Permalink
Browse files

add user verification for editing/deleting acts and venues

  • Loading branch information...
michaelsimon committed Apr 9, 2016
1 parent ad2c0c1 commit 2a30f98eae588e4c59764d04038c56e90b28ebff
View
@@ -37,7 +37,7 @@ GEM
rack
rack-test (0.6.3)
rack (>= 1.0)
rake (11.1.1)
rake (11.1.2)
require_all (1.3.3)
ripl (0.7.1)
bond (~> 0.5.1)
@@ -22,7 +22,12 @@ class ActsController < ApplicationController
get '/acts/:slug/edit/?', :auth => :user_id do
@act = Act.find_by_slug(params[:slug])
if @act
erb :"acts/edit"
if @act.user_id == session[:user_id]
erb :"acts/edit"
else
flash[:error] = "You are unable to edit an act you did not create."
redirect to '/acts'
end
else
flash[:error] = "Unable to find act, please try again."
redirect to '/acts'
@@ -32,8 +37,13 @@ class ActsController < ApplicationController
get '/acts/:slug/delete/?', :auth => :user_id do
@act = Act.find_by_slug(params[:slug])
if @act
@act.delete
flash[:success] = "Act deleted."
if @act.user_id == session[:user_id]
@act.delete
flash[:success] = "Act deleted."
else
flash[:error] = "You are unable to delete an act you did not create."
redirect to '/acts'
end
else
flash[:error] = "Act not found."
end
@@ -22,7 +22,12 @@ class VenuesController < ApplicationController
get '/venues/:id/edit/?', :auth => :id do
@venue = Venue.find(params[:id])
if @venue
erb :"venues/edit"
if @venue.user_id == session[:user_id]
erb :"venues/edit"
else
flash[:error] = "You are unable to edit a venue you did not create."
redirect to '/venues'
end
else
flash[:error] = "Venue not found."
redirect to '/venues'
@@ -32,8 +37,13 @@ class VenuesController < ApplicationController
get '/venues/:id/delete/?', :auth => :user_id do
@venue = Venue.find(params[:id])
if @venue
@venue.delete
flash[:success] = "Venue deleted."
if @venue.user_id == session[:user_id]
@venue.delete
flash[:success] = "Venue deleted."
else
flash[:error] = "You are unable to delete a venue you did not create."
redirect to '/venues'
end
else
flash[:error] = "Venue not found."
end
View
Binary file not shown.
@@ -0,0 +1,6 @@
class CreateUserIdColumns < ActiveRecord::Migration
def change
add_column :venues, :user_id, :integer
add_column :acts, :user_id, :integer
end
end
View
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160327015048) do
ActiveRecord::Schema.define(version: 20160409172409) do
create_table "acts", force: :cascade do |t|
t.string "name"
@@ -21,6 +21,7 @@
t.string "website"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "user_id"
end
create_table "shows", force: :cascade do |t|
@@ -53,6 +54,7 @@
t.string "website"
t.datetime "created_at"
t.datetime "updated_at"
t.integer "user_id"
end
end

0 comments on commit 2a30f98

Please sign in to comment.