActiveRecord::Base def creator_name creator.name end + + def editable_by?(user) + creator_id == user.id || user.is_moderator? + end end Comment.connection.extend(PostgresExtensions) diff --git a/app/views/comments/destroy.js.erb b/app/views/comments/destroy.js.erb new file mode 100644 index 000000000..59cc3d88e --- /dev/null +++ b/app/views/comments/destroy.js.erb @@ -0,0 +1 @@ +$(".comment[data-comment-id=<%= @comment.id %>]").remove(); diff --git a/app/views/comments/partials/show/_comment.html.erb b/app/views/comments/partials/show/_comment.html.erb index 4dde9bf55..c60d7e894 100644 --- a/app/views/comments/partials/show/_comment.html.erb +++ b/app/views/comments/partials/show/_comment.html.erb @@ -11,8 +11,8 @@
  • <%= link_to "Reply", new_comment_path(:post_id => comment.post_id), :class => "reply-link", "data-comment-id" => comment.id %>
    • - <% if CurrentUser.user.is_janitor? || CurrentUser.user.id == comment.creator_id %> -
  • <%= link_to "Delete", comment_path(comment.id), :confirm => "Do you really want to delete this comment?", :method => :delete %>
    • + <% if comment.editable_by?(CurrentUser.user) %> +
  • <%= link_to "Delete", comment_path(comment.id), :confirm => "Do you really want to delete this comment?", :method => :delete, :remote => true %>
  • <%= link_to "Edit", edit_comment_path(comment.id) %>
    • <% end %>
  • <%= link_to "Vote up", comment_votes_path(:comment_id => comment.id, :score => "up"), :method => :post, :remote => true %>