GitPrep
Login
Showing 2 changed files with 43 additions and 11 deletions
+2
lib/Gitprep/API.pm
View
... ... 
@@ -225,6 +225,8 @@ sub can_access_private_project {
225 225 
 sub can_write_access {
226 226 
   my ($self, $session_user_id, $user_id, $project_id) = @_;
227 227
228 
+  return unless $session_user_id;
229 
+
228 230 
   my $can_write_access
229 231 
     = length $session_user_id &&
230 232 
     (
+41 -11
templates/labels.html.ep
View
... ... 
@@ -6,8 +6,16 @@
6 6 
   my $user_id = param('user');
7 7 
   my $project_id = param('project');
8 8
9 
+  # Can write access
10 
+  my $session_user_id = $api->session_user_id;
11 
+  my $can_write_access = $api->can_write_access($session_user_id, $user_id, $project_id);
12 
+
9 13 
   my $errors;
10 14 
   if (lc $self->req->method eq 'post') {
15 
+    unless ($can_write_access) {
16 
+      Carp::croak("Don't have write access");
17 
+    }
18 
+
11 19 
     my $op = param('op') // '';
12 20
13 21 
     my $project_row_id = app->dbi->model('project')->select(
... ... 
@@ -62,6 +70,14 @@
62 70 
         $errors = $validation->messages;
63 71 
       }
64 72 
     }
73 
+    elsif ($op eq 'api-delete') {
74 
+      my $row_id = param('id');
75 
+
76 
+      app->dbi->model('label')->delete(where => {row_id => $row_id});
77 
+
78 
+      $self->render(json => {success => 1});
79 
+      return;
80 
+    }
65 81 
   }
66 82
67 83 
   my $labels = app->dbi->model('label')->select(
... ... 
@@ -96,6 +112,15 @@
96 112 
       $(this).closest('li').find('.labels-edit-area').hide();
97 113 
     });
98 114
115 
+    $('.labels-delete').on('click', function () {
116 
+      var li = $(this).closest('li');
117 
+      var id = li.attr('row-id');
118 
+      $.post('<%= url_for %>', {id : id, op : 'api-delete'}, function (result) {
119 
+        if (result.success) {
120 
+          li.fadeOut();
121 
+        }
122 
+      });
123 
+    });
99 124 
   });
100 125 
 % end
101 126
... ... 
@@ -103,11 +128,14 @@
103 128
104 129 
 <div class="container">
105 130 
   %= include '/include/errors', errors => $errors;
106 
-  <div class="labels-new-panel">
107 
-    <div class="labels-new-btn btn btn-success">
108 
-      New label
131 
+  % if ($can_write_access) {
132 
+    <div class="labels-new-panel">
133 
+      <div class="labels-new-btn btn btn-success">
134 
+        New label
135 
+      </div>
109 136 
     </div>
110 
-  </div>
137 
+  % }
138 
+
111 139 
   <form class="labels-create-panel" action="<%= url_for %>" method="post" style="display:none">
112 140 
     <%= hidden_field op => 'create' %>
113 141 
     <div class="labels-create-left">
... ... 
@@ -128,7 +156,7 @@
128 156 
   <ul class="labels">
129 157 
     <li><%= @$labels %> labels</li>
130 158 
     % for my $label (@$labels) {
131 
-      <li>
159 
+      <li row-id="<%= $label->{row_id} %>">
132 160 
         <div class="labels-display-area">
133 161 
           <div class="labels-left">
134 162 
             <div class="labels-tag" style="background:<%= $label->{color} %>;">
... ... 
@@ -137,12 +165,14 @@
137 165 
             </div>
138 166 
           </div>
139 167 
           <div class="labels-right">
140 
-            <div class="labels-edit">
141 
-              <a href="javascript:void(0)"><i class="icon icon-edit"></i> Edit</a>
142 
-            </div>
143 
-            <div class="labels-delete">
144 
-              <a href="javascript:void(0)"><i class="icon icon-remove"></i> Delete</a>
145 
-            </div>
168 
+            % if ($can_write_access) {
169 
+              <div class="labels-edit">
170 
+                <a href="javascript:void(0)"><i class="icon icon-edit"></i> Edit</a>
171 
+              </div>
172 
+              <div class="labels-delete">
173 
+                <a href="javascript:void(0)"><i class="icon icon-remove"></i> Delete</a>
174 
+              </div>
175 
+            % }
146 176 
           </div>
147 177 
         </div>
148 178 
         <div class="labels-edit-area" style="display:none">
Gitprep Version v2.6_dev build on Mojolicious