Makes Reportcard graphs read-only.

diff --git a/lib/graph/graph-edit-view.co b/lib/graph/graph-edit-view.co
index 42329be..33f4bab 100644 (file)
--- a/lib/graph/graph-edit-view.co
+++ b/lib/graph/graph-edit-view.co
@@ -262,7 +262,7 @@ GraphEditView = exports.GraphEditView = BaseView.extend do # {{{
     updateURL: ->
         data  = @toJSON()
         title = "#{@model.get('name') or 'New Graph'} | Edit Graph | GraphKit"
-        url   = @toURL()
+        url   = @toURL('edit')
         # console.log 'History.pushState', JSON.stringify(data), title, url
         History.pushState data, title, url
     

diff --git a/lib/graph/graph-model.co b/lib/graph/graph-model.co
index 87fb3d3..11e106d 100644 (file)
--- a/lib/graph/graph-model.co
+++ b/lib/graph/graph-model.co
@@ -270,10 +270,10 @@ Graph = exports.Graph = BaseModel.extend do # {{{
     /**
      * @returns {String} URL identifying this model.
      */
-    toURL: ->
-        slug = @get 'slug', ''
-        slug = "/#slug" if slug
-        "#{@urlRoot}#slug?#{@toKV { keepSlug: !!slug }}"
+    toURL: (action) ->
+        slug = @get 'slug'
+        path = _.compact [ @urlRoot, slug, action ] .join '/'
+        "#path?#{@toKV { keepSlug: !!slug }}"
     
     toString: -> "#{@ctorName}(id=#{@id}, cid=#{@cid})"
 # }}}

diff --git a/lib/server/controllers/graph.co b/lib/server/controllers/graph.co
index d557f74..d3921ce 100644 (file)
--- a/lib/server/controllers/graph.co
+++ b/lib/server/controllers/graph.co
@@ -12,6 +12,22 @@ Controller = require '../controller'
  * @class Resource controller for graph requests.
  */
 class GraphController extends Controller
+    PROTECTED_GRAPH_IDS : <[
+        unique_visitors
+        pageviews
+        pageviews_mobile
+        reach
+        commons
+        articles
+        articles_per_day
+        edits
+        new_editors
+        active_editors
+        active_editors_target
+        very_active_editors
+    ]>
+    PROTECT_GRAPHS : true
+    
     name    : 'graphs'
     dataDir : 'data/graphs'
     -> super ...
@@ -63,25 +79,30 @@ class GraphController extends Controller
     
     # GET /graphs/new
     new: (req, res) ->
-        ...
+        res.render 'graph/edit'
     
     # POST /graphs
     create: (req, res) ->
         return unless data = @processBody req, res
         file = @toFile data.id
         if exists file
-            return res.send { result:"error", message:"Graph already exists!" }
+            return res.send { result:"error", message:"Graph '#{data.id}' already exists!" }
         else
             fs.writeFile file, JSON.stringify(data), "utf8", @errorHandler(res, "Error writing graph!")
     
     # PUT /graphs/:graph
     update: (req, res) ->
         return unless data = @processBody req, res
+        if @PROTECT_GRAPHS and _ @PROTECTED_GRAPH_IDS .contains data.id
+            return res.send {result:"error", message:"Graph '#{data.id}' is read-only."}, 403
         fs.writeFile @toFile(data.id), JSON.stringify(data), "utf8", @errorHandler(res, "Error writing graph!")
     
     # DELETE /graphs/:graph
     destroy: (req, res) ->
-        fs.unlink @toFile(req.param.graph), @errorHandler(res, "Graph does not exist!")
+        id = req.param.graph
+        if @PROTECT_GRAPHS and _ @PROTECTED_GRAPH_IDS .contains id
+            return res.send {result:"error", message:"Graph '#{id}' is read-only."}, 403
+        fs.unlink @toFile(id), @errorHandler(res, "Graph '#{id}' does not exist!")
     
     
     ### Helpers