aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'controllers')
-rw-r--r--controllers/system.js87
1 files changed, 60 insertions, 27 deletions
diff --git a/controllers/system.js b/controllers/system.js
index c052595..31b48f7 100644
--- a/controllers/system.js
+++ b/controllers/system.js
@@ -130,6 +130,7 @@ exports.projectPost = function(req, res) {
console.log(req.loggedin);
Project.loadShort(req.params.short, function(err, project) {
if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ req.project = project;
res.render('projectPost', { title: 'Legg til utgift', loggedin: true, req: req, project: project });
});
@@ -138,22 +139,54 @@ exports.projectPost = function(req, res) {
}
exports.postProjectPost = function(req, res) {
-/*// var ppost = new pPost(req.body);
- ppost.user = req.user._id;
- ppost.project = ;
-/*/
- var ppost = new pPost(req.body);
- console.log('ppost.user = ' + req.user._id);
- console.log('ppost.project = ' + ppost.project);
- console.log('ppost.what = ' + ppost.what);
- console.log('ppost.participants = ' + ppost.participants);
- console.log('req.body = ' + Object.keys(req.body));
- ppost.when = new Date(req.body.date + ' ' + req.body.time + ':00');
- console.log('ppost.when = ' + ppost.when);
-
- //*//
-}
+ // Validation
+ req.assert('project', 'The project was lost').notEmpty();
+ req.assert('what', 'You need to fill in the what-field').notEmpty();
+ req.assert('value', 'The value must be a positive number').notEmpty().isInt().min(0);
+ var projectId = req.sanitize('project').escape();
+
+ // error when validation fails
+ var errors = req.validationErrors();
+ if (errors) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil', error: errors.stack });
+
+
+ Access.findOne({ user: req.user._id }).where('project').equals(projectId).exec(function(err, access) {
+ if (err || !access) return res.status(403).render('error', { title: '403', text: 'no sir.' });
+
+ // Time to fill in the model!
+ var ppost = new pPost();
+ ppost.user = req.user._id;
+ console.log('ppost.user = ' + req.user._id);
+
+ ppost.for = req.user._id;
+
+ ppost.project = req.sanitize('project').escape(); // escape will escape html-specific characters, like " & > etc."
+ console.log('ppost.project = ' + ppost.project);
+
+ ppost.what = req.sanitize('what').escape();
+ console.log('ppost.what = ' + ppost.what);
+
+ ppost.comment = req.sanitize('comment').xss(); // xss will remove cross-site-scripting in the textfield.
+
+ ppost.participants = req.sanitize('participants').escape();
+ console.log('ppost.participants = ' + ppost.participants);
+
+ ppost.value = req.sanitize('value').toInt(); // this will remove leading zeroes. '0123' => '123'
+
+ ppost.when = new Date(req.sanitize('date').escape() + ' ' + req.sanitize('time').escape() + ':00');
+ console.log('ppost.when = ' + ppost.when);
+
+ console.log('req.profile: ' + req.profile);
+ ppost.save(function(err) {
+ if (err) {
+ console.log(err.errors);
+ res.render('projectPost', { title: 'Legg til utgift - en feil oppstod', loggedin: true, req: req, project: project });
+ }
+ return res.redirect('/dashboard');
+ })
+ });
+}
exports.newProject = function(req, res) {
res.render('newProject', { title: 'Nytt prosjekt', loggedin: true });
}
@@ -166,19 +199,19 @@ exports.postNewProject = function(req, res) {
console.log(err.errors);
return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true, errors: err.errors, project: project });
}
+ var access = new Access();
+ access.user = req.user._id;
+ access.creator = req.user._id;
+ access.project = project._id;
+ access.permissions = 1;
+ access.save(function(err) {
+ if (err) {
+ console.log(err.errors);
+ return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
+ }
+ return res.redirect('/dashboard');
+ });
});
- var access = new Access();
- access.user = req.user._id;
- access.creator = req.user._id;
- access.project = project._id;
- access.permissions = 1;
- access.save(function(err) {
- if (err) {
- console.log(err.errors);
- return res.render('newproject', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
- }
- return res.redirect('/dashboard');
- })
}