Skip to content

Commit d4f4fad

Browse files
steveklabniksteveklabnik
committed
the real first version of the site
1 parent 1a55858 commit d4f4fad

4 files changed

Lines changed: 47 additions & 0 deletions

File tree

app/controllers/messages_controller.rb

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ def index
1515

1616
def show
1717
@message = Message.find(params[:id])
18+
if @message.sender != current_user && @message.recipient != current_user
19+
redirect_to root_url
20+
return
21+
end
1822
respond_to do |format|
1923
format.html
2024
format.yaml {require 'yaml'; render :text => (Hash.from_xml(@message.to_xml)).to_yaml}
@@ -27,6 +31,7 @@ def new
2731

2832
def edit
2933
@message = Message.find(params[:id])
34+
redirect_to root_url if @message.sender != current_user
3035
end
3136

3237
def create
@@ -57,6 +62,10 @@ def create
5762

5863
def update
5964
@message = Message.find(params[:id])
65+
if @message.sender != current_user
66+
redirect_to root_url
67+
return
68+
end
6069

6170
if @message.update_attributes(params[:message])
6271
flash[:notice] = 'Message was successfully updated.'
@@ -68,6 +77,10 @@ def update
6877

6978
def destroy
7079
@message = Message.find(params[:id])
80+
if @message.sender != current_user
81+
redirect_to root_url
82+
return
83+
end
7184
@message.destroy
7285

7386
redirect_to(messages_url)

app/controllers/posts_controller.rb

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,10 @@ def show
2424
# GET /posts/new
2525
# GET /posts/new.xml
2626
def new
27+
if current_user != User.first
28+
redirect_to posts_path
29+
return
30+
end
2731
@post = Post.new
2832

2933
respond_to do |format|
@@ -34,12 +38,20 @@ def new
3438

3539
# GET /posts/1/edit
3640
def edit
41+
if current_user != User.first
42+
redirect_to posts_path
43+
return
44+
end
3745
@post = Post.find(params[:id])
3846
end
3947

4048
# POST /posts
4149
# POST /posts.xml
4250
def create
51+
if current_user != User.first
52+
redirect_to posts_path
53+
return
54+
end
4355
@post = Post.new(params[:post])
4456

4557
respond_to do |format|
@@ -57,6 +69,10 @@ def create
5769
# PUT /posts/1
5870
# PUT /posts/1.xml
5971
def update
72+
if current_user != User.first
73+
redirect_to posts_path
74+
return
75+
end
6076
@post = Post.find(params[:id])
6177

6278
respond_to do |format|
@@ -74,6 +90,10 @@ def update
7490
# DELETE /posts/1
7591
# DELETE /posts/1.xml
7692
def destroy
93+
if current_user != User.first
94+
redirect_to posts_path
95+
return
96+
end
7797
@post = Post.find(params[:id])
7898
@post.destroy
7999

app/controllers/programs_controller.rb

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,10 @@ def new
2222

2323
def edit
2424
@program = Program.find(params[:id])
25+
if current_user != @program.user
26+
redirect_to root_url
27+
return
28+
end
2529
end
2630

2731
def create
@@ -38,6 +42,10 @@ def create
3842

3943
def update
4044
@program = Program.find(params[:id])
45+
if current_user != @program.user
46+
redirect_to root_url
47+
return
48+
end
4149

4250
if @program.update_attributes(params[:program])
4351
flash[:notice] = 'Program was successfully updated.'
@@ -49,6 +57,10 @@ def update
4957

5058
def destroy
5159
@program = Program.find(params[:id])
60+
if current_user != @program.user
61+
redirect_to root_url
62+
return
63+
end
5264
@program.destroy
5365
redirect_to user_path(current_user.username)
5466
end

app/views/programs/show.html.erb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,10 +23,12 @@
2323
<% end %>
2424
<% end %>
2525
<br style="clear:both"/>
26+
<% unless current_user.nil? %>
2627
<h2>Make a comment</h2>
2728
<% form_for Comment.new do |f| %>
2829
<%= f.text_area :text, :rows => 10, :cols => 65 %><br />
2930
<%= f.hidden_field :program_id, :value => @program.id %>
3031
<%= f.submit %>
3132
<% end %>
33+
<% end %>
3234

0 commit comments

Comments
 (0)