Vulcan/common/users.js

isAdminById=function(userId){
  var user = Meteor.users.findOne(userId);
  return user && isAdmin(user);
}
isAdmin=function(user){
  if(!user)
    return false;
  return user.isAdmin;
}
getDisplayNameById = function(userId){
  getDisplayName(Meteor.users.findOne(userId));
}
getDisplayName = function(user){
  return (user.profile && user.profile.name) ? user.profile.name : user.username;
}
getSignupMethod = function(user){
  if(user.services && user.services.twitter){
    return 'twitter';
  }else{
    return 'regular';
  }
}
getEmail = function(user){
  if(getSignupMethod(user)=='twitter'){
    return user.profile.email;
  }else if(user.emails){
    return user.emails[0].address || user.emails[0].email;
  }else{ 
    return ''; 
  }
}
getAvatarUrl = function(user){
  if(getSignupMethod(user)=='twitter'){
    return 'https://api.twitter.com/1/users/profile_image?screen_name='+user.services.twitter.screenName;
  }else{
    return Gravatar.getGravatar(user, {
      d: 'http://telesc.pe/img/default_avatar.png',
      s: 30
    });
  }
}
getCurrentUserEmail = function(){
  return Meteor.user() ? getEmail(Meteor.user()) : '';
}
userProfileComplete = function(user) {
  return !!getEmail(user);
}

findLast= function(user, collection){
  return collection.findOne({userId: user._id}, {sort: {submitted: -1}})
}
limitRate= function(user, collection, interval){
  var now = new Date().getTime();
  var last=findLast(user, collection);
  if(!last)
    return true; // if this is the user's first post or comment ever, stop here
  var timeFromLast=Math.floor((now-last.submitted)/1000);
  if(timeFromLast<interval){
   throw new Meteor.Error('999','Please wait '+(interval-timeFromLast)+' seconds before posting again');
  }
}
// Permissions


// user:                Defaults to Meteor.user()
// action:              If the permission check fails, there are 3 possible outcomes: 
//                          1. (undefined or null) fail silently
//                          2. ('replace') fail and replace the page with something else
//                          3. ('redirect') fail and redirect to another page

canView = function(user, action){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  var action=(typeof action === 'undefined') ? null : action;
  // console.log('canView', 'user:', user, 'action:', action, getSetting('requireViewInvite'));
  if(Meteor.isClient && !window.settingsLoaded)
    return false;
  if(getSetting('requireViewInvite')==true){
    try{
      if(!user){
        throw "no_account";
      }else if(isAdmin(user) || user.isInvited){
        return true;
      }else{
        throw "no_invite";
      }
    }catch(error){
      if(action){
        switch(error){
          case "no_account": 
            // throwError("Please sign in or create an account first.");
            action=='replace' ? Router.goto('no_account') : Router.navigate('signin', {trigger : true});
            break;
          case "no_invite":
            // throwError("Sorry, you need to have an invitation to do view the site.");
            action=='replace' ? Router.goto('no_invite') : Router.navigate('invite', {trigger : true});
            break;      
        }
      }   
      return false;
    }
  }else{
    return true;
  }
}
canPost = function(user, action){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  var action=(typeof action === 'undefined') ? null : action;
  // console.log('canPost', user, action, getSetting('requirePostInvite'));
  if(Meteor.isClient && !window.settingsLoaded)
    return false;
  try{
    if(!user){
      throw "no_account";
    }else if(isAdmin(user)){
      return true;
    }else if(getSetting('requirePostInvite')){
      if(user.isInvited){
        return true;
      }else{
        throw "no_invite";
      }
    }else{
      return true;
    }
  }catch(error){
    if(action){
      switch(error){
        case "no_account":
          throwError("Please sign in or create an account first.");
          action=='replace' ? Router.goto('signin') : Router.navigate('signin', {trigger : true});
          break;
        case "no_invite":
          throwError("Sorry, you need to have an invitation to do this.");
          action=='replace' ? Router.goto('no_invite') : Router.navigate('invite', {trigger : true});
          break;      
      }
    }   
    return false;
  }
}
canComment = function(user, action){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  var action=(typeof action === 'undefined') ? null : action;
  return canPost(user, action);
}
canUpvote = function(user, collection, action){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  var action=(typeof action === 'undefined') ? null : action;
  return canPost(user, action);
}
canDownvote = function(user, collection, action){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  var action=(typeof action === 'undefined') ? null : action;
  return canPost(user, action);
}
canEdit = function(user, item, action){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  var action=(typeof action === 'undefined') ? null : action;
  try{
    if (!user || !item){
      throw "no_rights";
    } else if (isAdmin(user)) {
      return true;
    } else if (user._id!==item.userId) {
      throw "no_rights";
    }else{
      return true;
    }
  }catch(error){
    if(action){
      switch(error){
        case "no_rights":
          throwError("Sorry, you do not have the rights to edit this item.");
          action=='replace' ? Router.goto('no_rights') : Router.navigate('no_rights', {trigger : true});
          break;
      }
    }
    return false;
  }
}
reworking invite system 2012-10-05 13:59:40 +09:00			`isAdminById=function(userId){`
improved errors 2012-10-08 10:44:13 +09:00			`var user = Meteor.users.findOne(userId);`
			`return user && isAdmin(user);`
reworking invite system 2012-10-05 13:59:40 +09:00			`}`
			`isAdmin=function(user){`
improved errors 2012-10-08 10:44:13 +09:00			`if(!user)`
			`return false;`
			`return user.isAdmin;`
reworking invite system 2012-10-05 13:59:40 +09:00			`}`
cleaning up syntax 2012-10-01 14:52:32 +09:00			`getDisplayNameById = function(userId){`
improved errors 2012-10-08 10:44:13 +09:00			`getDisplayName(Meteor.users.findOne(userId));`
cleaning up syntax 2012-10-01 14:52:32 +09:00			`}`
			`getDisplayName = function(user){`
added spinner 2012-10-17 16:04:47 +09:00			`return (user.profile && user.profile.name) ? user.profile.name : user.username;`
cleaning up syntax 2012-10-01 14:52:32 +09:00			`}`
now showing avatars with comments 2012-10-03 16:33:28 +09:00			`getSignupMethod = function(user){`
improved errors 2012-10-08 10:44:13 +09:00			`if(user.services && user.services.twitter){`
			`return 'twitter';`
			`}else{`
added spinner 2012-10-17 16:04:47 +09:00			`return 'regular';`
improved errors 2012-10-08 10:44:13 +09:00			`}`
now showing avatars with comments 2012-10-03 16:33:28 +09:00			`}`
			`getEmail = function(user){`
improved errors 2012-10-08 10:44:13 +09:00			`if(getSignupMethod(user)=='twitter'){`
			`return user.profile.email;`
			`}else if(user.emails){`
			`return user.emails[0].address \|\| user.emails[0].email;`
			`}else{`
			`return '';`
			`}`
now showing avatars with comments 2012-10-03 16:33:28 +09:00			`}`
			`getAvatarUrl = function(user){`
improved errors 2012-10-08 10:44:13 +09:00			`if(getSignupMethod(user)=='twitter'){`
			`return 'https://api.twitter.com/1/users/profile_image?screen_name='+user.services.twitter.screenName;`
			`}else{`
			`return Gravatar.getGravatar(user, {`
			`d: 'http://telesc.pe/img/default_avatar.png',`
			`s: 30`
			`});`
			`}`
added sticky posts 2012-10-02 10:54:04 +09:00			`}`
now showing avatars with comments 2012-10-03 16:33:28 +09:00			`getCurrentUserEmail = function(){`
improved errors 2012-10-08 10:44:13 +09:00			`return Meteor.user() ? getEmail(Meteor.user()) : '';`
now showing avatars with comments 2012-10-03 16:33:28 +09:00			`}`
			`userProfileComplete = function(user) {`
improved errors 2012-10-08 10:44:13 +09:00			`return !!getEmail(user);`
now showing avatars with comments 2012-10-03 16:33:28 +09:00			`}`
reworking invite system 2012-10-05 13:59:40 +09:00
added rate limiting to posts and comments posting 2012-10-06 13:15:55 +09:00			`findLast= function(user, collection){`
improved errors 2012-10-08 10:44:13 +09:00			`return collection.findOne({userId: user._id}, {sort: {submitted: -1}})`
added rate limiting to posts and comments posting 2012-10-06 13:15:55 +09:00			`}`
			`limitRate= function(user, collection, interval){`
improved errors 2012-10-08 10:44:13 +09:00			`var now = new Date().getTime();`
moved notifications to server side only 2012-10-08 11:23:12 +09:00			`var last=findLast(user, collection);`
			`if(!last)`
			`return true; // if this is the user's first post or comment ever, stop here`
			`var timeFromLast=Math.floor((now-last.submitted)/1000);`
improved errors 2012-10-08 10:44:13 +09:00			`if(timeFromLast<interval){`
			`throw new Meteor.Error('999','Please wait '+(interval-timeFromLast)+' seconds before posting again');`
			`}`
added rate limiting to posts and comments posting 2012-10-06 13:15:55 +09:00			`}`
reworking invite system 2012-10-05 13:59:40 +09:00			`// Permissions`

perfected permission and redirection system 2012-10-05 22:46:20 +09:00

improved errors 2012-10-08 10:44:13 +09:00			`// user: Defaults to Meteor.user()`
			`// action: If the permission check fails, there are 3 possible outcomes:`
			`// 1. (undefined or null) fail silently`
			`// 2. ('replace') fail and replace the page with something else`
			`// 3. ('redirect') fail and redirect to another page`
perfected permission and redirection system 2012-10-05 22:46:20 +09:00
			`canView = function(user, action){`
improved errors 2012-10-08 10:44:13 +09:00			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`
			`var action=(typeof action === 'undefined') ? null : action;`
improving permissions and redirections 2012-10-08 16:49:01 +09:00			`// console.log('canView', 'user:', user, 'action:', action, getSetting('requireViewInvite'));`
fix permissions for /users and /settings, fix canView and canPost bug 2012-10-08 18:33:53 +09:00			`if(Meteor.isClient && !window.settingsLoaded)`
improving permissions and redirections 2012-10-08 16:49:01 +09:00			`return false;`
improved errors 2012-10-08 10:44:13 +09:00			`if(getSetting('requireViewInvite')==true){`
			`try{`
			`if(!user){`
			`throw "no_account";`
			`}else if(isAdmin(user) \|\| user.isInvited){`
			`return true;`
			`}else{`
			`throw "no_invite";`
			`}`
			`}catch(error){`
			`if(action){`
			`switch(error){`
improving permissions and redirections 2012-10-08 16:49:01 +09:00			`case "no_account":`
added landing page settings 2012-10-08 17:54:37 +09:00			`// throwError("Please sign in or create an account first.");`
			`action=='replace' ? Router.goto('no_account') : Router.navigate('signin', {trigger : true});`
improved errors 2012-10-08 10:44:13 +09:00			`break;`
			`case "no_invite":`
improving permissions and redirections 2012-10-08 16:49:01 +09:00			`// throwError("Sorry, you need to have an invitation to do view the site.");`
improved errors 2012-10-08 10:44:13 +09:00			`action=='replace' ? Router.goto('no_invite') : Router.navigate('invite', {trigger : true});`
			`break;`
			`}`
			`}`
			`return false;`
			`}`
			`}else{`
			`return true;`
			`}`
improving permissions 2012-10-05 22:09:13 +09:00			`}`
perfected permission and redirection system 2012-10-05 22:46:20 +09:00			`canPost = function(user, action){`
improved errors 2012-10-08 10:44:13 +09:00			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`
			`var action=(typeof action === 'undefined') ? null : action;`
improving permissions and redirections 2012-10-08 16:49:01 +09:00			`// console.log('canPost', user, action, getSetting('requirePostInvite'));`
fix permissions for /users and /settings, fix canView and canPost bug 2012-10-08 18:33:53 +09:00			`if(Meteor.isClient && !window.settingsLoaded)`
improving permissions and redirections 2012-10-08 16:49:01 +09:00			`return false;`
improved errors 2012-10-08 10:44:13 +09:00			`try{`
			`if(!user){`
			`throw "no_account";`
			`}else if(isAdmin(user)){`
			`return true;`
			`}else if(getSetting('requirePostInvite')){`
			`if(user.isInvited){`
			`return true;`
			`}else{`
			`throw "no_invite";`
			`}`
			`}else{`
			`return true;`
			`}`
			`}catch(error){`
			`if(action){`
			`switch(error){`
			`case "no_account":`
			`throwError("Please sign in or create an account first.");`
			`action=='replace' ? Router.goto('signin') : Router.navigate('signin', {trigger : true});`
			`break;`
			`case "no_invite":`
			`throwError("Sorry, you need to have an invitation to do this.");`
			`action=='replace' ? Router.goto('no_invite') : Router.navigate('invite', {trigger : true});`
			`break;`
			`}`
			`}`
			`return false;`
			`}`
adding canView to permissions 2012-10-05 14:08:46 +09:00			`}`
perfected permission and redirection system 2012-10-05 22:46:20 +09:00			`canComment = function(user, action){`
improved errors 2012-10-08 10:44:13 +09:00			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`
			`var action=(typeof action === 'undefined') ? null : action;`
			`return canPost(user, action);`
reworking invite system 2012-10-05 13:59:40 +09:00			`}`
perfected permission and redirection system 2012-10-05 22:46:20 +09:00			`canUpvote = function(user, collection, action){`
improved errors 2012-10-08 10:44:13 +09:00			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`
			`var action=(typeof action === 'undefined') ? null : action;`
			`return canPost(user, action);`
reworking invite system 2012-10-05 13:59:40 +09:00			`}`
perfected permission and redirection system 2012-10-05 22:46:20 +09:00			`canDownvote = function(user, collection, action){`
improved errors 2012-10-08 10:44:13 +09:00			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`
			`var action=(typeof action === 'undefined') ? null : action;`
			`return canPost(user, action);`
adding permission check for post and comment edit 2012-10-10 10:48:14 +09:00			`}`
			`canEdit = function(user, item, action){`
			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`
			`var action=(typeof action === 'undefined') ? null : action;`
			`try{`
let admin users edit posts again 2012-10-12 08:27:59 +09:00			`if (!user \|\| !item){`
			`throw "no_rights";`
			`} else if (isAdmin(user)) {`
			`return true;`
			`} else if (user._id!==item.userId) {`
adding permission check for post and comment edit 2012-10-10 10:48:14 +09:00			`throw "no_rights";`
			`}else{`
			`return true;`
			`}`
			`}catch(error){`
			`if(action){`
			`switch(error){`
			`case "no_rights":`
			`throwError("Sorry, you do not have the rights to edit this item.");`
			`action=='replace' ? Router.goto('no_rights') : Router.navigate('no_rights', {trigger : true});`
			`break;`
			`}`
			`}`
			`return false;`
			`}`
reworking invite system 2012-10-05 13:59:40 +09:00			`}`