mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-07-08 15:41:33 +02:00
notifications route; added middleware.authenticate to user/uploadpicture api route
This commit is contained in:
@@ -372,10 +372,6 @@ accountsController.accountSettings = function(req, res, next) {
|
||||
};
|
||||
|
||||
accountsController.uploadPicture = function (req, res, next) {
|
||||
if (!req.user) {
|
||||
return userNotAllowed();
|
||||
}
|
||||
|
||||
var uploadSize = parseInt(meta.config.maximumProfileImageSize, 10) || 256;
|
||||
if (req.files.userPhoto.size > uploadSize * 1024) {
|
||||
return res.json({
|
||||
@@ -473,4 +469,18 @@ accountsController.uploadPicture = function (req, res, next) {
|
||||
});
|
||||
};
|
||||
|
||||
accountsController.getNotifications = function(req, res, next) {
|
||||
user.notifications.getAll(req.user.uid, null, null, function(err, notifications) {
|
||||
if (res.locals.isAPI) {
|
||||
res.json({
|
||||
notifications: notifications
|
||||
});
|
||||
} else {
|
||||
res.render('notifications', {
|
||||
notifications: notifications
|
||||
});
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
module.exports = accountsController;
|
||||
@@ -1,6 +1,5 @@
|
||||
"use strict";
|
||||
|
||||
|
||||
var app,
|
||||
clientScripts,
|
||||
middleware = {},
|
||||
@@ -19,7 +18,6 @@ var app,
|
||||
api: require('./../controllers/api')
|
||||
};
|
||||
|
||||
|
||||
middleware.authenticate = function(req, res, next) {
|
||||
if(!req.user) {
|
||||
if (res.locals.isAPI) {
|
||||
|
||||
@@ -40,18 +40,6 @@ module.exports = function(app, middleware, controllers) {
|
||||
|
||||
app.get('/config', controllers.api.getConfig);
|
||||
|
||||
app.get('/notifications', function(req, res) {
|
||||
if (req.user && req.user.uid) {
|
||||
user.notifications.getAll(req.user.uid, null, null, function(err, notifications) {
|
||||
res.json({
|
||||
notifications: notifications
|
||||
});
|
||||
});
|
||||
} else {
|
||||
res.send(403);
|
||||
}
|
||||
});
|
||||
|
||||
app.get('/search/:term', function (req, res, next) {
|
||||
if (!plugins.hasListeners('filter:search.query')) {
|
||||
return res.redirect('/404');
|
||||
@@ -176,7 +164,7 @@ module.exports = function(app, middleware, controllers) {
|
||||
});
|
||||
});
|
||||
|
||||
// this should have been in the API namespace
|
||||
// this should be in the API namespace
|
||||
// also, perhaps pass in :userslug so we can use checkAccountPermissions middleware - in future will allow admins to upload a picture for a user
|
||||
app.post('/user/uploadpicture', middleware.checkGlobalPrivacySettings, /*middleware.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
|
||||
app.post('/user/uploadpicture', middleware.authenticate, middleware.checkGlobalPrivacySettings, /*middleware.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
|
||||
};
|
||||
@@ -93,6 +93,9 @@ module.exports = function(app, middleware) {
|
||||
app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
|
||||
app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
|
||||
|
||||
app.get('/notifications', middleware.buildHeader, middleware.authenticate, controllers.accounts.getNotifications);
|
||||
app.get('/api/notifications', middleware.authenticate, controllers.accounts.getNotifications);
|
||||
|
||||
/* Users */
|
||||
app.get('/users', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);
|
||||
app.get('/api/users', middleware.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);
|
||||
@@ -117,8 +120,6 @@ module.exports = function(app, middleware) {
|
||||
app.get('/sitemap.xml', controllers.sitemap);
|
||||
app.get('/robots.txt', controllers.robots);
|
||||
|
||||
//todo notifications
|
||||
|
||||
app.get('api/search/:term?', function (req, res) {
|
||||
if ((req.user && req.user.uid) || meta.config.allowGuestSearching === '1') {
|
||||
return res.json({
|
||||
|
||||
Reference in New Issue
Block a user