Vulcan/packages/telescope-comments/lib/methods.js


// ------------------------------------------------------------------------------------------- //
// -------------------------------------- Submit Comment ------------------------------------- //
// ------------------------------------------------------------------------------------------- //

Comments.submit = function (comment) {

  var userId = comment.userId; // at this stage, a userId is expected

  // ------------------------------ Checks ------------------------------ //

  // Don't allow empty comments
  if (!comment.body)
    throw new Meteor.Error(704,i18n.t('your_comment_is_empty'));

  // ------------------------------ Properties ------------------------------ //

  var defaultProperties = {
    createdAt: new Date(),
    postedAt: new Date(),
    upvotes: 0,
    downvotes: 0,
    baseScore: 0,
    score: 0,
    author: Users.getDisplayNameById(userId)
  };

  comment = _.extend(defaultProperties, comment);

  // ------------------------------ Callbacks ------------------------------ //

  // run all post submit server callbacks on comment object successively
  comment = Telescope.callbacks.run("commentSubmit", comment);

  // -------------------------------- Insert -------------------------------- //

  comment._id = Comments.insert(comment);

  // --------------------- Server-side Async Callbacks --------------------- //

  // run all post submit server callbacks on comment object successively
  // note: query for comment to get fresh document with collection-hooks effects applied
  Telescope.callbacks.runAsync("commentSubmitAsync", Comments.findOne(comment._id));

  return comment;
}

Comments.edit = function (commentId, modifier, comment) {

  // ------------------------------ Callbacks ------------------------------ //

  modifier = Telescope.callbacks.run("commentEdit", modifier, comment);

  // ------------------------------ Update ------------------------------ //

  Comments.update(commentId, modifier);

  // ------------------------------ Callbacks ------------------------------ //

  Telescope.callbacks.runAsync("commentEditAsync", Comments.findOne(commentId));

  // ------------------------------ After Update ------------------------------ //
  return Comments.findOne(commentId);
};

// ------------------------------------------------------------------------------------------- //
// ----------------------------------------- Methods ----------------------------------------- //
// ------------------------------------------------------------------------------------------- //

Meteor.methods({
  submitComment: function(comment){

    // required properties:
    // postId
    // body

    // optional properties:
    // parentCommentId

    var user = Meteor.user(),
        hasAdminRights = Users.is.admin(user),
        schema = Comments.simpleSchema()._schema;

    // ------------------------------ Checks ------------------------------ //

    // check that user can comment
    if (!user || !Users.can.comment(user))
      throw new Meteor.Error(i18n.t('you_need_to_login_or_be_invited_to_post_new_comments'));

    // ------------------------------ Rate Limiting ------------------------------ //

    if (!hasAdminRights) {

      var timeSinceLastComment = Users.timeSinceLast(user, Comments),
          commentInterval = Math.abs(parseInt(Settings.get('commentInterval',15)));

      // check that user waits more than 15 seconds between comments
      if((timeSinceLastComment < commentInterval))
        throw new Meteor.Error(704, i18n.t('please_wait')+(commentInterval-timeSinceLastComment)+i18n.t('seconds_before_commenting_again'));

    }

    // ------------------------------ Properties ------------------------------ //

    // admin-only properties
    // userId

    // clear restricted properties
    _.keys(comment).forEach(function (fieldName) {

      var field = schema[fieldName];
      if (!Users.can.submitField(user, field)) {
        throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);
      }

    });

    // if no userId has been set, default to current user id
    if (!comment.userId) {
      comment.userId = user._id;
    }

    return Comments.submit(comment);
  },

  editComment: function (modifier, commentId) {

    var user = Meteor.user(),
        comment = Comments.findOne(commentId),
        schema = Comments.simpleSchema()._schema;

    // ------------------------------ Checks ------------------------------ //

    // check that user can edit
    if (!user || !Users.can.edit(user, comment)) {
      throw new Meteor.Error(601, i18n.t('sorry_you_cannot_edit_this_comment'));
    }

    // go over each field and throw an error if it's not editable
    // loop over each operation ($set, $unset, etc.)
    _.each(modifier, function (operation) {
      // loop over each property being operated on
      _.keys(operation).forEach(function (fieldName) {

        var field = schema[fieldName];
        if (!Users.can.editField(user, field, comment)) {
          throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);
        }

      });
    });

    Comments.edit(commentId, modifier, comment);
  },

  deleteCommentById: function (commentId) {

    var comment = Comments.findOne(commentId);
    var user = Meteor.user();

    if(Users.can.edit(user, comment)){

      // decrement post comment count and remove user ID from post
      Posts.update(comment.postId, {
        $inc:   {commentCount: -1},
        $pull:  {commenters: comment.userId}
      });

      // decrement user comment count and remove comment ID from user
      Meteor.users.update({_id: comment.userId}, {
        $inc:   {'telescope.commentCount': -1}
      });

      // note: should we also decrease user's comment karma ?
      // We don't actually delete the comment to avoid losing all child comments.
      // Instead, we give it a special flag
      Comments.update({_id: commentId}, {$set: {
        body: 'Deleted',
        htmlBody: 'Deleted',
        isDeleted: true
      }});

    }else{

      Messages.flash("You don't have permission to delete this comment.", "error");

    }
  }
});
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00
			`// ------------------------------------------------------------------------------------------- //`
			`// -------------------------------------- Submit Comment ------------------------------------- //`
			`// ------------------------------------------------------------------------------------------- //`

Add third "constant" parameter to callbacks; split callbacks.run into run and runAsync; split postEdit and commentEdit in two 2015-05-04 10:19:50 +09:00			`Comments.submit = function (comment) {`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00
			`var userId = comment.userId; // at this stage, a userId is expected`

			`// ------------------------------ Checks ------------------------------ //`

			`// Don't allow empty comments`
			`if (!comment.body)`
			`throw new Meteor.Error(704,i18n.t('your_comment_is_empty'));`

			`// ------------------------------ Properties ------------------------------ //`

			`var defaultProperties = {`
			`createdAt: new Date(),`
			`postedAt: new Date(),`
			`upvotes: 0,`
			`downvotes: 0,`
			`baseScore: 0,`
			`score: 0,`
			`author: Users.getDisplayNameById(userId)`
			`};`

			`comment = _.extend(defaultProperties, comment);`

			`// ------------------------------ Callbacks ------------------------------ //`
Improve jsHint consistency This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction. 2015-05-01 18:22:00 +02:00
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`// run all post submit server callbacks on comment object successively`
nicer API namespacing 2015-04-24 09:48:36 +09:00			`comment = Telescope.callbacks.run("commentSubmit", comment);`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00
			`// -------------------------------- Insert -------------------------------- //`
Improve jsHint consistency This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction. 2015-05-01 18:22:00 +02:00
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`comment._id = Comments.insert(comment);`

			`// --------------------- Server-side Async Callbacks --------------------- //`

			`// run all post submit server callbacks on comment object successively`
completely refactor notifications code 2015-06-24 15:38:14 +09:00			`// note: query for comment to get fresh document with collection-hooks effects applied`
			`Telescope.callbacks.runAsync("commentSubmitAsync", Comments.findOne(comment._id));`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00
			`return comment;`
			`}`

Add third "constant" parameter to callbacks; split callbacks.run into run and runAsync; split postEdit and commentEdit in two 2015-05-04 10:19:50 +09:00			`Comments.edit = function (commentId, modifier, comment) {`

			`// ------------------------------ Callbacks ------------------------------ //`

			`modifier = Telescope.callbacks.run("commentEdit", modifier, comment);`

			`// ------------------------------ Update ------------------------------ //`

			`Comments.update(commentId, modifier);`

			`// ------------------------------ Callbacks ------------------------------ //`

make profileCompletedAsync callback work; make invites work even with Twitter or Facebook accounts 2015-05-19 12:34:27 +09:00			`Telescope.callbacks.runAsync("commentEditAsync", Comments.findOne(commentId));`
Add third "constant" parameter to callbacks; split callbacks.run into run and runAsync; split postEdit and commentEdit in two 2015-05-04 10:19:50 +09:00
			`// ------------------------------ After Update ------------------------------ //`
			`return Comments.findOne(commentId);`
fixing comment and post edit before hooks 2015-05-04 12:32:00 +09:00			`};`
Add third "constant" parameter to callbacks; split callbacks.run into run and runAsync; split postEdit and commentEdit in two 2015-05-04 10:19:50 +09:00
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`// ------------------------------------------------------------------------------------------- //`
			`// ----------------------------------------- Methods ----------------------------------------- //`
			`// ------------------------------------------------------------------------------------------- //`

			`Meteor.methods({`
			`submitComment: function(comment){`

			`// required properties:`
			`// postId`
			`// body`

			`// optional properties:`
			`// parentCommentId`

			`var user = Meteor.user(),`
clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`hasAdminRights = Users.is.admin(user),`
			`schema = Comments.simpleSchema()._schema;`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00
			`// ------------------------------ Checks ------------------------------ //`

			`// check that user can comment`
			`if (!user \|\| !Users.can.comment(user))`
			`throw new Meteor.Error(i18n.t('you_need_to_login_or_be_invited_to_post_new_comments'));`

			`// ------------------------------ Rate Limiting ------------------------------ //`

			`if (!hasAdminRights) {`

			`var timeSinceLastComment = Users.timeSinceLast(user, Comments),`
			`commentInterval = Math.abs(parseInt(Settings.get('commentInterval',15)));`

			`// check that user waits more than 15 seconds between comments`
			`if((timeSinceLastComment < commentInterval))`
			`throw new Meteor.Error(704, i18n.t('please_wait')+(commentInterval-timeSinceLastComment)+i18n.t('seconds_before_commenting_again'));`

			`}`

			`// ------------------------------ Properties ------------------------------ //`

			`// admin-only properties`
			`// userId`

using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00			`// clear restricted properties`
			`_.keys(comment).forEach(function (fieldName) {`

clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`var field = schema[fieldName];`
			`if (!Users.can.submitField(user, field)) {`
using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00			`throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);`
			`}`
use fields method to restrict fields after all 2015-04-28 11:32:53 +09:00
using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00			`});`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00
			`// if no userId has been set, default to current user id`
			`if (!comment.userId) {`
Improve jsHint consistency This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction. 2015-05-01 18:22:00 +02:00			`comment.userId = user._id;`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`}`

Add third "constant" parameter to callbacks; split callbacks.run into run and runAsync; split postEdit and commentEdit in two 2015-05-04 10:19:50 +09:00			`return Comments.submit(comment);`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`},`
using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00
			`editComment: function (modifier, commentId) {`

			`var user = Meteor.user(),`
Improve jsHint consistency This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction. 2015-05-01 18:22:00 +02:00			`comment = Comments.findOne(commentId),`
clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`schema = Comments.simpleSchema()._schema;`
using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00
			`// ------------------------------ Checks ------------------------------ //`

			`// check that user can edit`
			`if (!user \|\| !Users.can.edit(user, comment)) {`
			`throw new Meteor.Error(601, i18n.t('sorry_you_cannot_edit_this_comment'));`
			`}`

			`// go over each field and throw an error if it's not editable`
			`// loop over each operation ($set, $unset, etc.)`
			`_.each(modifier, function (operation) {`
			`// loop over each property being operated on`
			`_.keys(operation).forEach(function (fieldName) {`

clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`var field = schema[fieldName];`
			`if (!Users.can.editField(user, field, comment)) {`
using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00			`throw new Meteor.Error("disallowed_property", i18n.t('disallowed_property_detected') + ": " + fieldName);`
			`}`

			`});`
			`});`

Add third "constant" parameter to callbacks; split callbacks.run into run and runAsync; split postEdit and commentEdit in two 2015-05-04 10:19:50 +09:00			`Comments.edit(commentId, modifier, comment);`
using Users.can.editField for post and comment submit and edit methods 2015-04-28 10:45:00 +09:00			`},`

clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`deleteCommentById: function (commentId) {`

more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`var comment = Comments.findOne(commentId);`
clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`var user = Meteor.user();`

			`if(Users.can.edit(user, comment)){`

more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`// decrement post comment count and remove user ID from post`
			`Posts.update(comment.postId, {`
			`$inc: {commentCount: -1},`
			`$pull: {commenters: comment.userId}`
			`});`

			`// decrement user comment count and remove comment ID from user`
			`Meteor.users.update({_id: comment.userId}, {`
clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00			`$inc: {'telescope.commentCount': -1}`
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`});`

			`// note: should we also decrease user's comment karma ?`
			`// We don't actually delete the comment to avoid losing all child comments.`
			`// Instead, we give it a special flag`
			`Comments.update({_id: commentId}, {$set: {`
			`body: 'Deleted',`
			`htmlBody: 'Deleted',`
			`isDeleted: true`
			`}});`
clean up comment edit form; continue namespacing users.telescope 2015-04-28 15:54:19 +09:00
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`}else{`
Improve jsHint consistency This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction. 2015-05-01 18:22:00 +02:00
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`Messages.flash("You don't have permission to delete this comment.", "error");`
Improve jsHint consistency This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction. 2015-05-01 18:22:00 +02:00
more callback namespacing and refactoring 2015-04-23 16:53:20 +09:00			`}`
			`}`
			`});`