diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/index.js | 1 | ||||
| -rw-r--r-- | server/lib/api/media.js | 18 |
2 files changed, 19 insertions, 0 deletions
diff --git a/server/index.js b/server/index.js index d55d182..f76c40b 100644 --- a/server/index.js +++ b/server/index.js @@ -128,6 +128,7 @@ site.route = function () { app.get('/api/media/user', middleware.ensureAuthenticated, api.media.user) app.post('/api/media/new', middleware.ensureAuthenticated, api.media.create) app.post('/api/media/upload', middleware.ensureAuthenticated, api.media.upload) + app.delete('/api/media/destroy', middleware.ensureAuthenticated, api.media.destroy) } diff --git a/server/lib/api/media.js b/server/lib/api/media.js index 9898727..48446ca 100644 --- a/server/lib/api/media.js +++ b/server/lib/api/media.js @@ -48,7 +48,25 @@ var media = { res.json(rec) }) } + }, + + destroy: function(req, res){ + var _id = util.sanitize(req.body._id) + if (! _id || ! _id.length) { + res.json({ error: 404 }) + return + } + Media.findOne({ _id: _id }, function(err, doc){ + if (! doc) { return res.json({ error: 404 }) } + if (String(doc.user_id) !== String(req.user._id)) { + return res.json({ error: "access denied" }) + } + Media.remove({ _id: _id }, function(err){ + res.json({ status: "OK" }) + }) + }) } + } module.exports = media |