Permalink
Browse files

fix issues with permissions and comparing variables

  • Loading branch information...
michaelsimon committed May 1, 2016
1 parent 7d7bdfd commit 70b7acac9392b04abc474c2f8bd82829be389d75
@@ -22,7 +22,7 @@ class ActsController < ApplicationController
get '/acts/:slug/edit/?', :auth => true do
@act = Act.find_by_slug(params[:slug])
if @act
if @act.user_id == session[:user_id]
if @act.user_id == current_user
erb :"acts/edit"
else
flash[:error] = "You are unable to edit an act you did not create."
@@ -37,7 +37,7 @@ class ActsController < ApplicationController
get '/acts/:slug/delete/?', :auth => true do
@act = Act.find_by_slug(params[:slug])
if @act
if @act.user_id == session[:user_id]
if @act.user_id == current_user
@act.delete
flash[:success] = "Act deleted."
else
@@ -51,8 +51,9 @@ class ActsController < ApplicationController
end
post '/acts', :auth => true do
@act = Act.create(params)
if @act
@act = Act.new(params)
@act.user_id = current_user
if @act.save
redirect to "/acts/#{@act.slug}"
else
flash[:error] = "Unable to create act, please try again, ensuring all fields are filled out."
@@ -24,7 +24,7 @@ class ShowsController < ApplicationController
get '/shows/:id/edit/?', :auth => true do
@show = Show.find(params[:id])
if @show
if @show.user_id == session[:user_id]
if @show.user_id == current_user
@venues = Venue.all
@acts = Act.all
erb :"shows/edit"
@@ -41,7 +41,7 @@ class ShowsController < ApplicationController
get '/shows/:id/delete/?', :auth => true do
@show = Show.find(params[:id])
if @show
if @show.user_id == session[:user_id]
if @show.user_id == current_user
@show.delete
flash[:success]="Show deleted."
else
@@ -55,7 +55,7 @@ class ShowsController < ApplicationController
post '/shows', :auth => true do
@show = Show.new(params)
@show.user_id = params[:user_id]
@show.user_id = current_user
if @show.save
redirect to "/shows/#{@show.id}"
else
@@ -67,7 +67,7 @@ class ShowsController < ApplicationController
post '/shows/:id', :auth => true do
@show = Show.find(params[:id])
if @show
if @show.update(act_id: params[:act_id], venue_id: params[:venue_id], show_date: params[:show_date], tkts_url: params[:tkts_url], description: params[:description], name: params[:name])
if @show.update(act_id: params[:act_id], venue_id: params[:venue_id], show_date: params[:show_date], show_time: params[:show_time], tkts_url: params[:tkts_url], description: params[:description], name: params[:name])
redirect to "/shows/#{@show.id}"
else
flash[:error] = "Unable to update show, please try again."
@@ -22,7 +22,7 @@ class VenuesController < ApplicationController
get '/venues/:id/edit/?', :auth => true do
@venue = Venue.find(params[:id])
if @venue
if @venue.user_id == session[:user_id]
if @venue.user_id == current_user
erb :"venues/edit"
else
flash[:error] = "You are unable to edit a venue you did not create."
@@ -37,7 +37,7 @@ class VenuesController < ApplicationController
get '/venues/:id/delete/?', :auth => true do
@venue = Venue.find(params[:id])
if @venue
if @venue.user_id == session[:user_id]
if @venue.user_id == current_user
@venue.delete
flash[:success] = "Venue deleted."
else
@@ -51,8 +51,9 @@ class VenuesController < ApplicationController
end
post '/venues', :auth => true do
@venue = Venue.create(params)
if @venue
@venue = Venue.new(params)
@venue.user_id = current_user
if @venue.save
redirect to "/venues/#{@venue.id}"
else
flash[:error] = "Unable to create venue, please try again, ensuring all fields are filled out."
@@ -63,7 +64,7 @@ class VenuesController < ApplicationController
post '/venues/:id', :auth => true do
@venue = Venue.find(params[:id])
if @venue
if @venue.update(name: params[:name], address: params[:address], zipcode: params[:zipcode], email: params[:email], website: params[:website])
if @venue.update(name: params[:name], address: params[:address], zipcode: params[:zipcode], phone: params[:phone], email: params[:email], website: params[:website])
redirect to "/venues/#{@venue.id}"
else
flash[:error] = "Unable to update venue, please try again."
View
@@ -27,7 +27,7 @@
<select class="form-control" id="inputAct" name="act_id">
<option disabled>Select an act</option>
<% @acts.each do |act| %>
<option value="<%= act.id %>" <%= 'selected' if @show.act_id = act.id %>><%= act.name %>
<option value="<%= act.id %>" <%= 'selected' if @show.act_id == act.id %>><%= act.name %>
<% end %>
</select>
</div>
@@ -38,7 +38,7 @@
<select class="form-control" id="inputVenue" name="venue_id">
<option disabled>Select a venue</option>
<% @venues.each do |venue| %>
<option value="<%= venue.id %>" <%= 'selected' if @show.venue_id = venue.id %>><%= venue.name %>
<option value="<%= venue.id %>" <%= 'selected' if @show.venue_id == venue.id %>><%= venue.name %>
<% end %>
</select>
</div>
View
Binary file not shown.

0 comments on commit 70b7aca

Please sign in to comment.