2015-04-23 16:53:20 +09:00
|
|
|
|
|
|
|
|
// ------------------------------------------------------------------------------------------- //
|
|
|
|
|
// -------------------------------------- Submit Comment ------------------------------------- //
|
|
|
|
|
// ------------------------------------------------------------------------------------------- //
|
|
|
|
|
|
|
|
|
|
submitComment = function (comment) {
|
|
|
|
|
|
|
|
|
|
var userId = comment.userId; // at this stage, a userId is expected
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Checks ------------------------------ //
|
|
|
|
|
|
|
|
|
|
// Don't allow empty comments
|
|
|
|
|
if (!comment.body)
|
|
|
|
|
throw new Meteor.Error(704,i18n.t('your_comment_is_empty'));
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Properties ------------------------------ //
|
|
|
|
|
|
|
|
|
|
var defaultProperties = {
|
|
|
|
|
createdAt: new Date(),
|
|
|
|
|
postedAt: new Date(),
|
|
|
|
|
upvotes: 0,
|
|
|
|
|
downvotes: 0,
|
|
|
|
|
baseScore: 0,
|
|
|
|
|
score: 0,
|
|
|
|
|
author: Users.getDisplayNameById(userId)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
comment = _.extend(defaultProperties, comment);
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Callbacks ------------------------------ //
|
2015-04-24 09:48:36 +09:00
|
|
|
|
2015-04-23 16:53:20 +09:00
|
|
|
// run all post submit server callbacks on comment object successively
|
2015-04-24 09:48:36 +09:00
|
|
|
comment = Telescope.callbacks.run("commentSubmit", comment);
|
2015-04-23 16:53:20 +09:00
|
|
|
|
|
|
|
|
// -------------------------------- Insert -------------------------------- //
|
2015-04-24 09:48:36 +09:00
|
|
|
|
2015-04-23 16:53:20 +09:00
|
|
|
comment._id = Comments.insert(comment);
|
|
|
|
|
|
|
|
|
|
// --------------------- Server-side Async Callbacks --------------------- //
|
|
|
|
|
|
|
|
|
|
// run all post submit server callbacks on comment object successively
|
2015-04-24 09:48:36 +09:00
|
|
|
Telescope.callbacks.run("commentSubmitAsync", comment, true);
|
2015-04-23 16:53:20 +09:00
|
|
|
|
|
|
|
|
return comment;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ------------------------------------------------------------------------------------------- //
|
|
|
|
|
// ----------------------------------------- Methods ----------------------------------------- //
|
|
|
|
|
// ------------------------------------------------------------------------------------------- //
|
|
|
|
|
|
|
|
|
|
Meteor.methods({
|
|
|
|
|
submitComment: function(comment){
|
|
|
|
|
|
|
|
|
|
// required properties:
|
|
|
|
|
// postId
|
|
|
|
|
// body
|
|
|
|
|
|
|
|
|
|
// optional properties:
|
|
|
|
|
// parentCommentId
|
|
|
|
|
|
|
|
|
|
var user = Meteor.user(),
|
2015-04-27 17:14:07 +09:00
|
|
|
hasAdminRights = Users.is.admin(user);
|
2015-04-23 16:53:20 +09:00
|
|
|
|
|
|
|
|
// ------------------------------ Checks ------------------------------ //
|
|
|
|
|
|
|
|
|
|
// check that user can comment
|
|
|
|
|
if (!user || !Users.can.comment(user))
|
|
|
|
|
throw new Meteor.Error(i18n.t('you_need_to_login_or_be_invited_to_post_new_comments'));
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Rate Limiting ------------------------------ //
|
|
|
|
|
|
|
|
|
|
if (!hasAdminRights) {
|
|
|
|
|
|
|
|
|
|
var timeSinceLastComment = Users.timeSinceLast(user, Comments),
|
|
|
|
|
commentInterval = Math.abs(parseInt(Settings.get('commentInterval',15)));
|
|
|
|
|
|
|
|
|
|
// check that user waits more than 15 seconds between comments
|
|
|
|
|
if((timeSinceLastComment < commentInterval))
|
|
|
|
|
throw new Meteor.Error(704, i18n.t('please_wait')+(commentInterval-timeSinceLastComment)+i18n.t('seconds_before_commenting_again'));
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Properties ------------------------------ //
|
|
|
|
|
|
|
|
|
|
// admin-only properties
|
|
|
|
|
// userId
|
|
|
|
|
|
2015-04-28 10:45:00 +09:00
|
|
|
// clear restricted properties
|
|
|
|
|
_.keys(comment).forEach(function (fieldName) {
|
|
|
|
|
|
|
|
|
|
var field = commentSchemaObject[fieldName];
|
2015-04-28 11:32:53 +09:00
|
|
|
if (!Users.can.editField(user, comment, field)) {
|
2015-04-28 10:45:00 +09:00
|
|
|
throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);
|
|
|
|
|
}
|
2015-04-28 11:32:53 +09:00
|
|
|
|
2015-04-28 10:45:00 +09:00
|
|
|
});
|
2015-04-23 16:53:20 +09:00
|
|
|
|
|
|
|
|
// if no userId has been set, default to current user id
|
|
|
|
|
if (!comment.userId) {
|
|
|
|
|
comment.userId = user._id
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return submitComment(comment);
|
|
|
|
|
},
|
2015-04-28 10:45:00 +09:00
|
|
|
|
|
|
|
|
editComment: function (modifier, commentId) {
|
|
|
|
|
|
|
|
|
|
var user = Meteor.user(),
|
|
|
|
|
hasAdminRights = Users.is.admin(user),
|
|
|
|
|
comment = Comments.findOne(commentId);
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Checks ------------------------------ //
|
|
|
|
|
|
|
|
|
|
// check that user can edit
|
|
|
|
|
if (!user || !Users.can.edit(user, comment)) {
|
|
|
|
|
throw new Meteor.Error(601, i18n.t('sorry_you_cannot_edit_this_comment'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// go over each field and throw an error if it's not editable
|
|
|
|
|
// loop over each operation ($set, $unset, etc.)
|
|
|
|
|
_.each(modifier, function (operation) {
|
|
|
|
|
// loop over each property being operated on
|
|
|
|
|
_.keys(operation).forEach(function (fieldName) {
|
|
|
|
|
|
|
|
|
|
var field = Posts.schema._schema[fieldName];
|
2015-04-28 11:32:53 +09:00
|
|
|
if (!Users.can.editField(user, comment, field)) {
|
2015-04-28 10:45:00 +09:00
|
|
|
throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Callbacks ------------------------------ //
|
|
|
|
|
|
|
|
|
|
modifier = Telescope.callbacks.run("commentEdit", modifier);
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Update ------------------------------ //
|
|
|
|
|
|
|
|
|
|
Posts.update(postId, modifier);
|
|
|
|
|
|
|
|
|
|
// ------------------------------ Callbacks ------------------------------ //
|
|
|
|
|
|
|
|
|
|
Telescope.callbacks.run("commentEditAsync", commentId, true);
|
|
|
|
|
|
|
|
|
|
// ------------------------------ After Update ------------------------------ //
|
|
|
|
|
|
|
|
|
|
return Comments.findOne(commentId);
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
removeComment: function (commentId) {
|
2015-04-23 16:53:20 +09:00
|
|
|
var comment = Comments.findOne(commentId);
|
|
|
|
|
if(Users.can.edit(Meteor.user(), comment)){
|
|
|
|
|
// decrement post comment count and remove user ID from post
|
|
|
|
|
Posts.update(comment.postId, {
|
|
|
|
|
$inc: {commentCount: -1},
|
|
|
|
|
$pull: {commenters: comment.userId}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// decrement user comment count and remove comment ID from user
|
|
|
|
|
Meteor.users.update({_id: comment.userId}, {
|
|
|
|
|
$inc: {'commentCount': -1}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// note: should we also decrease user's comment karma ?
|
|
|
|
|
// We don't actually delete the comment to avoid losing all child comments.
|
|
|
|
|
// Instead, we give it a special flag
|
|
|
|
|
Comments.update({_id: commentId}, {$set: {
|
|
|
|
|
body: 'Deleted',
|
|
|
|
|
htmlBody: 'Deleted',
|
|
|
|
|
isDeleted: true
|
|
|
|
|
}});
|
|
|
|
|
}else{
|
|
|
|
|
Messages.flash("You don't have permission to delete this comment.", "error");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
});
|
