From c609294e1f281acc58b5882dda504756a113b9ce Mon Sep 17 00:00:00 2001 From: Nathan Leniz Date: Sun, 15 Mar 2015 17:06:05 +0900 Subject: [PATCH 1/4] force merge conflict for stream viewers --- public/js/lib/bonfire/bonfireFramework_v0.1.2.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/public/js/lib/bonfire/bonfireFramework_v0.1.2.js b/public/js/lib/bonfire/bonfireFramework_v0.1.2.js index 4b2edebb0ec..1c8a3eb2431 100644 --- a/public/js/lib/bonfire/bonfireFramework_v0.1.2.js +++ b/public/js/lib/bonfire/bonfireFramework_v0.1.2.js @@ -17,10 +17,13 @@ editor.setSize("100%", "auto"); // Hijack tab key to enter two spaces intead editor.setOption("extraKeys", { - Tab: function(cm) { - var spaces = Array(cm.getOption("indentUnit") + 1).join(" "); - cm.replaceSelection(spaces); + Tab: function(mc) { + var spaces = Array(mc.getOption("indentUnit") + 1).join(" "); + mc.replaceSelection(spaces); }, + + + "Ctrl-Enter": function() { bonfireExecute(); return false; From 39555fc65661765b147bae76d51ec7c180ad0b80 Mon Sep 17 00:00:00 2001 From: Nathan Leniz Date: Sun, 15 Mar 2015 17:10:21 +0900 Subject: [PATCH 2/4] Add compiles bundle.js to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 01824e83b95..b17d83ff4ea 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ Thumbs.db bower_components .eslintignore .eslintrc +public/js/bundle.js \ No newline at end of file From 8b491ed27e728643f08cbbe6878e7e738f5c6273 Mon Sep 17 00:00:00 2001 From: Nathan Leniz Date: Tue, 17 Mar 2015 17:44:52 +0900 Subject: [PATCH 3/4] Fix display of comments if user is not logged in, disable reply button if no user, reject attempted comments if no user and no author --- controllers/story.js | 14 +++++++++++++- views/stories/comments.jade | 7 ++++++- views/stories/show.jade | 21 +++++++++++---------- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/controllers/story.js b/controllers/story.js index be129b8dd17..f31891c3121 100644 --- a/controllers/story.js +++ b/controllers/story.js @@ -148,7 +148,7 @@ exports.returnIndividualStory = function(req, res, next) { upVotes: story.upVotes, comments: story.comments, id: story._id, - user: req.user, + user: req.user || null, timeAgo: moment(story.timePosted).fromNow(), image: story.image, page: 'show', @@ -227,6 +227,9 @@ exports.comments = function(req, res, next) { }; exports.newStory = function(req, res) { + if (!req.user) { + res.status(500); + } var url = req.body.data.url; var cleanURL = sanitizeHtml(url, { allowedTags: [], @@ -284,6 +287,9 @@ exports.newStory = function(req, res) { exports.storySubmission = function(req, res) { var data = req.body.data; + if (!req.user && !data.author) { + res.status(500); + } var storyLink = data.headline .replace(/\'/g, '') .replace(/\"/g, '') @@ -327,6 +333,9 @@ exports.storySubmission = function(req, res) { exports.commentSubmit = function(req, res) { var data = req.body.data; + if (!req.user && !data.author) { + res.status(500); + } var sanitizedBody = sanitizeHtml(data.body, { allowedTags: [], @@ -353,6 +362,9 @@ exports.commentSubmit = function(req, res) { exports.commentOnCommentSubmit = function(req, res) { var data = req.body.data; + if (!req.user && !data.author) { + res.status(500); + } var sanitizedBody = sanitizeHtml(data.body, { allowedTags: [], diff --git a/views/stories/comments.jade b/views/stories/comments.jade index 53ae1f12b37..bc33e9188f9 100644 --- a/views/stories/comments.jade +++ b/views/stories/comments.jade @@ -21,6 +21,8 @@ success: function (data, textStatus, xhr) { commentDetails = data; var div = document.createElement('div'); + var disabledReply = !!user; + $(div) .html( '
' + @@ -34,7 +36,7 @@ '

' + commentDetails.body + '

' + '
' + '
' + - "Reply · " + + "Reply · " + "commented " + moment(commentDetails.commentOn).fromNow() + " by " + "@" + commentDetails.author.username + "" + '
' + @@ -55,6 +57,9 @@ sentinel--; if (!sentinel) { $('.comment-a-comment').on('click', 'a', function () { + if (!user) { + return; + } $(this).unbind('click'); $('.comment-to-comment-formgroup').empty(); $('#initial-comment-submit').addClass('hidden-element'); diff --git a/views/stories/show.jade b/views/stories/show.jade index 833ef94bcb9..52e049b5f93 100644 --- a/views/stories/show.jade +++ b/views/stories/show.jade @@ -42,22 +42,23 @@ span  by  a(href="/" + author.username) @#{author.username} - - .col-xs-12#reply-area - .hidden-element#initial-comment-submit - form.form-horizontal.control-label-story-submission - .col-xs-12 - .input-group - input#comment-box.big-text-field.field-responsive.form-control(type='text', placeholder='Enter your reply', autofocus) - span.input-group-btn - button#comment-button.btn.btn-big.btn-primary.btn-responsive(type='button') Send - span.spacer.pull-left#textarea_feedback + if (user !== null) + .col-xs-12#reply-area + .hidden-element#initial-comment-submit + form.form-horizontal.control-label-story-submission + .col-xs-12 + .input-group + input#comment-box.big-text-field.field-responsive.form-control(type='text', placeholder='Enter your reply', autofocus) + span.input-group-btn + button#comment-button.btn.btn-big.btn-primary.btn-responsive(type='button') Send + span.spacer.pull-left#textarea_feedback script. if (image) { $('#image-display').removeClass('hidden-element') } $('#reply-to-main-post').on('click', function() { + if (!user) return; $('#initial-comment-submit').removeClass('hidden-element'); $(this).unbind('click'); $('.comment-to-comment-formgroup').empty(); From c9dd6366ec508af39a30bd084fe0fb49a6cec3e5 Mon Sep 17 00:00:00 2001 From: Nathan Leniz Date: Wed, 18 Mar 2015 05:01:14 +0900 Subject: [PATCH 4/4] Compare against userIds --- controllers/story.js | 16 +++++++++------- views/stories/comments.jade | 3 +-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/controllers/story.js b/controllers/story.js index f31891c3121..a76fd6e8200 100644 --- a/controllers/story.js +++ b/controllers/story.js @@ -228,7 +228,7 @@ exports.comments = function(req, res, next) { exports.newStory = function(req, res) { if (!req.user) { - res.status(500); + return res.status(500); } var url = req.body.data.url; var cleanURL = sanitizeHtml(url, { @@ -287,8 +287,8 @@ exports.newStory = function(req, res) { exports.storySubmission = function(req, res) { var data = req.body.data; - if (!req.user && !data.author) { - res.status(500); + if (req.user._id.toString() !== data.author.userId.toString()) { + return res.status(500); } var storyLink = data.headline .replace(/\'/g, '') @@ -333,8 +333,8 @@ exports.storySubmission = function(req, res) { exports.commentSubmit = function(req, res) { var data = req.body.data; - if (!req.user && !data.author) { - res.status(500); + if (req.user._id.toString() !== data.author.userId.toString()) { + return res.status(500); } var sanitizedBody = sanitizeHtml(data.body, { @@ -362,9 +362,11 @@ exports.commentSubmit = function(req, res) { exports.commentOnCommentSubmit = function(req, res) { var data = req.body.data; - if (!req.user && !data.author) { - res.status(500); + + if (req.user._id.toString() !== data.author.userId.toString()) { + return res.status(500); } + var sanitizedBody = sanitizeHtml(data.body, { allowedTags: [], diff --git a/views/stories/comments.jade b/views/stories/comments.jade index bc33e9188f9..751f65f9159 100644 --- a/views/stories/comments.jade +++ b/views/stories/comments.jade @@ -21,7 +21,6 @@ success: function (data, textStatus, xhr) { commentDetails = data; var div = document.createElement('div'); - var disabledReply = !!user; $(div) .html( @@ -36,7 +35,7 @@ '

' + commentDetails.body + '

' + '
' + '
' + - "Reply · " + + "Reply · " + "commented " + moment(commentDetails.commentOn).fromNow() + " by " + "@" + commentDetails.author.username + "" + '
' +