Vulcan/collections/posts.js

Posts = new Meteor.Collection('posts');

STATUS_PENDING=1;
STATUS_APPROVED=2;
STATUS_REJECTED=3;

Posts.deny({
  update: function(userId, post, fieldNames) {
    if(isAdminById(userId))
      return false;
    // deny the update if it contains something other than the following fields
    return (_.without(fieldNames, 'headline', 'url', 'body', 'shortUrl', 'shortTitle', 'categories').length > 0);
  }
});

Posts.allow({
    insert: canPostById
  , update: canEditById
  , remove: canEditById
});

clickedPosts = [];

Meteor.methods({
  post: function(post){
    var headline = cleanUp(post.headline),
        body = cleanUp(post.body),
        user = Meteor.user(),
        userId = user._id,
        submitted = parseInt(post.submitted) || new Date().getTime(),
        defaultStatus = getSetting('requirePostsApproval') ? STATUS_PENDING : STATUS_APPROVED,
        status = post.status || defaultStatus,
        postWithSameLink = Posts.findOne({url: post.url}), // TODO: limit scope of search to past month or something
        timeSinceLastPost=timeSinceLast(user, Posts),
        numberOfPostsInPast24Hours=numberOfItemsInPast24Hours(user, Posts),
        postInterval = Math.abs(parseInt(getSetting('postInterval', 30))),
        maxPostsPer24Hours = Math.abs(parseInt(getSetting('maxPostsPerDay', 30))),
        postId = '';

    // only let admins post as another user
    if(isAdmin(Meteor.user()))
      userId = post.userId || user._id; 
        
    // check that user can post
    if (!user || !canPost(user))
      throw new Meteor.Error(601, i18n.t('You need to login or be invited to post new stories.'));

    // check that user provided a headline
    if(!post.headline)
      throw new Meteor.Error(602, i18n.t('Please fill in a headline'));

    // check that there are no previous posts with the same link
    if(post.url && (typeof postWithSameLink !== 'undefined')){
      Meteor.call('upvotePost', postWithSameLink);
      throw new Meteor.Error(603, i18n.t('This link has already been posted', postWithSameLink._id));
    }

    if(!isAdmin(Meteor.user())){
      // check that user waits more than X seconds between posts
      if(!this.isSimulation && timeSinceLastPost < postInterval)
        throw new Meteor.Error(604, i18n.t('Please wait ')+(postInterval-timeSinceLastPost)+i18n.t(' seconds before posting again'));

      // check that the user doesn't post more than Y posts per day
      if(!this.isSimulation && numberOfPostsInPast24Hours > maxPostsPer24Hours)
        throw new Meteor.Error(605, i18n.t('Sorry, you cannot submit more than ')+maxPostsPer24Hours+i18n.t(' posts per day'));
    }

    post = _.extend(post, {
      headline: headline,
      body: body,
      userId: userId,
      author: getDisplayNameById(userId),
      createdAt: new Date().getTime(),
      votes: 0,
      comments: 0,
      baseScore: 0,
      score: 0,
      inactive: false,
      status: status
    });

    if(status == STATUS_APPROVED){
      // if post is approved, set its submitted date (if post is pending, submitted date is left blank)
      post.submitted  = submitted;
    }

    postId = Posts.insert(post);

    // increment posts count
    Meteor.users.update({_id: userId}, {$inc: {postCount: 1}});

    post = _.extend(post, {_id: postId});

    var postAuthor =  Meteor.users.findOne(post.userId);

    Meteor.call('upvotePost', post, postAuthor);

    if(getSetting('emailNotifications', false)){
      // notify users of new posts
      var notification = {
        event: 'newPost',
        properties: {
          postAuthorName : getDisplayName(postAuthor),
          postAuthorId : post.userId,
          postHeadline : headline,
          postId : postId
        }
      };
      // call a server method because we do not have access to users' info on the client
      Meteor.call('newPostNotify', notification, function(error, result){
        //run asynchronously
      });
    }

    // add the post's own ID to the post object and return it to the client
    post.postId = postId;
    return post;
  },
  post_edit: function(post){
    // TODO: make post_edit server-side?
  },
  approvePost: function(post){
    if(isAdmin(Meteor.user())){
      var now = new Date().getTime();
      Posts.update(post._id, {$set: {status: 2, submitted: now}});
    }else{
      throwError('You need to be an admin to do that.');
    }
  },
  unapprovePost: function(post){
    if(isAdmin(Meteor.user())){
      Posts.update(post._id, {$set: {status: 1}});
    }else{
      throwError('You need to be an admin to do that.');
    }
  },
  clickedPost: function(post, sessionId){
    // only let clients increment a post's click counter once per session
    var click = {_id: post._id, sessionId: sessionId};
    if(_.where(clickedPosts, click).length == 0){
      clickedPosts.push(click);
      Posts.update(post._id, { $inc: { clicks: 1 }});
    }
  },
  deletePostById: function(postId) {
    // remove post comments
    // if(!this.isSimulation) {
    //   Comments.remove({post: postId});
    // }
    // NOTE: actually, keep comments afer all

    // decrement post count
    var post = Posts.findOne({_id: postId});
    if(!Meteor.userId() || !canEditById(Meteor.userId(), post)) throw new Meteor.Error(606, 'You need permission to edit or delete a post');
    
    Meteor.users.update({_id: post.userId}, {$inc: {postCount: -1}});
    Posts.remove(postId);
  }
});
refactoring file structure 2013-04-13 15:05:18 +09:00			`Posts = new Meteor.Collection('posts');`

added pending posts 2012-10-24 11:04:42 +09:00			`STATUS_PENDING=1;`
			`STATUS_APPROVED=2;`
			`STATUS_REJECTED=3;`

refactoring allow/deny code 2013-07-04 12:51:26 +09:00			`Posts.deny({`
			`update: function(userId, post, fieldNames) {`
			`if(isAdminById(userId))`
fixed allow/deny bug 2013-07-05 07:09:15 +09:00			`return false;`
fixed comment edit bug 2013-11-05 09:32:21 +09:00			`// deny the update if it contains something other than the following fields`
refactoring allow/deny code 2013-07-04 12:51:26 +09:00			`return (_.without(fieldNames, 'headline', 'url', 'body', 'shortUrl', 'shortTitle', 'categories').length > 0);`
			`}`
			`});`

fixed comment edit bug 2013-11-05 09:32:21 +09:00			`Posts.allow({`
			`insert: canPostById`
			`, update: canEditById`
			`, remove: canEditById`
			`});`

added some basic way of making sure user's clicks are only registered once per session 2013-11-06 10:11:35 +09:00			`clickedPosts = [];`

Moved post creation logic to the server side. Also made it + commenting latency compensated. 2012-10-04 11:45:12 +10:00			`Meteor.methods({`
			`post: function(post){`
fixed queued comments bug 2013-04-26 17:28:09 +09:00			`var headline = cleanUp(post.headline),`
			`body = cleanUp(post.body),`
			`user = Meteor.user(),`
Check that people setting post.userId are actually admins before we set it 2013-11-05 18:46:25 -05:00			`userId = user._id,`
fixed queued comments bug 2013-04-26 17:28:09 +09:00			`submitted = parseInt(post.submitted) \|\| new Date().getTime(),`
			`defaultStatus = getSetting('requirePostsApproval') ? STATUS_PENDING : STATUS_APPROVED,`
			`status = post.status \|\| defaultStatus,`
added better user filtering/sorting 2013-11-08 09:47:23 +09:00			`postWithSameLink = Posts.findOne({url: post.url}), // TODO: limit scope of search to past month or something`
fixed queued comments bug 2013-04-26 17:28:09 +09:00			`timeSinceLastPost=timeSinceLast(user, Posts),`
			`numberOfPostsInPast24Hours=numberOfItemsInPast24Hours(user, Posts),`
			`postInterval = Math.abs(parseInt(getSetting('postInterval', 30))),`
			`maxPostsPer24Hours = Math.abs(parseInt(getSetting('maxPostsPerDay', 30))),`
			`postId = '';`
typo fix 2013-11-06 09:33:56 +09:00
			`// only let admins post as another user`
			`if(isAdmin(Meteor.user()))`
Solve trivial JS errors Using jshint and and fixmyjs I went through and removed 220 trivial Javascript errors – mostly missing semicolons, and some properties that weren’t written in dot notation. You can view the diff of jshint’s output here: https://gist.github.com/christianbundy/7b37c51bb6f7c8d739e7/revisions 2014-05-06 20:15:48 -07:00			`userId = post.userId \|\| user._id;`
Check that people setting post.userId are actually admins before we set it 2013-11-05 18:46:25 -05:00
now checking for duplicate links and limiting to 30 posts per 24 hours 2012-10-30 12:01:11 +09:00			`// check that user can post`
reworking invite system 2012-10-05 13:59:40 +09:00			`if (!user \|\| !canPost(user))`
More localisation 2013-11-11 22:07:19 +01:00			`throw new Meteor.Error(601, i18n.t('You need to login or be invited to post new stories.'));`
finished adding categories 2012-10-10 08:32:49 +09:00
now checking for duplicate links and limiting to 30 posts per 24 hours 2012-10-30 12:01:11 +09:00			`// check that user provided a headline`
only make headline mandatory, not url 2012-10-11 13:21:10 +09:00			`if(!post.headline)`
More localisation 2013-11-11 22:07:19 +01:00			`throw new Meteor.Error(602, i18n.t('Please fill in a headline'));`
reworking invite system 2012-10-05 13:59:40 +09:00
now checking for duplicate links and limiting to 30 posts per 24 hours 2012-10-30 12:01:11 +09:00			`// check that there are no previous posts with the same link`
add _id property to post object 2013-10-29 17:54:45 +09:00			`if(post.url && (typeof postWithSameLink !== 'undefined')){`
			`Meteor.call('upvotePost', postWithSameLink);`
More localisation 2013-11-11 22:07:19 +01:00			`throw new Meteor.Error(603, i18n.t('This link has already been posted', postWithSameLink._id));`
now checking for duplicate links and limiting to 30 posts per 24 hours 2012-10-30 12:01:11 +09:00			`}`
added rate limiting to posts and comments posting 2012-10-06 13:15:55 +09:00
do not do rate limit checks for admin, and use createdAt instead of submitted 2013-01-13 19:18:01 +09:00			`if(!isAdmin(Meteor.user())){`
			`// check that user waits more than X seconds between posts`
			`if(!this.isSimulation && timeSinceLastPost < postInterval)`
More localisation 2013-11-11 22:07:19 +01:00			`throw new Meteor.Error(604, i18n.t('Please wait ')+(postInterval-timeSinceLastPost)+i18n.t(' seconds before posting again'));`
added pending posts 2012-10-24 11:04:42 +09:00
do not do rate limit checks for admin, and use createdAt instead of submitted 2013-01-13 19:18:01 +09:00			`// check that the user doesn't post more than Y posts per day`
			`if(!this.isSimulation && numberOfPostsInPast24Hours > maxPostsPer24Hours)`
More localisation 2013-11-11 22:07:19 +01:00			`throw new Meteor.Error(605, i18n.t('Sorry, you cannot submit more than ')+maxPostsPer24Hours+i18n.t(' posts per day'));`
do not do rate limit checks for admin, and use createdAt instead of submitted 2013-01-13 19:18:01 +09:00			`}`
admin now able to change user and date 2012-10-23 12:24:38 +09:00
Moved post creation logic to the server side. Also made it + commenting latency compensated. 2012-10-04 11:45:12 +10:00			`post = _.extend(post, {`
Strip HTML from comments and posts to prevent code injections 2012-12-13 10:58:17 +09:00			`headline: headline,`
			`body: body,`
admin now able to change user and date 2012-10-23 12:24:38 +09:00			`userId: userId,`
			`author: getDisplayNameById(userId),`
working on new createdAt timestamp 2013-01-13 08:52:35 +09:00			`createdAt: new Date().getTime(),`
Moved post creation logic to the server side. Also made it + commenting latency compensated. 2012-10-04 11:45:12 +10:00			`votes: 0,`
			`comments: 0,`
			`baseScore: 0,`
added pending posts 2012-10-24 11:04:42 +09:00			`score: 0,`
working on scoring algorithm optimizations 2012-12-24 10:59:13 +01:00			`inactive: false,`
added pending posts 2012-10-24 11:04:42 +09:00			`status: status`
Moved post creation logic to the server side. Also made it + commenting latency compensated. 2012-10-04 11:45:12 +10:00			`});`
delete post comments too when a post is deleted 2013-07-19 14:30:39 +03:00
working on new createdAt timestamp 2013-01-13 08:52:35 +09:00			`if(status == STATUS_APPROVED){`
			`// if post is approved, set its submitted date (if post is pending, submitted date is left blank)`
			`post.submitted = submitted;`
			`}`
moved notifications server side 2012-10-04 15:26:59 +09:00
use blocking synchronous call for Posts.insert() 2013-09-06 16:05:38 +09:00			`postId = Posts.insert(post);`
fixed upvoting user bug 2013-01-15 08:46:00 +09:00
improved user dashboard even more! 2013-11-08 11:10:23 +09:00			`// increment posts count`
			`Meteor.users.update({_id: userId}, {$inc: {postCount: 1}});`

add _id property to post object 2013-10-29 17:54:45 +09:00			`post = _.extend(post, {_id: postId});`

added notifications of new posts for admins 2013-01-19 22:42:59 +09:00			`var postAuthor = Meteor.users.findOne(post.userId);`
add _id property to post object 2013-10-29 17:54:45 +09:00
			`Meteor.call('upvotePost', post, postAuthor);`
added notifications of new posts for admins 2013-01-19 22:42:59 +09:00
improving notifications 2013-10-23 10:21:08 +08:00			`if(getSetting('emailNotifications', false)){`
			`// notify users of new posts`
refactored notifications; added notifications for new users 2013-11-18 11:30:58 +09:00			`var notification = {`
			`event: 'newPost',`
			`properties: {`
			`postAuthorName : getDisplayName(postAuthor),`
			`postAuthorId : post.userId,`
			`postHeadline : headline,`
			`postId : postId`
			`}`
Solve trivial JS errors Using jshint and and fixmyjs I went through and removed 220 trivial Javascript errors – mostly missing semicolons, and some properties that weren’t written in dot notation. You can view the diff of jshint’s output here: https://gist.github.com/christianbundy/7b37c51bb6f7c8d739e7/revisions 2014-05-06 20:15:48 -07:00			`};`
refactored notifications; added notifications for new users 2013-11-18 11:30:58 +09:00			`// call a server method because we do not have access to users' info on the client`
			`Meteor.call('newPostNotify', notification, function(error, result){`
delete post comments too when a post is deleted 2013-07-19 14:30:39 +03:00			`//run asynchronously`
added notifications of new posts for admins 2013-01-19 22:42:59 +09:00			`});`
			`}`

working on new createdAt timestamp 2013-01-13 08:52:35 +09:00			`// add the post's own ID to the post object and return it to the client`
			`post.postId = postId;`
added pending posts 2012-10-24 11:04:42 +09:00			`return post;`
working on new createdAt timestamp 2013-01-13 08:52:35 +09:00			`},`
added post_approve meteor method 2013-01-13 10:21:09 +09:00			`post_edit: function(post){`
updated meteor; security fix 2013-11-06 09:29:10 +09:00			`// TODO: make post_edit server-side?`
refactoring allow/deny code 2013-07-04 12:51:26 +09:00			`},`
adding approve/unapprove methods 2014-05-23 13:08:52 +09:00			`approvePost: function(post){`
			`if(isAdmin(Meteor.user())){`
			`var now = new Date().getTime();`
			`Posts.update(post._id, {$set: {status: 2, submitted: now}});`
			`}else{`
			`throwError('You need to be an admin to do that.');`
			`}`
			`},`
			`unapprovePost: function(post){`
			`if(isAdmin(Meteor.user())){`
			`Posts.update(post._id, {$set: {status: 1}});`
			`}else{`
			`throwError('You need to be an admin to do that.');`
			`}`
			`},`
added some basic way of making sure user's clicks are only registered once per session 2013-11-06 10:11:35 +09:00			`clickedPost: function(post, sessionId){`
			`// only let clients increment a post's click counter once per session`
			`var click = {_id: post._id, sessionId: sessionId};`
			`if(_.where(clickedPosts, click).length == 0){`
			`clickedPosts.push(click);`
			`Posts.update(post._id, { $inc: { clicks: 1 }});`
			`}`
delete post comments too when a post is deleted 2013-07-19 14:30:39 +03:00			`},`
			`deletePostById: function(postId) {`
			`// remove post comments`
improved user dashboard even more! 2013-11-08 11:10:23 +09:00			`// if(!this.isSimulation) {`
			`// Comments.remove({post: postId});`
			`// }`
			`// NOTE: actually, keep comments afer all`

			`// decrement post count`
Fix #159 Fix for #159 2013-11-11 20:53:02 +02:00			`var post = Posts.findOne({_id: postId});`
Permissions 2013-11-11 21:15:04 +02:00			`if(!Meteor.userId() \|\| !canEditById(Meteor.userId(), post)) throw new Meteor.Error(606, 'You need permission to edit or delete a post');`
Fix #159 Fix for #159 2013-11-11 20:53:02 +02:00
Permissions 2013-11-11 21:15:04 +02:00			`Meteor.users.update({_id: post.userId}, {$inc: {postCount: -1}});`
delete post comments too when a post is deleted 2013-07-19 14:30:39 +03:00			`Posts.remove(postId);`
Moved post creation logic to the server side. Also made it + commenting latency compensated. 2012-10-04 11:45:12 +10:00			`}`
delete post comments too when a post is deleted 2013-07-19 14:30:39 +03:00			`});`