Permalink
Browse files

verifies correct ownership before delete

  • Loading branch information...
1 parent 4c48383 commit dce002f71f39c0a9e22641ca449d1c5406f06c41 @adamzaninovich adamzaninovich committed Oct 4, 2010
Showing with 15 additions and 4 deletions.
  1. +15 −4 todo.rb
View
19 todo.rb
@@ -1,4 +1,11 @@
-%w(rubygems sinatra sinatra/sequel twitter_oauth haml yaml).each { |lib| require lib}
+%w(
+ rubygems
+ sinatra
+ sinatra/sequel
+ twitter_oauth
+ haml
+ yaml
+).each { |lib| require lib}
#use Rack::MethodOverride
# allows for delete and put via _method in form like so:
@@ -50,8 +57,12 @@ class Todo < Sequel::Model
redirect '/' unless @user
pass unless params[:id].to_i > 0
@todo = Todo[params[:id]]
- @todo.delete
- redirect '/'
+ if @todo.user === session[:username]
+ @todo.delete
+ else
+ session[:flash] = "You can't delete an item that isn't your own!"
+ end
+ redirect '/todos'
end
get '/todos' do # list
@@ -68,7 +79,7 @@ class Todo < Sequel::Model
redirect '/' unless @user
params["user"] = session[:username]
database[:todos] << params unless params[:desc]==''
- redirect '/'
+ redirect '/todos'
end
get '/tweet' do # confirm tweet

0 comments on commit dce002f

Please sign in to comment.