Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

remove only owned videos

  • Loading branch information...
commit 2e4154d8dab01f67a34e9737e6de5ccca331ab34 1 parent 5ad3555
Roman Liutikov authored
5 models/user.js
View
@@ -2,7 +2,7 @@
var mongoose = require('mongoose'),
Schema = mongoose.Schema,
- Video = require('./video');
+ Video = require('./video').schema;
var User = new Schema({
username: {
@@ -18,8 +18,7 @@ var User = new Schema({
type: String,
unique: true,
required: true
- },
- videos: [Video]
+ }
});
module.exports = mongoose.model('User', User);
3  models/video.js
View
@@ -26,7 +26,8 @@ var Video = new Schema({
unique: true,
required: true
},
- comments: Array
+ comments: Array,
+ id: String
});
module.exports = mongoose.model('Video', Video);
2  public/scripts/controllers/index.js
View
@@ -1,7 +1,7 @@
angular.module('ngSampleApp')
.controller('IndexCtrl', function ($scope, $resource, $location, $cookies) {
- var api_key = $cookies.api_key || '';
+ var api_key = $scope.api_key = $cookies.api_key || '';
$scope.newVideoForm = {};
$scope.file = null;
2  public/views/index.html
View
@@ -28,7 +28,7 @@
</form>
</div>
</div>
- <span class="remove glyphicon glyphicon-remove-circle" ng-click="removeVideo(video._id)"></span>
+ <span class="remove glyphicon glyphicon-remove-circle" ng-if="api_key == video.id" ng-click="removeVideo(video._id)"></span>
</li>
</ul>
</div>
3  routes/api/videos/post.js
View
@@ -71,7 +71,8 @@ var post = function (req, res) {
title: fields.title[0],
description: fields.description[0],
path: filePath,
- url: url
+ url: url,
+ id: req.user.api_key
});
});
};
3  routes/api/videos/remove.js
View
@@ -6,7 +6,9 @@ var rootPath = process.cwd(),
var remove = function (req, res) {
return VideoModel.findById(req.params.id, function (err, video) {
+ if (err) return res.send(500, {error: 'Server error'});
if (!video) return res.send(404, {error: 'Not found'});
+ if (req.user.api_key != video.id) return res.send(401, {error: 'Unauthorized'});
fs.unlink(video.path, function (err) {
if (err) return res.send(500, {error: 'Server error'});
@@ -25,6 +27,7 @@ var remove = function (req, res) {
}
});
});
+
});
};
Please sign in to comment.
Something went wrong with that request. Please try again.