... | ... |
@@ -225,6 +225,8 @@ sub can_access_private_project { |
225 | 225 |
sub can_write_access { |
226 | 226 |
my ($self, $session_user_id, $user_id, $project_id) = @_; |
227 | 227 |
|
228 |
+ return unless $session_user_id; |
|
229 |
+ |
|
228 | 230 |
my $can_write_access |
229 | 231 |
= length $session_user_id && |
230 | 232 |
( |
... | ... |
@@ -6,8 +6,16 @@ |
6 | 6 |
my $user_id = param('user'); |
7 | 7 |
my $project_id = param('project'); |
8 | 8 |
|
9 |
+ # Can write access |
|
10 |
+ my $session_user_id = $api->session_user_id; |
|
11 |
+ my $can_write_access = $api->can_write_access($session_user_id, $user_id, $project_id); |
|
12 |
+ |
|
9 | 13 |
my $errors; |
10 | 14 |
if (lc $self->req->method eq 'post') { |
15 |
+ unless ($can_write_access) { |
|
16 |
+ Carp::croak("Don't have write access"); |
|
17 |
+ } |
|
18 |
+ |
|
11 | 19 |
my $op = param('op') // ''; |
12 | 20 |
|
13 | 21 |
my $project_row_id = app->dbi->model('project')->select( |
... | ... |
@@ -62,6 +70,14 @@ |
62 | 70 |
$errors = $validation->messages; |
63 | 71 |
} |
64 | 72 |
} |
73 |
+ elsif ($op eq 'api-delete') { |
|
74 |
+ my $row_id = param('id'); |
|
75 |
+ |
|
76 |
+ app->dbi->model('label')->delete(where => {row_id => $row_id}); |
|
77 |
+ |
|
78 |
+ $self->render(json => {success => 1}); |
|
79 |
+ return; |
|
80 |
+ } |
|
65 | 81 |
} |
66 | 82 |
|
67 | 83 |
my $labels = app->dbi->model('label')->select( |
... | ... |
@@ -96,6 +112,15 @@ |
96 | 112 |
$(this).closest('li').find('.labels-edit-area').hide(); |
97 | 113 |
}); |
98 | 114 |
|
115 |
+ $('.labels-delete').on('click', function () { |
|
116 |
+ var li = $(this).closest('li'); |
|
117 |
+ var id = li.attr('row-id'); |
|
118 |
+ $.post('<%= url_for %>', {id : id, op : 'api-delete'}, function (result) { |
|
119 |
+ if (result.success) { |
|
120 |
+ li.fadeOut(); |
|
121 |
+ } |
|
122 |
+ }); |
|
123 |
+ }); |
|
99 | 124 |
}); |
100 | 125 |
% end |
101 | 126 |
|
... | ... |
@@ -103,11 +128,14 @@ |
103 | 128 |
|
104 | 129 |
<div class="container"> |
105 | 130 |
%= include '/include/errors', errors => $errors; |
106 |
- <div class="labels-new-panel"> |
|
107 |
- <div class="labels-new-btn btn btn-success"> |
|
108 |
- New label |
|
131 |
+ % if ($can_write_access) { |
|
132 |
+ <div class="labels-new-panel"> |
|
133 |
+ <div class="labels-new-btn btn btn-success"> |
|
134 |
+ New label |
|
135 |
+ </div> |
|
109 | 136 |
</div> |
110 |
- </div> |
|
137 |
+ % } |
|
138 |
+ |
|
111 | 139 |
<form class="labels-create-panel" action="<%= url_for %>" method="post" style="display:none"> |
112 | 140 |
<%= hidden_field op => 'create' %> |
113 | 141 |
<div class="labels-create-left"> |
... | ... |
@@ -128,7 +156,7 @@ |
128 | 156 |
<ul class="labels"> |
129 | 157 |
<li><%= @$labels %> labels</li> |
130 | 158 |
% for my $label (@$labels) { |
131 |
- <li> |
|
159 |
+ <li row-id="<%= $label->{row_id} %>"> |
|
132 | 160 |
<div class="labels-display-area"> |
133 | 161 |
<div class="labels-left"> |
134 | 162 |
<div class="labels-tag" style="background:<%= $label->{color} %>;"> |
... | ... |
@@ -137,12 +165,14 @@ |
137 | 165 |
</div> |
138 | 166 |
</div> |
139 | 167 |
<div class="labels-right"> |
140 |
- <div class="labels-edit"> |
|
141 |
- <a href="javascript:void(0)"><i class="icon icon-edit"></i> Edit</a> |
|
142 |
- </div> |
|
143 |
- <div class="labels-delete"> |
|
144 |
- <a href="javascript:void(0)"><i class="icon icon-remove"></i> Delete</a> |
|
145 |
- </div> |
|
168 |
+ % if ($can_write_access) { |
|
169 |
+ <div class="labels-edit"> |
|
170 |
+ <a href="javascript:void(0)"><i class="icon icon-edit"></i> Edit</a> |
|
171 |
+ </div> |
|
172 |
+ <div class="labels-delete"> |
|
173 |
+ <a href="javascript:void(0)"><i class="icon icon-remove"></i> Delete</a> |
|
174 |
+ </div> |
|
175 |
+ % } |
|
146 | 176 |
</div> |
147 | 177 |
</div> |
148 | 178 |
<div class="labels-edit-area" style="display:none"> |