Nemcio/meanTorrent
1
0
Fork 0
mirror of https://github.com/taobataoma/meanTorrent.git synced 2026-06-14 23:20:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(articles): Article edit/delete validation

Browse Source 
Adds a custom field named `isCurrentUserOwner` to the Article document before
it's returned to the client. This field is used to determine if the current
User should is the "owner", and should see the edit/delete controls on the
client-side when viewing a single article. This custom (ad-hoc) field is NOT
persisted to the database; it's merely attached to the document.

Added server-side route tests for verifying the ad-hoc
"isCurrentUserOwner" field is properly set on the a single Article document.

Fixes #1146
This commit is contained in:
mleanos
2016-01-18 03:01:04 -08:00
parent ce3d0061ec
commit 69b8a05ea2
3 changed files with 166 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/articles/server/controllers/articles.server.controller.js
View File

@@ -30,7 +30,14 @@ exports.create = function (req, res) {
* Show the current article
*/
exports.read = function (req, res) {
res.json(req.article);
// convert mongoose document to JSON
var article = req.article ? req.article.toJSON() : {};
// Add a custom field to the Article, for determining if the current User is the "owner".
// NOTE: This field is NOT persisted to the database, since it doesn't exist in the Article model.
article.isCurrentUserOwner = req.user && article.user && article.user._id.toString() === req.user._id.toString() ? true : false;
res.json(article);
};
/**