From 6b00fdd02612f4e5068f436627faa8b702b5f914 Mon Sep 17 00:00:00 2001
From: Julie Lala <jules@okfoc.us>
Date: Fri, 13 Jun 2014 02:24:38 -0400
Subject: delete media

---
 server/index.js         |  1 +
 server/lib/api/media.js | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

(limited to 'server')

diff --git a/server/index.js b/server/index.js
index d55d182..f76c40b 100644
--- a/server/index.js
+++ b/server/index.js
@@ -128,6 +128,7 @@ site.route = function () {
 	app.get('/api/media/user', middleware.ensureAuthenticated, api.media.user)
 	app.post('/api/media/new', middleware.ensureAuthenticated, api.media.create)
 	app.post('/api/media/upload', middleware.ensureAuthenticated, api.media.upload)
+	app.delete('/api/media/destroy', middleware.ensureAuthenticated, api.media.destroy)
 
 }
 
diff --git a/server/lib/api/media.js b/server/lib/api/media.js
index 9898727..48446ca 100644
--- a/server/lib/api/media.js
+++ b/server/lib/api/media.js
@@ -48,7 +48,25 @@ var media = {
 				res.json(rec)
 			})
 		}
+	},
+	
+	destroy: function(req, res){
+		var _id = util.sanitize(req.body._id)
+		if (! _id || ! _id.length) {
+			res.json({ error: 404 })
+			return
+		}
+		Media.findOne({ _id: _id }, function(err, doc){
+			if (! doc) { return res.json({ error: 404 }) }
+			if (String(doc.user_id) !== String(req.user._id)) {
+				 return res.json({ error: "access denied" })
+			}
+			Media.remove({ _id: _id }, function(err){
+				res.json({ status: "OK" })
+			})
+		})
 	}
+
 }
 
 module.exports = media
-- 
cgit v1.2.3-70-g09d2