appdev-projects · Brian-Waddell · Oct 26, 2023 · Oct 26, 2023 · Oct 27, 2023 · Oct 27, 2023
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -1,6 +1,15 @@
 class CommentsController < ApplicationController
   before_action :set_comment, only: %i[ show edit update destroy ]
 
+  before_action :authorized_user, only: [:destroy, :create ]
+
+  def authorized_user
+    @photo = photo.find(params.fetch(:comment).fetch(:photo_id))
+
+    if @photo.owner == @user || !@photo.owner.private? || current_user.leaders.include?(@photo.owner)
+   redirect_back(fallback_location: root_url, "Not Authorized User")
+  end 
+
   # GET /comments or /comments.json
   def index
     @comments = Comment.all
@@ -68,3 +77,4 @@ def comment_params
       params.require(:comment).permit(:author_id, :photo_id, :body)
     end
 end
+#comment 
diff --git a/app/controllers/likes_controller.rb b/app/controllers/likes_controller.rb
@@ -1,5 +1,11 @@
 class LikesController < ApplicationController
   before_action :set_like, only: %i[ show edit update destroy ]
+  # before_action :authorized_user, only: [:destroy, :create ]
+
+  # def authorized_user
+  #   if @like.owner == @user || !@like.owner.private? || current_user.leaders.include?(@like.owner)
+  #  redirect_back(fallback_location: root_url, "Not Authorized User")
+  # end 
 
   # GET /likes or /likes.json
   def index

diff --git a/app/controllers/photos_controller.rb b/app/controllers/photos_controller.rb
@@ -1,5 +1,12 @@
 class PhotosController < ApplicationController
   before_action :set_photo, only: %i[ show edit update destroy ]
+  before_action :ensure_current_user_is_owner, only: [:destroy, :update, :edit]
+
+  def ensure_current_user_is_owner
+    if current_user != @photo.owner
+      redirect_back fallback_location: root_url, alert: "You're not authorized for that."
+    end
+  end
 
   # GET /photos or /photos.json
   def index
@@ -50,13 +57,19 @@ def update
 
   # DELETE /photos/1 or /photos/1.json
   def destroy
+    #if current_user == @photo.owner
     @photo.destroy
     respond_to do |format|
       format.html { redirect_back fallback_location: root_url, notice: "Photo was successfully destroyed." }
       format.json { head :no_content }
     end
+  else 
+   # redirect_back(fallback_location: root_url, notice: "Sorry, only the photo owner can delete the photo")
+  #end 
   end
 
+
+
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_photo

diff --git a/app/models/comment.rb b/app/models/comment.rb
@@ -22,6 +22,7 @@
 class Comment < ApplicationRecord
   belongs_to :author, class_name: "User", counter_cache: true
   belongs_to :photo, counter_cache: true
+  has_one :owner, through: :photo
 
   validates :body, presence: true
 end
diff --git a/app/models/like.rb b/app/models/like.rb
@@ -21,6 +21,7 @@
 class Like < ApplicationRecord
   belongs_to :fan, class_name: "User", counter_cache: true
   belongs_to :photo, counter_cache: true
+  has_one :owner, through: :photo
 
   validates :fan_id, uniqueness: { scope: :photo_id, message: "has already liked this photo" }
 end
diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
@@ -10,13 +10,16 @@
       <p><%= comment.body %></p>
     </div>
     <div>
+
+
       <%= link_to edit_comment_path(comment), class: "btn btn-link btn-sm text-muted" do %>
         <i class="fas fa-edit fa-fw"></i>
       <% end %>
 
       <%= link_to comment, data: { turbo_method: :delete }, class: "btn btn-link btn-sm text-muted" do %>
         <i class="fas fa-trash fa-fw"></i>
       <% end %>
+
     </div>
   </div>
 </li>
diff --git a/app/views/photos/_photo.html.erb b/app/views/photos/_photo.html.erb
@@ -7,13 +7,15 @@
     </h2>
 
     <div>
+    <% if current_user == photo.owner %> 
       <%= link_to edit_photo_path(photo), class: "btn btn-link btn-sm text-muted" do %>
         <i class="fas fa-edit fa-fw"></i>
       <% end %>
-
+   
       <%= link_to photo, data: { turbo_method: :delete }, class: "btn btn-link btn-sm text-muted" do %>
         <i class="fas fa-trash fa-fw"></i>
       <% end %>
+      <% end %> 
     </div>
   </div>
 

diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
@@ -4,6 +4,7 @@
   </div>
 </div>
 
+<% if current_user == @user || !@user.private? || current_user.leaders.include?(@user) %>
 <div class="row mb-2">
   <div class="col-md-6 offset-md-3">
     <%= render "users/profile_nav", user: @user %>
@@ -17,3 +18,4 @@
     </div>
   </div>
 <% end %>
+<% end %> 
diff --git a/config/routes.rb b/config/routes.rb
@@ -4,14 +4,14 @@
   devise_for :users
 
   resources :comments
-  resources :follow_requests
-  resources :likes
-  resources :photos
+  resources :follow_requests, except: [:index, :show, :new, :edit]
+  resources :likes, only: [:create, :destroy]
+  resources :photos, except: [:index]
 
   get ":username" => "users#show", as: :user
   get ":username/liked" => "users#liked", as: :liked
   get ":username/feed" => "users#feed", as: :feed
   get ":username/discover" => "users#discover", as: :discover
   get ":username/followers" => "users#followers", as: :followers
   get ":username/following" => "users#following", as: :following
-end
+end