diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/system.js | 184 | ||||
| -rw-r--r-- | app/controllers/users.js | 96 |
2 files changed, 190 insertions, 90 deletions
diff --git a/app/controllers/system.js b/app/controllers/system.js index 2fcb0fd..a09f517 100644 --- a/app/controllers/system.js +++ b/app/controllers/system.js @@ -2,6 +2,7 @@ /** * Module dependencies */ + var mongoose = require('mongoose') , env = process.env.NODE_ENV || 'development' , config = require('../../config/config.js')[env] @@ -21,115 +22,139 @@ Validator.prototype.error = function(msg) { } Validator.prototype.getErrors = function() { var returnThis = this._errors; - this._errors = ''; // need to reset errors between sessions because of object model + this._errors = ''; // need to reset errors between sessions because of object model that retains errors return returnThis; } + /** * Before the user log in * =============================================================== */ + +/** + * GET '/' + */ + exports.index = function(req, res) { - if (req.user !== undefined) { return res.redirect('/dashboard'); } - res.render('index', { title: 'Divid', user: req.user }); + if (req.user !== undefined) return res.redirect('/dashboard'); // if the user is logged in, redirect to dashboard + res.render('index', { + title: 'Divid' + , user:req.user + }); } +/** + * GET '/faq' + */ + exports.faq = function(req, res) { res.render('faq', { - title: 'faq', - user: req.user + title: 'FAQ' + , user: req.user }); } +/** + * GET '/contact' + */ + exports.contact = function(req, res) { res.render('contact', { - title: 'contact', - user: req.user + title: 'Kontakt' + , user: req.user }); } + /** * After the user has logged in * =============================================================== */ + +/** + * GET '/dashboard' + */ + exports.dashboard = function(req, res) { + // check if user is actually registered if (req.user.status < 3) { if (req.header('Referer') === undefined) { return res.status(403).render('error', { title: 403, text: 'Du har ikke tilgang til denne siden. Du må registrere deg først. Sjekk mailen din for å se invitekode.' }); } else { return res.redirect('back'); } } + // start by loading all the projects the current user has access to Access.loadUser(req.user._id, function(err, projects) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + var projectIDs = []; var pro = { project: [] }; + + // Time to initiate some projects so we can calculate how much the user owes / is owned projects.forEach(function(project) { - projectIDs.push(project.project._id); - pro.project[project.project._id] = { + projectIDs.push(project.project._id); // fills an array with all the project IDs + pro.project[project.project._id] = { // initiates an object for each project, where we can store some data total: 0 // total for project , user: 0 // what req-user has spent on project , users: 0 // number of users on project }; }); + + // loads all the users for the projects the current user has access to + // this is necessary so we can calculate what the user owes based on how many users each project has Access.loadProjects(projectIDs, function(err, participants) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + + // counts the users in each project participants.forEach(function(p) { pro.project[p.project].users++; }); + + // loads ALL posts for EVERY project the user has access to pPost.loadByProjects(projectIDs, function(err, posts) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - Access.loadProjects(projectIDs, function(err, participants) { - if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - - // FUN FUN FUN CALCULATIONS - - posts.forEach(function(p) { - if (String(p.user._id) === String(req.user._id)) pro.project[p.project._id].user += p.value; - pro.project[p.project._id].total += p.value; - }); - - res.render('dashboard', { - title: 'Dashboard' - , user: req.user - , projects: projects - , posts: posts - , participants: participants - , pro: pro - }); + + // FUN FUN FUN CALCULATIONS + posts.forEach(function(p) { + if (String(p.user._id) === String(req.user._id)) pro.project[p.project._id].user += p.value; + pro.project[p.project._id].total += p.value; + }); + + res.render('dashboard', { + title: 'Dashboard' + , user: req.user + , projects: projects + , posts: posts + , participants: participants + , pro: pro }); }); - /* res.render('dashboard', { - title: 'Dashboard', - user: req.user, - projects: projects - }); -*/ }); }); - -/* - Project.find(function(err, projects) { - if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - res.render('dashboard', { - title: 'Dashboad', - user: req.user, - projects: projects - }); - });*/ } +/** + * GET '/project/:short' + * :short = shortURL for project + */ exports.project = function(req, res) { + // loads the project based on the :short part of the url Project.loadShort(req.params.short, function(err, project) { if (err || !project) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err }); + + //loads all users in project Access.loadProject(project._id, function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + + // loads all posts in project pPost.loadProject(project._id, function(err, posts) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); @@ -171,10 +196,12 @@ exports.project = function(req, res) { pro.user[i].diff = parseFloat(pro.user[i].total - pro.each).toFixed(2); if (pro.user[i].diff > 0) pro.otot += parseFloat(pro.user[i].diff); } + + // sets the coefficient if the user is owed money for (var i in pro.user) { if (pro.user[i].diff > 0) pro.user[i].coeff = pro.user[i].diff / pro.otot; } - console.log(pro); + res.render('project/project', { title: project.name , user: req.user @@ -186,35 +213,52 @@ exports.project = function(req, res) { }); }); }); - }); } +/** + * GET '/project/:short/participants' + * + * POST is in app/controllers/users.js + */ + exports.projectParticipants = function(req, res) { + // check if user is actually registered if (req.user.status < 3) { if (req.header('Referer') === undefined) { return res.status(403).render('error', { title: 403, text: 'Du har ikke tilgang til denne siden. Du må registrere deg først. Sjekk mailen din for å se invitekode.' }); } else { return res.redirect('back'); } } - res.render('project/participants', { title: 'Prosjektdeltakere', user: req.user }); + res.render('project/participants', { + title: 'Prosjektdeltakere' + , user: req.user + }); } +/** + * GET '/projet/:short/post' + */ + exports.projectPost = function(req, res) { - /** ################################### - * Need to check if user has access to this project!! - */ Project.loadShort(req.params.short, function(err, project) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); req.project = project; - res.render('project/post', { title: 'Legg til utgift', user: req.user, req: req, project: project }); + res.render('project/post', { + title: 'Legg til utgift' + , user: req.user + , req: req + , project: project + }); }); +} - -} +/** + * POST '/project:short/post' + */ exports.postProjectPost = function(req, res) { @@ -245,6 +289,7 @@ exports.postProjectPost = function(req, res) { ppost.participants = sanitize(req.body.participants).escape(); ppost.value = sanitize(req.body.value).toInt(); // this will remove leading zeroes. '0123' => '123' ppost.when = new Date(sanitize(req.body.date).escape() + ' ' + sanitize(req.body.time).escape() + ':00'); + ppost.save(function(err) { if (err) return res.render('project/post', { title: 'Legg til utgift - en feil oppstod', user: req.user, req: req, project: project }); return res.redirect('/project/' + project.shortURL); @@ -252,15 +297,29 @@ exports.postProjectPost = function(req, res) { }); }); } + + +/** + * GET '/project/new' + */ + exports.newProject = function(req, res) { if (req.user.status < 3) { if (req.header('Referer') === undefined) { return res.status(403).render('error', { title: 403, text: 'Du har ikke tilgang til denne siden. Du må registrere deg først. Sjekk mailen din for å se invitekode.' }); } else { return res.redirect('back'); } } - res.render('project/newProject', { title: 'Nytt prosjekt', user: req.user }); + res.render('project/newProject', { + title: 'Nytt prosjekt' + , user: req.user + }); } + +/** + * POST '/project/new' + */ + exports.postNewProject = function(req, res) { if (req.user.status < 3) { if (req.header('Referer') === undefined) { return res.status(403).render('error', { title: 403, text: 'Du har ikke tilgang til denne siden. Du må registrere deg først. Sjekk mailen din for å se invitekode.' }); } @@ -282,7 +341,10 @@ exports.postNewProject = function(req, res) { access.save(function(err) { if (err) { console.log(err.errors); - return res.render('project/newProject', { title: 'Nytt prosjekt - en feil oppstod', user: req.user }); + return res.render('project/newProject', { + title: 'Nytt prosjekt - en feil oppstod' + , user: req.user + }); } return res.redirect('/dashboard'); }); @@ -291,18 +353,30 @@ exports.postNewProject = function(req, res) { } +/** + * GET '/project/:short/delete/:post' + */ + exports.deleteProjectPost = function(req, res) { + + //Locate project Project.findOne({ shortURL: req.params.short }).select('_id').exec(function(err, project) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + + //make sure you actually have access Access.findOne({project: project._id, user: req.user._id}, function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); if (!access) return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); + pPost.load(req.params.post, function(err, post) { if (err || !post) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err }); + if (post.user._id === req.user._id || access.permissions >= 6) { + + // delete! (only if access) pPost.remove({ _id: post._id }, function(err) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - console.log('deleted post ' + post._id); + return res.redirect('back'); }) } else { return res.status(403).render('error', { title: '403', text: 'Du har ikke tilgang til å gjøre dette' }); } diff --git a/app/controllers/users.js b/app/controllers/users.js index 237d359..d2569fa 100644 --- a/app/controllers/users.js +++ b/app/controllers/users.js @@ -26,8 +26,9 @@ Validator.prototype.getErrors = function() { /** - * Logout + * GET '/logout' */ + exports.logout = function(req, res) { req.logout(); res.redirect('/'); @@ -35,13 +36,20 @@ exports.logout = function(req, res) { /** - * Signin + * GET '/signin' * This is triggered when the user post to /login */ + exports.signin = function(req, res) { res.redirect('/dashboard'); } + +/** + * GET '/login/:hash' + * This is triggered when a user tries to log in using a unique link he got in the mail + */ + exports.randomLogin = function(req, res) { Access.findOne({ randomToken: req.params.hash }).populate('project', 'shortURL').exec(function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); @@ -52,15 +60,22 @@ exports.randomLogin = function(req, res) { /** - * Signup + * GET '/signup' */ + exports.signup = function(req, res) { - res.render('users/signup', { title: 'Registrer deg', invite: false }); + res.render('users/signup', { + title: 'Registrer deg' + , invite: false + }); } + /** - * Create users + * POST '/signup' + * This is when a user has posted his registration form */ + exports.create = function(req, res) { var user = new User(req.body); user.provider = 'local'; @@ -75,7 +90,7 @@ exports.create = function(req, res) { /** - * AuthCallback + * GET '/auth/facebook/callback' OR '/auth/twitter/callback' * This is what happends when a user has signed in using facebook/twitter */ @@ -88,7 +103,7 @@ exports.authCallback = function(req, res, next) { /** - * registerEmail + * GET '/registerEmail' * Will register the users email if they don't have already */ @@ -100,7 +115,7 @@ exports.registerEmail = function(req, res) { /** - * postRegisterEmail + * POST '/registerEmail' */ exports.postRegisterEmail = function(req, res) { @@ -118,6 +133,7 @@ exports.postRegisterEmail = function(req, res) { User.update({ _id: req.user._id }, { email: req.body.email, status: 3 }, function(err) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + return res.redirect('/dashboard'); }); }); @@ -125,25 +141,25 @@ exports.postRegisterEmail = function(req, res) { /** - * postProjectParticipants + * POST '/project/:short/participants' * This callback is in this file because it treats users. */ + exports.postProjectParticipants = function(req, res) { Project.loadShort(req.params.short, function(err, project) { if (err || !project) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + // check if users has access Access.checkAccess(req.user._id, project._id, 3, function(err, access) { if (err || !access) return res.status(403).render('error', { title: '403', text: 'No sir! NO ACCESS FOR YOU', error: err || 'no access' }); // validate var emails = sanitize(req.body.emails).xss(); v.check(emails, 'You need to enter some emails to invite someone').notEmpty(); - //var emails = sanitize(req.body.emails).xss(); + emails = emails.split('\r\n'); emails.forEach(function(m) { // m = each mailaddress - if (m) { - v.check(m, m + ' is not a valid email').isEmail(); - } + if (m) v.check(m, m + ' is not a valid email').isEmail(); }); // error when validation fails @@ -156,34 +172,39 @@ exports.postProjectParticipants = function(req, res) { , server = email.server.connect(config.email) , message = { subject: 'You were invited to use Divid', - text: 'VIL DU BRUK DIVID?', + text: 'Ønsker du å bruke Divid?', // this text will be substituted later on from: 'Divid <divid@divid.no>', } + emails.forEach(function(mailAddress) { // loops through all the emails and sets up each user User.loadUser(mailAddress, function(err, user) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - if (!user) { //if the user doesn't exist, create one + + //if the user doesn't exist, create one + if (!user) { console.log('fant ingen brukere med den eposten. må invitere og stasj'); + var newUser = new User(); newUser.email = mailAddress; newUser.username = mailAddress; - newUser.name = mailAddress + ' <span class="muted">(ikke registrert)</span>'; + newUser.name = mailAddress + ' <span class="muted">(ikke registrert)</span>'; // this is what we call the user when he's not registered newUser.status = 1; newUser.password = newUser.generateRandomToken(32); newUser.randomToken = newUser.generateRandomToken(10, true); + newUser.save(function(err) { if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); console.log('made new user ' + newUser._id); + var access = new Access(); access.user = newUser._id; access.creator = req.user._id; access.project = project._id; access.randomToken = access.generateRandomToken(15); + access.save(function(err) { - if (err) { - console.log(err.errors); - return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - } + if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); + console.log('made new access for user ' + newUser._id); message.to = newUser.email; message.text = 'Hei! Du har blitt invitert til å delta i et Divid-prosjekt! https://divid.no/invite/' + newUser.randomToken + '\n Du kan også gå direkte til prosjektet her: https://divid.no/login/' + access.randomToken; @@ -191,27 +212,29 @@ exports.postProjectParticipants = function(req, res) { }); }); - } else { // if the user exists, add him to the project + // if the user exists, add him to the project + } else { Access.checkAccess(user._id, project._id, 0, function(err, acc) { if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - if (acc) { // if the user already has access to the project.. do nothing + + // if the user already has access to the project.. do nothing + if (acc) { console.log('user ' + user.email + ' already has access to project ' + project.name); } else { - console.log('fant en bruker. må lage ny access til han og si i fra.'); var access = new Access(); access.user = user._id; access.creator = req.user._id; access.project = project._id; message.text = 'Du ble lagt til projektet "' + project.name + '"'; + if (Number(user.status) < 3) { access.randomToken = access.generateRandomToken(15); message.text += '.\nDu kan få direkte tilgang til dette prosjektet her: https://divid.no/login/' + access.randomToken + ' \nDu kan bruke denne linken for å registrere deg, for å få tilgang til flere funksjoner: https://divid.no/invite/' + user.randomToken; } + access.save(function(err) { - if (err) { - console.log(err.errors); - return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - } + if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); + console.log('made new access for user ' + user.username); message.to = user.email; server.send(message, function(err, message) { console.log(err || message);}); @@ -220,7 +243,7 @@ exports.postProjectParticipants = function(req, res) { }); } }); - }); + }); res.redirect('back'); }); @@ -229,7 +252,7 @@ exports.postProjectParticipants = function(req, res) { /** - * claimInvite + * GET '/invite/:randomToken' * So users can use their inviteEmail */ @@ -241,16 +264,18 @@ exports.claimInvite = function(req, res) { if (!user) return res.render('error', { title: 'This invite does not exist', text: 'Invitasjonen din er ugyldig' }); res.render('users/signup', { - invite: true, - title: 'Registrer deg!', - email: user.email } - ); + invite: true + , title: 'Registrer deg!' + , email: user.email + }); }); - - } +/** + * POST '/invite/:randomToken' + */ + exports.postClaimInvite = function(req, res) { User.findOne({ randomToken: sanitize(req.params.randomToken).escape(), status: 1 }, function(err, user) { @@ -270,6 +295,7 @@ exports.postClaimInvite = function(req, res) { user.provider = 'local'; user.status = 3; user.randomToken = ''; + user.save(function(err) { if (err) return res.render('signup', { errors: err.errors, user: user }); req.logIn(user, function(err) { |