Fixes #19: Unable to delete my comments

app/controllers/comments_controller.rb

@@ -1,6 +1,7 @@
 class CommentsController < ApplicationController
   respond_to :html, :xml, :json
-  before_filter :member_only, :only => [:update, :create, :edit]
+  before_filter :member_only, :only => [:update, :create, :edit, :destroy]
+  rescue_from User::PrivilegeError, :with => "static/access_denied"
 
   def index
     if params[:group_by] == "post"
@@ -18,6 +19,7 @@ class CommentsController < ApplicationController
   
   def update
     @comment = Comment.find(params[:id])
+    check_privilege(@comment)
     @comment.update_attributes(params[:comment])
     respond_with(@comment, :location => post_path(@comment.post_id))
   end
@@ -33,6 +35,7 @@ class CommentsController < ApplicationController
   
   def edit
     @comment = Comment.find(params[:id])
+    check_privilege(@comment)
     respond_with(@comment)
   end
   
@@ -43,6 +46,15 @@ class CommentsController < ApplicationController
     end
   end
   
+  def destroy
+    @comment = Comment.find(params[:id])
+    check_privilege(@comment)
+    @comment.destroy
+    respond_with(@comment) do |format|
+      format.js
+    end
+  end
+  
 private
   def index_for_post
     @post = Post.find(params[:post_id])
@@ -65,4 +77,10 @@ private
       format.html {render :action => "index_by_comment"}
     end
   end
+  
+  def check_privilege(comment)
+    if !comment.editable_by?(CurrentUser.user)
+      raise User::PrivilegeError
+    end
+  end
 end