gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix display of comments if user is not logged in, disable reply button if no user, reject attempted comments if no user and no author

Browse Source
This commit is contained in:
Nathan Leniz
2015-03-17 17:44:52 +09:00
parent 8306662531
commit 8b491ed27e
3 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
controllers/story.js
View File

@ -148,7 +148,7 @@ exports.returnIndividualStory = function(req, res, next) {
upVotes: story.upVotes, upVotes: story.upVotes,
comments: story.comments, comments: story.comments,
id: story._id, id: story._id,
user: req.user, user: req.user || null,
timeAgo: moment(story.timePosted).fromNow(), timeAgo: moment(story.timePosted).fromNow(),
image: story.image, image: story.image,
page: 'show', page: 'show',
@ -227,6 +227,9 @@ exports.comments = function(req, res, next) {
}; };
exports.newStory = function(req, res) { exports.newStory = function(req, res) {
if (!req.user) {
res.status(500);
}
var url = req.body.data.url; var url = req.body.data.url;
var cleanURL = sanitizeHtml(url, { var cleanURL = sanitizeHtml(url, {
allowedTags: [], allowedTags: [],
@ -284,6 +287,9 @@ exports.newStory = function(req, res) {
exports.storySubmission = function(req, res) { exports.storySubmission = function(req, res) {
var data = req.body.data; var data = req.body.data;
if (!req.user && !data.author) {
res.status(500);
}
var storyLink = data.headline var storyLink = data.headline
.replace(/\'/g, '') .replace(/\'/g, '')
.replace(/\"/g, '') .replace(/\"/g, '')
@ -327,6 +333,9 @@ exports.storySubmission = function(req, res) {
exports.commentSubmit = function(req, res) { exports.commentSubmit = function(req, res) {
var data = req.body.data; var data = req.body.data;
if (!req.user && !data.author) {
res.status(500);
}
var sanitizedBody = sanitizeHtml(data.body, var sanitizedBody = sanitizeHtml(data.body,
{ {
allowedTags: [], allowedTags: [],
@ -353,6 +362,9 @@ exports.commentSubmit = function(req, res) {
exports.commentOnCommentSubmit = function(req, res) { exports.commentOnCommentSubmit = function(req, res) {
var data = req.body.data; var data = req.body.data;
if (!req.user && !data.author) {
res.status(500);
}
var sanitizedBody = sanitizeHtml(data.body, var sanitizedBody = sanitizeHtml(data.body,
{ {
allowedTags: [], allowedTags: [],

7
views/stories/comments.jade
View File

@ -21,6 +21,8 @@
success: function (data, textStatus, xhr) { success: function (data, textStatus, xhr) {
commentDetails = data; commentDetails = data;
var div = document.createElement('div'); var div = document.createElement('div');
var disabledReply = !!user;
$(div) $(div)
.html( .html(
'<div class="media media-news">' + '<div class="media media-news">' +
@ -34,7 +36,7 @@
'<p>' + commentDetails.body + '</p>' + '<p>' + commentDetails.body + '</p>' +
'<h6>' + '<h6>' +
'<div class="clearfix comment-a-comment negative-15">' + '<div class="clearfix comment-a-comment negative-15">' +
"<a class='btn btn-no-shadow btn-primary btn-xs btn-primary-ghost' id='" + commentDetails._id + "'>Reply</a> · " + "<a class='btn btn-no-shadow btn-primary btn-xs btn-primary-ghost' id='" + commentDetails._id + " disabled='" + disabledReply + "'>Reply</a> · " +
"commented " + moment(commentDetails.commentOn).fromNow() + " by " + "commented " + moment(commentDetails.commentOn).fromNow() + " by " +
"<a href='/" + commentDetails.author.username + "'>@" + commentDetails.author.username + "</a>" + "<a href='/" + commentDetails.author.username + "'>@" + commentDetails.author.username + "</a>" +
'</div>' + '</div>' +
@ -55,6 +57,9 @@
sentinel--; sentinel--;
if (!sentinel) { if (!sentinel) {
$('.comment-a-comment').on('click', 'a', function () { $('.comment-a-comment').on('click', 'a', function () {
if (!user) {
return;
}
$(this).unbind('click'); $(this).unbind('click');
$('.comment-to-comment-formgroup').empty(); $('.comment-to-comment-formgroup').empty();
$('#initial-comment-submit').addClass('hidden-element'); $('#initial-comment-submit').addClass('hidden-element');

21
views/stories/show.jade
View File

@ -42,22 +42,23 @@
span &thinsp;by&thinsp; span &thinsp;by&thinsp;
a(href="/" + author.username) @#{author.username} a(href="/" + author.username) @#{author.username}
if (user !== null)
.col-xs-12#reply-area .col-xs-12#reply-area
.hidden-element#initial-comment-submit .hidden-element#initial-comment-submit
form.form-horizontal.control-label-story-submission form.form-horizontal.control-label-story-submission
.col-xs-12 .col-xs-12
.input-group .input-group
input#comment-box.big-text-field.field-responsive.form-control(type='text', placeholder='Enter your reply', autofocus) input#comment-box.big-text-field.field-responsive.form-control(type='text', placeholder='Enter your reply', autofocus)
span.input-group-btn span.input-group-btn
button#comment-button.btn.btn-big.btn-primary.btn-responsive(type='button') Send button#comment-button.btn.btn-big.btn-primary.btn-responsive(type='button') Send
span.spacer.pull-left#textarea_feedback span.spacer.pull-left#textarea_feedback
script. script.
if (image) { if (image) {
$('#image-display').removeClass('hidden-element') $('#image-display').removeClass('hidden-element')
} }
$('#reply-to-main-post').on('click', function() { $('#reply-to-main-post').on('click', function() {
if (!user) return;
$('#initial-comment-submit').removeClass('hidden-element'); $('#initial-comment-submit').removeClass('hidden-element');
$(this).unbind('click'); $(this).unbind('click');
$('.comment-to-comment-formgroup').empty(); $('.comment-to-comment-formgroup').empty();