Created
August 14, 2011 14:49
-
-
Save Hakon/1144943 to your computer and use it in GitHub Desktop.
restrict deleting/updating to signed in users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I have a session variable that is created on login called current_user i can access the company id and user id by calling the following: current_user.company_id and current_user.id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| has_many :paintings |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| belongs_to :company |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PaintingsController < ApplicationController | |
| before_filter :authenticate_user! | |
| before_filter :load_painting, :only => [:destroy] | |
| def index | |
| @pictures = Painting.all | |
| render :json => @pictures.collect { |p| p.to_jq_upload }.to_json | |
| end | |
| def managefiles | |
| @searchval = '' | |
| @title = ' - Manage Files' | |
| @folder = Painting.select("DISTINCT folder").where("company_id = ?", current_user.company_id).order("folder ASC, name ASC") | |
| @allfiles = Painting.select("folder, name, id").where("company_id = ?", current_user.company_id).order("name ASC, name ASC") | |
| #@allfiles = Painting.select("folder, name, id").order("name DESC") | |
| end | |
| def create | |
| if params[:painting][:image].original_filename.include?("-") | |
| folder_name = params[:painting][:image].original_filename.split('-')[0].strip | |
| name = params[:painting][:image].original_filename.split('-')[1].strip | |
| else | |
| folder_name = 'Unknown Artist' | |
| name = params[:painting][:image].original_filename | |
| end | |
| #folder_name = params[:painting][:image].to_s.split('@original_filename')[0] | |
| @picture = Painting.new(:image => params[:painting][:image], :folder => folder_name, :name => name, :company_id => current_user.company_id) | |
| #@picture = Painting.new(params[:painting]) | |
| #@painting.image.class | |
| if @picture.save | |
| render :json => [ @picture.to_jq_upload ].to_json, :content_type => 'text/html' | |
| else | |
| render :json => [ @picture.to_jq_upload.merge({ :error => "custom_failure" }) ].to_json, :content_type => 'text/html' | |
| end | |
| end | |
| def destroy | |
| @picture.destroy | |
| render :json => true | |
| end | |
| def destroy_one | |
| @dfile = Painting.find(params[:id]) | |
| if @dfile.destroy | |
| respond_to do |format| | |
| format.js | |
| @sfmsg = "File Deleted!" | |
| end | |
| else | |
| @sfmsg = "Error Deleting File!" | |
| end | |
| end | |
| def destroy_multiple | |
| if params[:fid].blank? | |
| @sfmsg = "Error Deleting File(s)!" | |
| else | |
| Painting.find(params[:fid]).each { |f| f.destroy } | |
| @sfmsg = "File(s) Deleted!" | |
| end | |
| end | |
| def searchcatalog | |
| @searchval = params[:catalog_search] | |
| qterm = "%#{params[:catalog_search]}%" | |
| @folder = Painting.select("DISTINCT folder").where("company_id = ? and (folder like ? or name like ?)", current_user.company_id, qterm, qterm).order("folder ASC, name ASC") | |
| @allfiles = Painting.select("folder, name, id").where("company_id = ? and (folder like ? or name like ?)", current_user.company_id, qterm, qterm).order("name ASC, name ASC") | |
| respond_to do |format| | |
| format.js | |
| end | |
| end | |
| private | |
| def authenticate_user! | |
| if(!current_user.present?) | |
| redirect_to login_url | |
| end | |
| end | |
| def load_painting | |
| @picture = current_user.company.paintings.find_by_id(params[:id]) | |
| if(!@picture) | |
| redirect_to paintings_path | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create_table "companies", :force => true do |t| | |
| t.integer "user_id" | |
| t.string "company_name" | |
| t.string "company_type" | |
| t.string "url" | |
| t.datetime "created_at" | |
| t.datetime "updated_at" | |
| end | |
| create_table "paintings", :force => true do |t| | |
| t.integer "gallery_id" | |
| t.string "name" | |
| t.datetime "created_at" | |
| t.datetime "updated_at" | |
| t.string "image" | |
| t.string "folder" | |
| t.integer "company_id" | |
| end | |
| create_table "users", :force => true do |t| | |
| t.string "username" | |
| t.string "password" | |
| t.string "name" | |
| t.string "email_address" | |
| t.string "company_name" | |
| t.string "acct_type" | |
| t.string "encrypted_password" | |
| t.string "salt" | |
| t.string "user_number" | |
| t.integer "company_id" | |
| t.datetime "created_at" | |
| t.datetime "updated_at" | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment