diff --git a/controllers/story.js b/controllers/story.js index be129b8dd1..f31891c312 100644 --- a/controllers/story.js +++ b/controllers/story.js @@ -148,7 +148,7 @@ exports.returnIndividualStory = function(req, res, next) { upVotes: story.upVotes, comments: story.comments, id: story._id, - user: req.user, + user: req.user || null, timeAgo: moment(story.timePosted).fromNow(), image: story.image, page: 'show', @@ -227,6 +227,9 @@ exports.comments = function(req, res, next) { }; exports.newStory = function(req, res) { + if (!req.user) { + res.status(500); + } var url = req.body.data.url; var cleanURL = sanitizeHtml(url, { allowedTags: [], @@ -284,6 +287,9 @@ exports.newStory = function(req, res) { exports.storySubmission = function(req, res) { var data = req.body.data; + if (!req.user && !data.author) { + res.status(500); + } var storyLink = data.headline .replace(/\'/g, '') .replace(/\"/g, '') @@ -327,6 +333,9 @@ exports.storySubmission = function(req, res) { exports.commentSubmit = function(req, res) { var data = req.body.data; + if (!req.user && !data.author) { + res.status(500); + } var sanitizedBody = sanitizeHtml(data.body, { allowedTags: [], @@ -353,6 +362,9 @@ exports.commentSubmit = function(req, res) { exports.commentOnCommentSubmit = function(req, res) { var data = req.body.data; + if (!req.user && !data.author) { + res.status(500); + } var sanitizedBody = sanitizeHtml(data.body, { allowedTags: [], diff --git a/views/stories/comments.jade b/views/stories/comments.jade index 53ae1f12b3..bc33e9188f 100644 --- a/views/stories/comments.jade +++ b/views/stories/comments.jade @@ -21,6 +21,8 @@ success: function (data, textStatus, xhr) { commentDetails = data; var div = document.createElement('div'); + var disabledReply = !!user; + $(div) .html( '
' + @@ -34,7 +36,7 @@ '

' + commentDetails.body + '

' + '
' + '
' + - "Reply · " + + "Reply · " + "commented " + moment(commentDetails.commentOn).fromNow() + " by " + "@" + commentDetails.author.username + "" + '
' + @@ -55,6 +57,9 @@ sentinel--; if (!sentinel) { $('.comment-a-comment').on('click', 'a', function () { + if (!user) { + return; + } $(this).unbind('click'); $('.comment-to-comment-formgroup').empty(); $('#initial-comment-submit').addClass('hidden-element'); diff --git a/views/stories/show.jade b/views/stories/show.jade index 833ef94bcb..52e049b5f9 100644 --- a/views/stories/show.jade +++ b/views/stories/show.jade @@ -42,22 +42,23 @@ span  by  a(href="/" + author.username) @#{author.username} - - .col-xs-12#reply-area - .hidden-element#initial-comment-submit - form.form-horizontal.control-label-story-submission - .col-xs-12 - .input-group - input#comment-box.big-text-field.field-responsive.form-control(type='text', placeholder='Enter your reply', autofocus) - span.input-group-btn - button#comment-button.btn.btn-big.btn-primary.btn-responsive(type='button') Send - span.spacer.pull-left#textarea_feedback + if (user !== null) + .col-xs-12#reply-area + .hidden-element#initial-comment-submit + form.form-horizontal.control-label-story-submission + .col-xs-12 + .input-group + input#comment-box.big-text-field.field-responsive.form-control(type='text', placeholder='Enter your reply', autofocus) + span.input-group-btn + button#comment-button.btn.btn-big.btn-primary.btn-responsive(type='button') Send + span.spacer.pull-left#textarea_feedback script. if (image) { $('#image-display').removeClass('hidden-element') } $('#reply-to-main-post').on('click', function() { + if (!user) return; $('#initial-comment-submit').removeClass('hidden-element'); $(this).unbind('click'); $('.comment-to-comment-formgroup').empty();