hiro/Vulcan
1
0
Fork 0
mirror of https://github.com/vale981/Vulcan synced 2025-03-06 01:51:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

move part of permission logic from router to templates; clean up router filters

Browse source
This commit is contained in:
Sacha Greif 2015-09-08 11:08:02 +09:00
parent 895461705b
commit e6aa69ac2f
12 changed files with 72 additions and 112 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.meteor/versions
View file

@ -60,7 +60,7 @@ jparker:gravatar@0.3.1
jquery@1.11.3_2
json@1.0.3
jsx@0.1.5
kadira:debug@2.1.0
kadira:debug@2.2.1
kestanous:herald@1.3.0
kestanous:herald-email@0.5.0
launch-screen@1.0.2
@ -75,7 +75,7 @@ meteor-platform@1.2.2
meteorhacks:fast-render@2.7.1
meteorhacks:inject-data@1.3.0
meteorhacks:inject-initial@1.0.2
meteorhacks:kadira@2.22.1
meteorhacks:kadira@2.23.2
meteorhacks:meteorx@1.3.1
meteorhacks:picker@1.0.3
meteorhacks:subs-manager@1.5.2

25
packages/telescope-comments/lib/client/templates/comment_edit.html
View file

@ -1,14 +1,17 @@
<template name="comment_edit">
<div class="grid grid-module">
<div class="comment-form comment-edit">
{{> quickForm collection="Comments" doc=comment id="editCommentForm" template="bootstrap3-horizontal" label-class="control-label" input-col-class="controls" type="method-update" meteormethod="editComment" fields=commentFields}}
</div>
<div class="comment-edit">
{{#if canEdit}}
<div class="grid grid-module">
<div class="comment-form">
{{> quickForm collection="Comments" doc=comment id="editCommentForm" template="bootstrap3-horizontal" label-class="control-label" input-col-class="controls" type="method-update" meteormethod="editComment" fields=commentFields}}
</div>
</div>
<div class="grid grid-module">
<a class="delete-link" href="/">{{_ "delete_comment"}}</a>
</div>
{{else}}
{{> no_rights message="sorry_you_cannot_edit_this_comment"}}
{{/if}}
</div>
<div class="grid grid-module">
<a class="delete-link" href="/">{{_ "delete_comment"}}</a>
</div>
</template>

4
packages/telescope-comments/lib/client/templates/comment_edit.js
View file

@ -1,4 +1,8 @@
Template.comment_edit.helpers({
canEdit: function () {
var comment = this;
return Users.can.edit(Meteor.user(), comment);
},
commentFields: function () {
return Comments.simpleSchema().getEditableFields(Meteor.user());
}

2
packages/telescope-core/lib/client/templates/errors/no_rights.html
View file

@ -1,5 +1,5 @@
<template name="no_rights">
<div class="grid-small grid-block dialog">
{{_ "sorry_you_dont_have_the_rights_to_view_this_page"}}
{{errorMessage}}
</div>
</template>

6
packages/telescope-core/lib/client/templates/errors/no_rights.js Normal file
View file

@ -0,0 +1,6 @@
Template.no_rights.helpers({
errorMessage: function () {
console.log(this)
return !!this.message ? i18n.t(this.message) : i18n.t("sorry_you_dont_have_the_rights_to_view_this_page");
}
});

74
packages/telescope-core/lib/router/filters.js
View file

@ -26,29 +26,6 @@ Router._filters = {
$body.css("min-height", 0);
},
/*
isLoggedIn: function () {
if (!(Meteor.loggingIn() || Meteor.user())) {
throwError(i18n.t('please_sign_in_first'));
var current = getCurrentRoute();
if (current){
Session.set('fromWhere', current);
}
this.render('entrySignIn');
} else {
this.next();
}
},
*/
isLoggedOut: function () {
if(Meteor.user()){
this.render('already_logged_in');
} else {
this.next();
}
},
isAdmin: function () {
if(!this.ready()) return;
if(!Users.is.admin()){
@ -68,26 +45,6 @@ Router._filters = {
}
},
canViewPendingPosts: function () {
var post = this.data();
var user = Meteor.user();
if (!!post && post.status === Posts.config.STATUS_PENDING && !Users.can.viewPendingPost(user, post)) {
this.render('no_rights');
} else {
this.next();
}
},
canViewRejectedPosts: function () {
var post = this.data();
var user = Meteor.user();
if (!!post && post.status === Posts.config.STATUS_REJECTED && !Users.can.viewRejectedPost(user, post)) {
this.render('no_rights');
} else {
this.next();
}
},
canPost: function () {
if(!this.ready() || Meteor.loggingIn()){
this.render('loading');
@ -99,30 +56,6 @@ Router._filters = {
}
},
canEditPost: function () {
if(!this.ready()) return;
// Already subscribed to this post by route({waitOn: ...})
var post = Posts.findOne(this.params._id);
if(!Users.can.currentUserEdit(post)){
Messages.flash(i18n.t("sorry_you_cannot_edit_this_post"), "error");
this.render('no_rights');
} else {
this.next();
}
},
canEditComment: function () {
if(!this.ready()) return;
// Already subscribed to this comment by CommentPageController
var comment = Comments.findOne(this.params._id);
if(!Users.can.currentUserEdit(comment)){
Messages.flash(i18n.t("sorry_you_cannot_edit_this_comment"), "error");
this.render('no_rights');
} else {
this.next();
}
},
hasCompletedProfile: function () {
if(!this.ready()) return;
var user = Meteor.user();
@ -180,6 +113,7 @@ Meteor.startup( function (){
// Load Hooks
Router.onBeforeAction( function () {
console.log("t:"+moment().format('hh:mm:ss'))
// if we're not on the search page itself, clear search query and field
if(Router.current().route.getName() !== 'search'){
@ -203,11 +137,6 @@ Meteor.startup( function (){
Router.onBeforeAction(filters.isReady);
Router.onBeforeAction(filters.hasCompletedProfile, {except: ['atSignIn', 'atSignUp', 'atForgotPwd', 'atResetPwd', 'signOut']});
Router.onBeforeAction(filters.canView, {except: ['atSignIn', 'atSignUp', 'atForgotPwd', 'atResetPwd', 'signOut']});
Router.onBeforeAction(filters.canViewPendingPosts, {only: ['post_page']});
Router.onBeforeAction(filters.canViewRejectedPosts, {only: ['post_page']});
Router.onBeforeAction(filters.isLoggedOut, {only: []});
Router.onBeforeAction(filters.canEditPost, {only: ['post_edit']});
Router.onBeforeAction(filters.canEditComment, {only: ['comment_edit']});
Router.onBeforeAction(filters.isAdmin, {only: ['posts_pending', 'all-users', 'settings', 'toolbox', 'logs']});
Router.plugin('ensureSignedIn', {only: ['post_submit', 'post_edit', 'comment_edit']});
@ -216,7 +145,6 @@ Meteor.startup( function (){
// After Hooks
// Router.onAfterAction(filters.resetScroll, {except:['posts_top', 'posts_new', 'posts_best', 'posts_pending', 'posts_category', 'all-users']});
Router.onAfterAction(Events.analyticsInit); // will only run once thanks to _.once()
Router.onAfterAction(Events.analyticsRequest); // log this request with mixpanel, etc
Router.onAfterAction(filters.setSEOProperties, {except: ["post_page", "post_page_with_slug"]}); // post pages have their own SEO logic

1
packages/telescope-core/package.js
View file

@ -59,6 +59,7 @@ Package.onUse(function(api) {
'lib/client/templates/errors/no_invite.html',
'lib/client/templates/errors/no_invite.js',
'lib/client/templates/errors/no_rights.html',
'lib/client/templates/errors/no_rights.js',
'lib/client/templates/errors/not_found.html',
'lib/client/templates/forms/urlCustomType.html',
'lib/client/templates/forms/urlCustomType.js',

16
packages/telescope-posts/lib/client/templates/post_edit.html
View file

@ -1,10 +1,14 @@
<template name="post_edit">
<div class="form-page post-edit">
<div class="grid grid-module">
{{> quickForm collection="Posts" doc=post id="editPostForm" template="bootstrap3-horizontal" label-class="control-label" input-col-class="controls" type="method-update" meteormethod="editPost" fields=postFields}}
</div>
<div class="grid grid-module">
<a class="delete-link" href="/">{{_ "delete_post"}}</a>
</div>
{{#if canEdit}}
<div class="grid grid-module">
{{> quickForm collection="Posts" doc=post id="editPostForm" template="bootstrap3-horizontal" label-class="control-label" input-col-class="controls" type="method-update" meteormethod="editPost" fields=postFields}}
</div>
<div class="grid grid-module">
<a class="delete-link" href="/">{{_ "delete_post"}}</a>
</div>
{{else}}
{{> no_rights message="sorry_you_cannot_edit_this_post"}}
{{/if}}
</div>
</template>

4
packages/telescope-posts/lib/client/templates/post_edit.js
View file

@ -1,4 +1,8 @@
Template.post_edit.helpers({
canEdit: function () {
var post = this;
return Users.can.edit(Meteor.user(), post);
},
postFields: function () {
return Posts.simpleSchema().getEditableFields(Meteor.user());
}

34
packages/telescope-posts/lib/client/templates/post_page.html
View file

@ -1,21 +1,25 @@
<template name="post_page">
{{#with post}}
{{#if isPending}}
<div class="grid">
<div class="error pending-message module">
{{_ "thanks_your_post_is_awaiting_approval"}}
{{#if canView}}
{{#if isPending}}
<div class="grid">
<div class="error pending-message module">
{{_ "thanks_your_post_is_awaiting_approval"}}
</div>
</div>
</div>
{{/if}}
<div class="single-post grid">
<div class="posts posts-list">
{{> post_item}}
</div>
{{#if body}}
{{> post_body}}
{{/if}}
{{> comment_submit}}
{{> comment_list}}
</div>
<div class="single-post grid">
<div class="posts posts-list">
{{> post_item}}
</div>
{{#if body}}
{{> post_body}}
{{/if}}
{{> comment_submit}}
{{> comment_list}}
</div>
{{else}}
{{> no_rights}}
{{/if}}
{{/with}}
</template>

10
packages/telescope-posts/lib/client/templates/post_page.js
View file

@ -1,4 +1,14 @@
Template.post_page.helpers({
canView: function () {
var post = this;
var user = Meteor.user();
if (post.status === Posts.config.STATUS_PENDING && !Users.can.viewPendingPost(user, post)) {
return false;
} else if (post.status === Posts.config.STATUS_REJECTED && !Users.can.viewRejectedPost(user, post)) {
return false;
}
return true;
},
isPending: function () {
return this.status === Posts.config.STATUS_PENDING;
}

4
packages/telescope-users/lib/permissions.js
View file

@ -122,10 +122,6 @@ Users.can.submitField = function (user, field) {
*/
Users.can.editField = Users.can.submitField;
Users.can.currentUserEdit = function (item) {
return Users.can.edit(Meteor.user(), item);
};
Users.can.invite = function (user) {
return Users.is.invited(user) || Users.is.admin(user);
};