delete media

author: Julie Lala <jules@okfoc.us> 2014-06-13 02:24:38 -0400
committer: Julie Lala <jules@okfoc.us> 2014-06-13 02:24:38 -0400
commit: 6b00fdd02612f4e5068f436627faa8b702b5f914 (patch)
tree: 43de05a59f2719d60c2fa015282fd131ef8993e7 /server
parent: ff0b10665ed839f2ae5855b90cc8dd26d3ef740e (diff)
2 files changed, 19 insertions, 0 deletions
diff --git a/server/index.js b/server/index.js
index d55d182..f76c40b 100644
--- a/server/index.js
+++ b/server/index.js
@@ -128,6 +128,7 @@ site.route = function () {
 	app.get('/api/media/user', middleware.ensureAuthenticated, api.media.user)
 	app.post('/api/media/new', middleware.ensureAuthenticated, api.media.create)
 	app.post('/api/media/upload', middleware.ensureAuthenticated, api.media.upload)
+	app.delete('/api/media/destroy', middleware.ensureAuthenticated, api.media.destroy)
 
 }
 
diff --git a/server/lib/api/media.js b/server/lib/api/media.js
index 9898727..48446ca 100644
--- a/server/lib/api/media.js
+++ b/server/lib/api/media.js
@@ -48,7 +48,25 @@ var media = {
 				res.json(rec)
 			})
 		}
+	},
+	
+	destroy: function(req, res){
+		var _id = util.sanitize(req.body._id)
+		if (! _id || ! _id.length) {
+			res.json({ error: 404 })
+			return
+		}
+		Media.findOne({ _id: _id }, function(err, doc){
+			if (! doc) { return res.json({ error: 404 }) }
+			if (String(doc.user_id) !== String(req.user._id)) {
+				 return res.json({ error: "access denied" })
+			}
+			Media.remove({ _id: _id }, function(err){
+				res.json({ status: "OK" })
+			})
+		})
 	}
+
 }
 
 module.exports = media
author	Julie Lala <jules@okfoc.us>	2014-06-13 02:24:38 -0400
committer	Julie Lala <jules@okfoc.us>	2014-06-13 02:24:38 -0400
commit	6b00fdd02612f4e5068f436627faa8b702b5f914 (patch)
tree	43de05a59f2719d60c2fa015282fd131ef8993e7 /server
parent	ff0b10665ed839f2ae5855b90cc8dd26d3ef740e (diff)