gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare against userIds

Browse Source
This commit is contained in:
Nathan Leniz
2015-03-18 05:01:14 +09:00
parent 8b491ed27e
commit c9dd6366ec
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
controllers/story.js
View File

@ -228,7 +228,7 @@ exports.comments = function(req, res, next) {
exports.newStory = function(req, res) { exports.newStory = function(req, res) {
if (!req.user) { if (!req.user) {
res.status(500); return res.status(500);
} }
var url = req.body.data.url; var url = req.body.data.url;
var cleanURL = sanitizeHtml(url, { var cleanURL = sanitizeHtml(url, {
@ -287,8 +287,8 @@ exports.newStory = function(req, res) {
exports.storySubmission = function(req, res) { exports.storySubmission = function(req, res) {
var data = req.body.data; var data = req.body.data;
if (!req.user && !data.author) { if (req.user._id.toString() !== data.author.userId.toString()) {
res.status(500); return res.status(500);
} }
var storyLink = data.headline var storyLink = data.headline
.replace(/\'/g, '') .replace(/\'/g, '')
@ -333,8 +333,8 @@ exports.storySubmission = function(req, res) {
exports.commentSubmit = function(req, res) { exports.commentSubmit = function(req, res) {
var data = req.body.data; var data = req.body.data;
if (!req.user && !data.author) { if (req.user._id.toString() !== data.author.userId.toString()) {
res.status(500); return res.status(500);
} }
var sanitizedBody = sanitizeHtml(data.body, var sanitizedBody = sanitizeHtml(data.body,
{ {
@ -362,9 +362,11 @@ exports.commentSubmit = function(req, res) {
exports.commentOnCommentSubmit = function(req, res) { exports.commentOnCommentSubmit = function(req, res) {
var data = req.body.data; var data = req.body.data;
if (!req.user && !data.author) {
res.status(500); if (req.user._id.toString() !== data.author.userId.toString()) {
return res.status(500);
} }
var sanitizedBody = sanitizeHtml(data.body, var sanitizedBody = sanitizeHtml(data.body,
{ {
allowedTags: [], allowedTags: [],

3
views/stories/comments.jade
View File

@ -21,7 +21,6 @@
success: function (data, textStatus, xhr) { success: function (data, textStatus, xhr) {
commentDetails = data; commentDetails = data;
var div = document.createElement('div'); var div = document.createElement('div');
var disabledReply = !!user;
$(div) $(div)
.html( .html(
@ -36,7 +35,7 @@
'<p>' + commentDetails.body + '</p>' + '<p>' + commentDetails.body + '</p>' +
'<h6>' + '<h6>' +
'<div class="clearfix comment-a-comment negative-15">' + '<div class="clearfix comment-a-comment negative-15">' +
"<a class='btn btn-no-shadow btn-primary btn-xs btn-primary-ghost' id='" + commentDetails._id + " disabled='" + disabledReply + "'>Reply</a> · " + "<a class='btn btn-no-shadow btn-primary btn-xs btn-primary-ghost' id='" + commentDetails._id + "'>Reply</a> · " +
"commented " + moment(commentDetails.commentOn).fromNow() + " by " + "commented " + moment(commentDetails.commentOn).fromNow() + " by " +
"<a href='/" + commentDetails.author.username + "'>@" + commentDetails.author.username + "</a>" + "<a href='/" + commentDetails.author.username + "'>@" + commentDetails.author.username + "</a>" +
'</div>' + '</div>' +