notifications route; added middleware.authenticate to user/uploadpicture api route

This commit is contained in:
psychobunny
2014-03-03 12:30:27 -05:00
parent 5b8e8e4b67
commit 94aeb3ab22
4 changed files with 19 additions and 22 deletions

View File

@@ -372,10 +372,6 @@ accountsController.accountSettings = function(req, res, next) {
};
accountsController.uploadPicture = function (req, res, next) {
if (!req.user) {
return userNotAllowed();
}
var uploadSize = parseInt(meta.config.maximumProfileImageSize, 10) || 256;
if (req.files.userPhoto.size > uploadSize * 1024) {
return res.json({
@@ -473,4 +469,18 @@ accountsController.uploadPicture = function (req, res, next) {
});
};
accountsController.getNotifications = function(req, res, next) {
user.notifications.getAll(req.user.uid, null, null, function(err, notifications) {
if (res.locals.isAPI) {
res.json({
notifications: notifications
});
} else {
res.render('notifications', {
notifications: notifications
});
}
});
};
module.exports = accountsController;

View File

@@ -1,6 +1,5 @@
"use strict";
var app,
clientScripts,
middleware = {},
@@ -19,7 +18,6 @@ var app,
api: require('./../controllers/api')
};
middleware.authenticate = function(req, res, next) {
if(!req.user) {
if (res.locals.isAPI) {

View File

@@ -40,18 +40,6 @@ module.exports = function(app, middleware, controllers) {
app.get('/config', controllers.api.getConfig);
app.get('/notifications', function(req, res) {
if (req.user && req.user.uid) {
user.notifications.getAll(req.user.uid, null, null, function(err, notifications) {
res.json({
notifications: notifications
});
});
} else {
res.send(403);
}
});
app.get('/search/:term', function (req, res, next) {
if (!plugins.hasListeners('filter:search.query')) {
return res.redirect('/404');
@@ -176,7 +164,7 @@ module.exports = function(app, middleware, controllers) {
});
});
// this should have been in the API namespace
// this should be in the API namespace
// also, perhaps pass in :userslug so we can use checkAccountPermissions middleware - in future will allow admins to upload a picture for a user
app.post('/user/uploadpicture', middleware.checkGlobalPrivacySettings, /*middleware.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
app.post('/user/uploadpicture', middleware.authenticate, middleware.checkGlobalPrivacySettings, /*middleware.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
};

View File

@@ -93,6 +93,9 @@ module.exports = function(app, middleware) {
app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
app.get('/notifications', middleware.buildHeader, middleware.authenticate, controllers.accounts.getNotifications);
app.get('/api/notifications', middleware.authenticate, controllers.accounts.getNotifications);
/* Users */
app.get('/users', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);
app.get('/api/users', middleware.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);
@@ -117,8 +120,6 @@ module.exports = function(app, middleware) {
app.get('/sitemap.xml', controllers.sitemap);
app.get('/robots.txt', controllers.robots);
//todo notifications
app.get('api/search/:term?', function (req, res) {
if ((req.user && req.user.uid) || meta.config.allowGuestSearching === '1') {
return res.json({