diff options
Diffstat (limited to 'controllers')
-rw-r--r-- | controllers/system.js | 87 |
1 files changed, 60 insertions, 27 deletions
diff --git a/controllers/system.js b/controllers/system.js index c052595..31b48f7 100644 --- a/controllers/system.js +++ b/controllers/system.js @@ -130,6 +130,7 @@ exports.projectPost = function(req, res) { console.log(req.loggedin); Project.loadShort(req.params.short, function(err, project) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + req.project = project; res.render('projectPost', { title: 'Legg til utgift', loggedin: true, req: req, project: project }); }); @@ -138,22 +139,54 @@ exports.projectPost = function(req, res) { } exports.postProjectPost = function(req, res) { -/*// var ppost = new pPost(req.body); - ppost.user = req.user._id; - ppost.project = ; -/*/ - var ppost = new pPost(req.body); - console.log('ppost.user = ' + req.user._id); - console.log('ppost.project = ' + ppost.project); - console.log('ppost.what = ' + ppost.what); - console.log('ppost.participants = ' + ppost.participants); - console.log('req.body = ' + Object.keys(req.body)); - ppost.when = new Date(req.body.date + ' ' + req.body.time + ':00'); - console.log('ppost.when = ' + ppost.when); - - //*// -} + // Validation + req.assert('project', 'The project was lost').notEmpty(); + req.assert('what', 'You need to fill in the what-field').notEmpty(); + req.assert('value', 'The value must be a positive number').notEmpty().isInt().min(0); + var projectId = req.sanitize('project').escape(); + + // error when validation fails + var errors = req.validationErrors(); + if (errors) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil', error: errors.stack }); + + + Access.findOne({ user: req.user._id }).where('project').equals(projectId).exec(function(err, access) { + if (err || !access) return res.status(403).render('error', { title: '403', text: 'no sir.' }); + + // Time to fill in the model! + var ppost = new pPost(); + ppost.user = req.user._id; + console.log('ppost.user = ' + req.user._id); + + ppost.for = req.user._id; + + ppost.project = req.sanitize('project').escape(); // escape will escape html-specific characters, like " & > etc." + console.log('ppost.project = ' + ppost.project); + + ppost.what = req.sanitize('what').escape(); + console.log('ppost.what = ' + ppost.what); + + ppost.comment = req.sanitize('comment').xss(); // xss will remove cross-site-scripting in the textfield. + + ppost.participants = req.sanitize('participants').escape(); + console.log('ppost.participants = ' + ppost.participants); + + ppost.value = req.sanitize('value').toInt(); // this will remove leading zeroes. '0123' => '123' + + ppost.when = new Date(req.sanitize('date').escape() + ' ' + req.sanitize('time').escape() + ':00'); + console.log('ppost.when = ' + ppost.when); + + console.log('req.profile: ' + req.profile); + ppost.save(function(err) { + if (err) { + console.log(err.errors); + res.render('projectPost', { title: 'Legg til utgift - en feil oppstod', loggedin: true, req: req, project: project }); + } + return res.redirect('/dashboard'); + }) + }); +} exports.newProject = function(req, res) { res.render('newProject', { title: 'Nytt prosjekt', loggedin: true }); } @@ -166,19 +199,19 @@ exports.postNewProject = function(req, res) { console.log(err.errors); return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true, errors: err.errors, project: project }); } + var access = new Access(); + access.user = req.user._id; + access.creator = req.user._id; + access.project = project._id; + access.permissions = 1; + access.save(function(err) { + if (err) { + console.log(err.errors); + return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); + } + return res.redirect('/dashboard'); + }); }); - var access = new Access(); - access.user = req.user._id; - access.creator = req.user._id; - access.project = project._id; - access.permissions = 1; - access.save(function(err) { - if (err) { - console.log(err.errors); - return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - } - return res.redirect('/dashboard'); - }) } |