greatbody
/
freeCodeCamp
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare against userIds

pull/215/head
Nathan Leniz 2015-03-18 05:01:14 +09:00
parent 8b491ed27e
commit c9dd6366ec
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
controllers/story.js
View File

@ -228,7 +228,7 @@ exports.comments = function(req, res, next) {
exports.newStory = function(req, res) {
if (!req.user) {
res.status(500);
return res.status(500);
}
var url = req.body.data.url;
var cleanURL = sanitizeHtml(url, {
@ -287,8 +287,8 @@ exports.newStory = function(req, res) {
exports.storySubmission = function(req, res) {
var data = req.body.data;
if (!req.user && !data.author) {
res.status(500);
if (req.user._id.toString() !== data.author.userId.toString()) {
return res.status(500);
}
var storyLink = data.headline
.replace(/\'/g, '')
@ -333,8 +333,8 @@ exports.storySubmission = function(req, res) {
exports.commentSubmit = function(req, res) {
var data = req.body.data;
if (!req.user && !data.author) {
res.status(500);
if (req.user._id.toString() !== data.author.userId.toString()) {
return res.status(500);
}
var sanitizedBody = sanitizeHtml(data.body,
{
@ -362,9 +362,11 @@ exports.commentSubmit = function(req, res) {
exports.commentOnCommentSubmit = function(req, res) {
var data = req.body.data;
if (!req.user && !data.author) {
res.status(500);
if (req.user._id.toString() !== data.author.userId.toString()) {
return res.status(500);
}
var sanitizedBody = sanitizeHtml(data.body,
{
allowedTags: [],

3
views/stories/comments.jade
View File

@ -21,7 +21,6 @@
success: function (data, textStatus, xhr) {
commentDetails = data;
var div = document.createElement('div');
var disabledReply = !!user;
$(div)
.html(
@ -36,7 +35,7 @@
'<p>' + commentDetails.body + '</p>' +
'<h6>' +
'<div class="clearfix comment-a-comment negative-15">' +
"<a class='btn btn-no-shadow btn-primary btn-xs btn-primary-ghost' id='" + commentDetails._id + " disabled='" + disabledReply + "'>Reply</a> · " +
"<a class='btn btn-no-shadow btn-primary btn-xs btn-primary-ghost' id='" + commentDetails._id + "'>Reply</a> · " +
"commented " + moment(commentDetails.commentOn).fromNow() + " by " +
"<a href='/" + commentDetails.author.username + "'>@" + commentDetails.author.username + "</a>" +
'</div>' +