Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 19:15:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

bugfixes + cleanup for accounts and users routes

Browse Source
This commit is contained in:
psychobunny
2014-02-28 15:58:29 -05:00
parent fa103b2d6e
commit f35c14ee07
3 changed files with 24 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/controllers/accounts.js
View File

@@ -164,9 +164,9 @@ accountsController.getAccount = function(req, res, next) {
userData.signature = signature; userData.signature = signature;
if (res.locals.isAPI) { if (res.locals.isAPI) {
res.json({}); res.json(userData);
} else { } else {
res.render('account', {}); res.render('account', userData);
}; };
}); });
}); });
@@ -469,6 +469,6 @@ accountsController.uploadPicture = function (req, res, next) {
}); });
}); });
}); });
}); };
module.exports = accountsController; module.exports = accountsController;

4
src/controllers/users.js
View File

@@ -1,4 +1,4 @@
var usersController = {}, var usersController = {};
var async = require('async'), var async = require('async'),
user = require('./../user'), user = require('./../user'),
@@ -124,7 +124,7 @@ usersController.getUsersForSearch = function(req, res, next) {
res.json(data); res.json(data);
} else { } else {
res.render('users', data); res.render('users', data);
}; }
}; };

36
src/webserver.js
View File

@@ -31,7 +31,6 @@ var path = require('path'),
controllers = require('./controllers'), controllers = require('./controllers'),
admin = require('./routes/admin'), admin = require('./routes/admin'),
userRoute = require('./routes/user'),
apiRoute = require('./routes/api'), apiRoute = require('./routes/api'),
feedsRoute = require('./routes/feeds'), feedsRoute = require('./routes/feeds'),
metaRoute = require('./routes/meta'); metaRoute = require('./routes/meta');
@@ -124,6 +123,9 @@ process.on('uncaughtException', function(err) {
}; };
app.checkAccountPermissions = function(req, res, next) { app.checkAccountPermissions = function(req, res, next) {
var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
// this function requires userslug to be passed in. todo: /user/uploadpicture should pass in userslug I think
user.getUidByUserslug(req.params.userslug, function (err, uid) { user.getUidByUserslug(req.params.userslug, function (err, uid) {
if (err) { if (err) {
return next(err); return next(err);
@@ -630,7 +632,6 @@ process.on('uncaughtException', function(err) {
auth.registerApp(app); auth.registerApp(app);
metaRoute.createRoutes(app); metaRoute.createRoutes(app);
admin.createRoutes(app); admin.createRoutes(app);
userRoute.createRoutes(app);
apiRoute.createRoutes(app); apiRoute.createRoutes(app);
feedsRoute.createRoutes(app); feedsRoute.createRoutes(app);
@@ -705,32 +706,33 @@ process.on('uncaughtException', function(err) {
app.get('/api/category/:category_id/:slug?', app.prepareAPI, controllers.categories.get); app.get('/api/category/:category_id/:slug?', app.prepareAPI, controllers.categories.get);
/* Accounts */ /* Accounts */
app.get'/user/:userslug', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getAccount); app.get('/user/:userslug', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getAccount);
app.get'/api/user/:userslug', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getAccount); app.get('/api/user/:userslug', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getAccount);
app.get'/user/:userslug/following', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing); app.get('/user/:userslug/following', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing);
app.get'/api/user/:userslug/following', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing); app.get('/api/user/:userslug/following', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing);
app.get'/user/:userslug/followers', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers); app.get('/user/:userslug/followers', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers);
app.get'/api/user/:userslug/followers', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers); app.get('/api/user/:userslug/followers', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers);
app.get'/user/:userslug/favourites', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites); app.get('/user/:userslug/favourites', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites);
app.get'/api/user/:userslug/favourites', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites); app.get('/api/user/:userslug/favourites', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites);
app.get'/user/:userslug/posts', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getPosts); app.get('/user/:userslug/posts', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getPosts);
app.get'/api/user/:userslug/posts', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getPosts); app.get('/api/user/:userslug/posts', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getPosts);
app.get'/user/:userslug/edit', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit); app.get('/user/:userslug/edit', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit);
app.get'/api/user/:userslug/edit', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit); app.get('/api/user/:userslug/edit', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit);
// todo: admin recently gained access to this page, pls check if it actually works // todo: admin recently gained access to this page, pls check if it actually works
app.get'/user/:userslug/settings', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings); app.get('/user/:userslug/settings', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings);
app.get'/api/user/:userslug/settings', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings); app.get('/api/user/:userslug/settings', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings);
app.get('/api/user/uid/:uid', app.checkGlobalPrivacySettings, controllers.accounts.getUserByUID); app.get('/api/user/uid/:uid', app.checkGlobalPrivacySettings, controllers.accounts.getUserByUID);
// this should have been in the API namespace // this should have been in the API namespace
app.post'/user/uploadpicture', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.uploadPicture); // also, perhaps pass in :userslug so we can use checkAccountPermissions middleware, in future will allow admins to upload a picture for a user
app.post('/user/uploadpicture', app.prepareAPI, app.checkGlobalPrivacySettings, /*app.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
/* Users */ /* Users */
app.get('/users', app.buildHeader, app.checkGlobalPrivacySettings, controllers.users.getOnlineUsers); app.get('/users', app.buildHeader, app.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);