only shows the delete link if you have permission to delete

Author: Rahoul Baruah

app/controllers/application.rb

@@ -6,6 +6,7 @@ class ApplicationController < ActionController::Base
   filter_parameter_logging :password
   layout 'isitruby19'
   include ReCaptcha::AppHelper
+  helper_method :my_comments
 
 protected
   # build an rss feed for the given collection
@@ -29,4 +30,11 @@ def rss_for objects, mapping
       end
     end.to_s
   end
+
+  # uses the session to store which comments I created  
+  def my_comments
+    session[:my_comments] ||= []
+  end
+
+
 end

app/controllers/comments_controller.rb

@@ -57,10 +57,6 @@ def can_delete comment
   end
 
 private
-  def my_comments
-    session[:my_comments] ||= []
-  end
-
   def captcha_is_valid_for comment, options 
     return true if ENV['RAILS_ENV'] == 'test' # captcha is always valid in test mode
     return validate_recap(options[:with], comment.errors, :rcc_pub => RECAPTCHA_PUBLIC_KEY, :rcc_priv => RECAPTCHA_PRIVATE_KEY)  

app/helpers/comments_helper.rb

@@ -8,7 +8,9 @@ def name_link_for comment
   end
 
   def delete_link_for comment
-    link_to "DELETE", comment_path(comment), :method => :delete, :class => 'delete-comment' unless comment.new_record?
+    return nil if comment.new_record?
+    return nil unless my_comments.include?(comment.id)
+    link_to "DELETE", comment_path(comment), :method => :delete, :class => 'delete-comment', :confirm => 'Are you sure?'
   end
 
   def opinion_for comment

features/adding-a-comment.feature

@@ -26,4 +26,11 @@ Feature: adding a comment
     When I click the delete comment link
     Then I do not see my comment on the page
 
-  Scenario: viewing someone else's comment 
+  Scenario: viewing someone else's comment 
+    
+    Given an initialised database
+    And a gem called "rubynuts"
+    And a comment against "rubynuts"
+    
+    When I visit the page for "rubynuts"
+    Then I do not see the delete comment link

features/step_definitions/comment_steps.rb

@@ -1,3 +1,9 @@
+Given /^a comment against "(.*)"$/ do | name | 
+  code = Code.find_by_name! name
+  comment = a_saved Comment, :code => code
+end
+
+
 Then /^I see the comment form$/ do
   response.should have_tag('div#new-comment-form')
 end
@@ -24,6 +30,11 @@
   response.should have_tag('a.delete-comment')
 end
 
+Then /^I do not see the delete comment link$/ do
+  response.should_not have_tag('a.delete-comment')
+end
+
+
 Then /^I do not see my comment on the page$/ do
   response.should_not include_text('Here is my test comment')
 end

lib/object_factory_config.rb

@@ -1,4 +1,11 @@
 def prepare_object_factory
   when_creating_a Code, :auto_generate => :name
 
+  when_creating_a Comment, 
+    :auto_generate => :name, 
+    :generate_email_address => :email, 
+    :generate => { 
+      :code => lambda { a_saved Code }, 
+      :platform => lambda { Platform.first }
+    }
 end

public/stylesheets/styles.css

@@ -279,6 +279,14 @@ div.errorExplanation {
 	margin-bottom: 10px;
 }
 
+#flash_error {
+	border: 1px solid red;
+	background-color: #CC0000;
+	padding: 10px;
+	margin-bottom: 10px;
+}
+
+
 dt {
 	color: #95ABC3;
 }