added ppost feature

author: Dennis Eriksen <dennis.se@gmail.com> 2013-05-13 00:30:12 +0200
committer: Dennis Eriksen <dennis.se@gmail.com> 2013-05-13 00:30:12 +0200
commit: 3d73f6aa3622fbf14dca33304eb5368d9a3e89cc (patch)
tree: c930c683d22e132d65e52f0b34966a82048542a7 /controllers/system.js
parent: removed errorchecking in model (diff)
download: Divid-3d73f6aa3622fbf14dca33304eb5368d9a3e89cc.tar.gz
1 files changed, 60 insertions, 27 deletions
diff --git a/controllers/system.js b/controllers/system.js
index c052595..31b48f7 100644
--- a/controllers/system.js
+++ b/controllers/system.js
@@ -130,6 +130,7 @@ exports.projectPost = function(req, res) {
     console.log(req.loggedin);
     Project.loadShort(req.params.short, function(err, project) {
         if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+        req.project = project;
         res.render('projectPost', { title: 'Legg til utgift', loggedin: true, req: req, project: project });
     });
 
@@ -138,22 +139,54 @@ exports.projectPost = function(req, res) {
 }
 
 exports.postProjectPost = function(req, res) {
-/*//    var ppost = new pPost(req.body);
-    ppost.user = req.user._id;
-    ppost.project = ;
-/*/
-    var ppost = new pPost(req.body);
-    console.log('ppost.user = ' + req.user._id);
-    console.log('ppost.project = ' + ppost.project);
-    console.log('ppost.what = ' + ppost.what);
-    console.log('ppost.participants = ' + ppost.participants);
-    console.log('req.body = ' + Object.keys(req.body));
-    ppost.when = new Date(req.body.date + ' ' + req.body.time + ':00');
-    console.log('ppost.when = ' + ppost.when);
-
-    //*//
-}
 
+    // Validation
+    req.assert('project', 'The project was lost').notEmpty();
+    req.assert('what', 'You need to fill in the what-field').notEmpty();
+    req.assert('value', 'The value must be a positive number').notEmpty().isInt().min(0);
+    var projectId = req.sanitize('project').escape();
+
+    // error when validation fails
+    var errors = req.validationErrors();
+    if (errors) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil', error: errors.stack });
+
+
+    Access.findOne({ user: req.user._id }).where('project').equals(projectId).exec(function(err, access) {
+        if (err || !access) return res.status(403).render('error', { title: '403', text: 'no sir.' });
+
+        // Time to fill in the model!
+        var ppost = new pPost();
+        ppost.user = req.user._id;
+      console.log('ppost.user = ' + req.user._id);
+
+        ppost.for = req.user._id;
+
+        ppost.project = req.sanitize('project').escape(); // escape will escape html-specific characters, like " & > etc."
+      console.log('ppost.project = ' + ppost.project);
+
+        ppost.what = req.sanitize('what').escape();
+      console.log('ppost.what = ' + ppost.what);
+
+        ppost.comment = req.sanitize('comment').xss(); // xss will remove cross-site-scripting in the textfield.
+
+        ppost.participants = req.sanitize('participants').escape();
+      console.log('ppost.participants = ' + ppost.participants);
+
+        ppost.value = req.sanitize('value').toInt(); // this will remove leading zeroes. '0123' => '123'
+
+        ppost.when = new Date(req.sanitize('date').escape() + ' ' + req.sanitize('time').escape() + ':00');
+      console.log('ppost.when = ' + ppost.when);
+
+        console.log('req.profile: ' + req.profile);
+        ppost.save(function(err) {
+            if (err) {
+                console.log(err.errors);
+                res.render('projectPost', { title: 'Legg til utgift - en feil oppstod', loggedin: true, req: req, project: project });
+            }
+            return res.redirect('/dashboard');
+        })
+    });
+}
 exports.newProject = function(req, res) {
     res.render('newProject', { title: 'Nytt prosjekt', loggedin: true });
 }
@@ -166,19 +199,19 @@ exports.postNewProject = function(req, res) {
             console.log(err.errors);
             return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true, errors: err.errors, project: project });
         }
+        var access = new Access();
+        access.user = req.user._id;
+        access.creator = req.user._id;
+        access.project = project._id;
+        access.permissions = 1;
+        access.save(function(err) {
+            if (err) {
+                console.log(err.errors);
+                return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
+            }
+            return res.redirect('/dashboard');
+        });
     });
 
-    var access = new Access();
-    access.user = req.user._id;
-    access.creator = req.user._id;
-    access.project = project._id;
-    access.permissions = 1;
-    access.save(function(err) {
-        if (err) {
-            console.log(err.errors);
-            return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
-        }
-        return res.redirect('/dashboard');
-    })
 }
author	Dennis Eriksen <dennis.se@gmail.com>	2013-05-13 00:30:12 +0200
committer	Dennis Eriksen <dennis.se@gmail.com>	2013-05-13 00:30:12 +0200
commit	3d73f6aa3622fbf14dca33304eb5368d9a3e89cc (patch)
tree	c930c683d22e132d65e52f0b34966a82048542a7 /controllers/system.js
parent	removed errorchecking in model (diff)
download	Divid-3d73f6aa3622fbf14dca33304eb5368d9a3e89cc.tar.gz