codecombat/server/users/user_handler.coffee

schema = require './user_schema'
crypto = require 'crypto'
request = require 'request'
User = require './User'
Handler = require '../commons/Handler'
mongoose = require 'mongoose'
config = require '../../server_config'
errors = require '../commons/errors'
async = require 'async'
log = require 'winston'
LevelSession = require('../levels/sessions/LevelSession')
LevelSessionHandler = require '../levels/sessions/level_session_handler'

serverProperties = ['passwordHash', 'emailLower', 'nameLower', 'passwordReset']
privateProperties = [
  'permissions', 'email', 'firstName', 'lastName', 'gender', 'facebookID',
  'gplusID', 'music', 'volume', 'aceConfig'
]
candidateProperties = [
  'jobProfile', 'jobProfileApproved', 'jobProfileNotes'
]

UserHandler = class UserHandler extends Handler
  modelClass: User

  editableProperties: [
    'name', 'photoURL', 'password', 'anonymous', 'wizardColor1', 'volume',
    'firstName', 'lastName', 'gender', 'facebookID', 'gplusID', 'emailSubscriptions',
    'testGroupNumber', 'music', 'hourOfCode', 'hourOfCodeComplete', 'preferredLanguage',
    'wizard', 'aceConfig', 'autocastDelay', 'lastLevel', 'jobProfile'
  ]

  jsonSchema: schema

  constructor: ->
    super(arguments...)
    @editableProperties.push('permissions') unless config.isProduction

  getEditableProperties: (req, document) ->
    props = super req, document
    props.push 'jobProfileApproved', 'jobProfileNotes' if req.user.isAdmin()
    props

  formatEntity: (req, document) ->
    return null unless document?
    obj = document.toObject()
    delete obj[prop] for prop in serverProperties
    includePrivates = req.user and (req.user.isAdmin() or req.user._id.equals(document._id))
    delete obj[prop] for prop in privateProperties unless includePrivates
    includeCandidate = includePrivates or (obj.jobProfileApproved and req.user and ('employer' in (req.user.permissions ? [])))
    delete obj[prop] for prop in candidateProperties unless includeCandidate
    return obj

  waterfallFunctions: [
    # FB access token checking
    # Check the email is the same as FB reports
    (req, user, callback) ->
      fbID = req.query.facebookID
      fbAT = req.query.facebookAccessToken
      return callback(null, req, user) unless fbID and fbAT
      url = "https://graph.facebook.com/me?access_token=#{fbAT}"
      request(url, (err, response, body) ->
        log.warn "Error grabbing FB token: #{err}" if err
        body = JSON.parse(body)
        emailsMatch = req.body.email is body.email
        return callback(res:'Invalid Facebook Access Token.', code:422) unless emailsMatch
        callback(null, req, user)
      )

    # GPlus access token checking
    (req, user, callback) ->
      gpID = req.query.gplusID
      gpAT = req.query.gplusAccessToken
      return callback(null, req, user) unless gpID and gpAT
      url = "https://www.googleapis.com/oauth2/v2/userinfo?access_token=#{gpAT}"
      request(url, (err, response, body) ->
        log.warn "Error grabbing G+ token: #{err}" if err
        body = JSON.parse(body)
        emailsMatch = req.body.email is body.email
        return callback(res:'Invalid G+ Access Token.', code:422) unless emailsMatch
        callback(null, req, user)
      )

    # Email setting
    (req, user, callback) ->
      return callback(null, req, user) unless req.body.email?
      emailLower = req.body.email.toLowerCase()
      return callback(null, req, user) if emailLower is user.get('emailLower')
      User.findOne({emailLower:emailLower}).exec (err, otherUser) ->
        log.error "Database error setting user email: #{err}" if err
        return callback(res:'Database error.', code:500) if err

        if (req.query.gplusID or req.query.facebookID) and otherUser
          # special case, log in as that user
          return req.logIn(otherUser, (err) ->
            return callback(res:'Facebook user login error.', code:500) if err
            return callback(null, req, otherUser)
          )
        r = {message:'is already used by another account', property:'email'}
        return callback({res:r, code:409}) if otherUser
        user.set('email', req.body.email)
        callback(null, req, user)

    # Name setting
    (req, user, callback) ->
      return callback(null, req, user) unless req.body.name
      nameLower = req.body.name?.toLowerCase()
      return callback(null, req, user) if nameLower is user.get('nameLower')
      User.findOne({nameLower:nameLower}).exec (err, otherUser) ->
        log.error "Database error setting user name: #{err}" if err
        return callback(res:'Database error.', code:500) if err
        r = {message:'is already used by another account', property:'name'}
        return callback({res:r, code:409}) if otherUser
        user.set('name', req.body.name)
        callback(null, req, user)
  ]

  getById: (req, res, id) ->
    if req.user?._id.equals(id)
      return @sendSuccess(res, @formatEntity(req, req.user, 256))
    super(req, res, id)

  getNamesByIds: (req, res) ->
    ids = req.query.ids or req.body.ids
    ids = ids.split(',') if _.isString ids
    ids = _.uniq ids

    # TODO: Extend and repurpose this handler to return other public info about a user more flexibly,
    #   say by a query parameter that lists public properties to return.
    returnWizard = req.query.wizard or req.body.wizard
    query = if returnWizard then {name:1, wizard:1} else {name:1}

    makeFunc = (id) ->
      (callback) ->
        User.findById(id, query).exec (err, document) ->
          return done(err) if err
          if document and returnWizard
            callback(null, {name:document.get('name'), wizard:document.get('wizard') or {}})
          else
            callback(null, document?.get('name') or '')

    funcs = {}
    for id in ids
      return errors.badInput(res, "Given an invalid id: #{id}") unless Handler.isID(id)
      funcs[id] = makeFunc(id)

    async.parallel funcs, (err, results) ->
      return errors.serverError err if err
      res.send results
      res.end()

  nameToID: (req, res, name) ->
    User.findOne({nameLower:name.toLowerCase()}).exec (err, otherUser) ->
      res.send(if otherUser then otherUser._id else JSON.stringify(''))
      res.end()

  post: (req, res) ->
    return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)
    return @sendBadInputError(res, 'Must have an anonymous user to post with.') unless req.user
    return @sendBadInputError(res, 'Existing users cannot create new ones.') unless req.user.get('anonymous')
    req.body._id = req.user._id if req.user.get('anonymous')
    @put(req, res)

  hasAccessToDocument: (req, document) ->
    if req.route.method in ['put', 'post', 'patch']
      return true if req.user?.isAdmin()
      return req.user?._id.equals(document._id)
    return true

  getByRelationship: (req, res, args...) ->
    return @agreeToCLA(req, res) if args[1] is 'agreeToCLA'
    return @avatar(req, res, args[0]) if args[1] is 'avatar'
    return @getNamesByIds(req, res) if args[1] is 'names'
    return @nameToID(req, res, args[0]) if args[1] is 'nameToID'
    return @getLevelSessions(req, res, args[0]) if args[1] is 'level.sessions'
    return @getCandidates(req, res) if args[1] is 'candidates'
    return @sendNotFoundError(res)
    super(arguments...)

  agreeToCLA: (req, res) ->
    return @sendUnauthorizedError(res) unless req.user
    doc =
      user: req.user._id+''
      email: req.user.get 'email'
      name: req.user.get 'name'
      githubUsername: req.body.githubUsername
      created: new Date()+''
    collection = mongoose.connection.db.collection 'cla.submissions', (err, collection) =>
      return @sendDatabaseError(res, err) if err
      collection.insert doc, (err) =>
        return @sendDatabaseError(res, err) if err
        req.user.set('signedCLA', doc.created)
        req.user.save (err) =>
          return @sendDatabaseError(res, err) if err
          @sendSuccess(res, {result:'success'})

  avatar: (req, res, id) ->
    @modelClass.findById(id).exec (err, document) =>
      return @sendDatabaseError(res, err) if err
      photoURL = document?.get('photoURL')
      photoURL ||= @buildGravatarURL document
      res.redirect photoURL
      res.end()

  getLevelSessions: (req, res, userID) ->
    return @sendUnauthorizedError(res) unless req.user._id+'' is userID or req.user.isAdmin()
    query = {'creator': userID}
    projection = null
    if req.query.project
      projection = {}
      projection[field] = 1 for field in req.query.project.split(',')
    LevelSession.find(query).select(projection).exec (err, documents) =>
      return @sendDatabaseError(res, err) if err
      documents = (LevelSessionHandler.formatEntity(req, doc) for doc in documents)
      @sendSuccess(res, documents)

  getCandidates: (req, res) ->
    authorized = req.user.isAdmin() or ('employer' in req.user.get('permissions'))
    since = (new Date((new Date()) - 2 * 30.4 * 86400 * 1000)).toISOString()
    #query = {'jobProfileApproved': true, 'jobProfile.active': true, 'jobProfile.updated': {$gt: since}}
    query = {'jobProfile.active': true, 'jobProfile.updated': {$gt: since}}  # testing
    query.jobProfileApproved = true unless req.user.isAdmin()
    selection = 'jobProfile'
    selection += ' email' if authorized
    selection += ' jobProfileApproved' if req.user.isAdmin()
    User.find(query).select(selection).exec (err, documents) =>
      return @sendDatabaseError(res, err) if err
      candidates = (@formatCandidate(authorized, doc) for doc in documents)
      @sendSuccess(res, candidates)

  formatCandidate: (authorized, document) ->
    fields = if authorized then ['jobProfile', 'jobProfileApproved', 'photoURL', '_id'] else ['jobProfile']
    obj = _.pick document.toObject(), fields
    obj.photoURL ||= obj.jobProfile.photoURL if authorized
    obj.photoURL ||= @buildGravatarURL document if authorized
    subfields = ['country', 'city', 'lookingFor', 'jobTitle', 'skills', 'experience', 'updated']
    if authorized
      subfields = subfields.concat ['name']
    obj.jobProfile = _.pick obj.jobProfile, subfields
    obj

  buildGravatarURL: (user) ->
    emailHash = @buildEmailHash user
    defaultAvatar = "http://codecombat.com/file/db/thang.type/52a00d55cf1818f2be00000b/portrait.png"
    "https://www.gravatar.com/avatar/#{emailHash}?default=#{defaultAvatar}"

  buildEmailHash: (user) ->
    # emailHash is used by gravatar
    hash = crypto.createHash('md5')
    if user.get('email')
      hash.update(_.trim(user.get('email')).toLowerCase())
    else
      hash.update(user.get('_id') + '')
    hash.digest('hex')

module.exports = new UserHandler()
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`schema = require './user_schema'`
			`crypto = require 'crypto'`
			`request = require 'request'`
			`User = require './User'`
			`Handler = require '../commons/Handler'`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`mongoose = require 'mongoose'`
Can now set admin permissions on the dev environment. 2014-01-03 14:28:00 -08:00			`config = require '../../server_config'`
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`errors = require '../commons/errors'`
			`async = require 'async'`
Fixed #180. 2014-03-31 13:56:13 -07:00			`log = require 'winston'`
Fixed 101: added level completion status to /play. 2014-03-31 15:48:22 -07:00			`LevelSession = require('../levels/sessions/LevelSession')`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`LevelSessionHandler = require '../levels/sessions/level_session_handler'`
Ready for action, sir! 2014-01-03 10:32:13 -08:00
			`serverProperties = ['passwordHash', 'emailLower', 'nameLower', 'passwordReset']`
First pass on setting up gplus friends on the ladder page. 2014-03-23 09:30:01 -07:00			`privateProperties = [`
			`'permissions', 'email', 'firstName', 'lastName', 'gender', 'facebookID',`
			`'gplusID', 'music', 'volume', 'aceConfig'`
			`]`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`candidateProperties = [`
Finished most of basic features for job profiles. 2014-04-07 17:58:02 -07:00			`'jobProfile', 'jobProfileApproved', 'jobProfileNotes'`
First pass on setting up gplus friends on the ladder page. 2014-03-23 09:30:01 -07:00			`]`
Ready for action, sir! 2014-01-03 10:32:13 -08:00
			`UserHandler = class UserHandler extends Handler`
			`modelClass: User`

			`editableProperties: [`
			`'name', 'photoURL', 'password', 'anonymous', 'wizardColor1', 'volume',`
First pass on setting up gplus friends on the ladder page. 2014-03-23 09:30:01 -07:00			`'firstName', 'lastName', 'gender', 'facebookID', 'gplusID', 'emailSubscriptions',`
Added wizard color setting. 2014-01-12 11:54:50 -08:00			`'testGroupNumber', 'music', 'hourOfCode', 'hourOfCodeComplete', 'preferredLanguage',`
Starting work on simple recruitment listings. Moved Treema and the JS parts of Bootstrap to bower. 2014-04-05 17:05:03 -07:00			`'wizard', 'aceConfig', 'autocastDelay', 'lastLevel', 'jobProfile'`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`]`

			`jsonSchema: schema`
A few updates to the contributors lists. 2014-02-01 08:22:26 -08:00
Can now set admin permissions on the dev environment. 2014-01-03 14:28:00 -08:00			`constructor: ->`
			`super(arguments...)`
			`@editableProperties.push('permissions') unless config.isProduction`
Ready for action, sir! 2014-01-03 10:32:13 -08:00
Finished most of basic features for job profiles. 2014-04-07 17:58:02 -07:00			`getEditableProperties: (req, document) ->`
			`props = super req, document`
			`props.push 'jobProfileApproved', 'jobProfileNotes' if req.user.isAdmin()`
			`props`

Ready for action, sir! 2014-01-03 10:32:13 -08:00			`formatEntity: (req, document) ->`
			`return null unless document?`
			`obj = document.toObject()`
			`delete obj[prop] for prop in serverProperties`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`includePrivates = req.user and (req.user.isAdmin() or req.user._id.equals(document._id))`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`delete obj[prop] for prop in privateProperties unless includePrivates`
Finished most of basic features for job profiles. 2014-04-07 17:58:02 -07:00			`includeCandidate = includePrivates or (obj.jobProfileApproved and req.user and ('employer' in (req.user.permissions ? [])))`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`delete obj[prop] for prop in candidateProperties unless includeCandidate`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return obj`

			`waterfallFunctions: [`
			`# FB access token checking`
			`# Check the email is the same as FB reports`
			`(req, user, callback) ->`
			`fbID = req.query.facebookID`
			`fbAT = req.query.facebookAccessToken`
			`return callback(null, req, user) unless fbID and fbAT`
			`url = "https://graph.facebook.com/me?access_token=#{fbAT}"`
Fixed #180. 2014-03-31 13:56:13 -07:00			`request(url, (err, response, body) ->`
			`log.warn "Error grabbing FB token: #{err}" if err`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`body = JSON.parse(body)`
			`emailsMatch = req.body.email is body.email`
			`return callback(res:'Invalid Facebook Access Token.', code:422) unless emailsMatch`
			`callback(null, req, user)`
			`)`

			`# GPlus access token checking`
			`(req, user, callback) ->`
			`gpID = req.query.gplusID`
			`gpAT = req.query.gplusAccessToken`
			`return callback(null, req, user) unless gpID and gpAT`
			`url = "https://www.googleapis.com/oauth2/v2/userinfo?access_token=#{gpAT}"`
Fixed #180. 2014-03-31 13:56:13 -07:00			`request(url, (err, response, body) ->`
			`log.warn "Error grabbing G+ token: #{err}" if err`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`body = JSON.parse(body)`
			`emailsMatch = req.body.email is body.email`
			`return callback(res:'Invalid G+ Access Token.', code:422) unless emailsMatch`
			`callback(null, req, user)`
			`)`

			`# Email setting`
			`(req, user, callback) ->`
			`return callback(null, req, user) unless req.body.email?`
			`emailLower = req.body.email.toLowerCase()`
			`return callback(null, req, user) if emailLower is user.get('emailLower')`
			`User.findOne({emailLower:emailLower}).exec (err, otherUser) ->`
Fixed #180. 2014-03-31 13:56:13 -07:00			`log.error "Database error setting user email: #{err}" if err`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return callback(res:'Database error.', code:500) if err`

			`if (req.query.gplusID or req.query.facebookID) and otherUser`
			`# special case, log in as that user`
			`return req.logIn(otherUser, (err) ->`
			`return callback(res:'Facebook user login error.', code:500) if err`
			`return callback(null, req, otherUser)`
			`)`
			`r = {message:'is already used by another account', property:'email'}`
			`return callback({res:r, code:409}) if otherUser`
			`user.set('email', req.body.email)`
			`callback(null, req, user)`

			`# Name setting`
			`(req, user, callback) ->`
			`return callback(null, req, user) unless req.body.name`
			`nameLower = req.body.name?.toLowerCase()`
			`return callback(null, req, user) if nameLower is user.get('nameLower')`
			`User.findOne({nameLower:nameLower}).exec (err, otherUser) ->`
Fixed #180. 2014-03-31 13:56:13 -07:00			`log.error "Database error setting user name: #{err}" if err`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return callback(res:'Database error.', code:500) if err`
			`r = {message:'is already used by another account', property:'name'}`
			`return callback({res:r, code:409}) if otherUser`
			`user.set('name', req.body.name)`
			`callback(null, req, user)`
			`]`

			`getById: (req, res, id) ->`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 20:27:38 -08:00			`if req.user?._id.equals(id)`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`return @sendSuccess(res, @formatEntity(req, req.user, 256))`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`super(req, res, id)`
Added simulation counts. 2014-03-20 15:40:02 -07:00
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`getNamesByIds: (req, res) ->`
			`ids = req.query.ids or req.body.ids`
			`ids = ids.split(',') if _.isString ids`
			`ids = _.uniq ids`
Added simulation counts. 2014-03-20 15:40:02 -07:00
Made the wizard icons colored based on user settings. 2014-03-03 10:21:51 -08:00			`# TODO: Extend and repurpose this handler to return other public info about a user more flexibly,`
			`# say by a query parameter that lists public properties to return.`
			`returnWizard = req.query.wizard or req.body.wizard`
			`query = if returnWizard then {name:1, wizard:1} else {name:1}`
Added simulation counts. 2014-03-20 15:40:02 -07:00
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`makeFunc = (id) ->`
			`(callback) ->`
Made the wizard icons colored based on user settings. 2014-03-03 10:21:51 -08:00			`User.findById(id, query).exec (err, document) ->`
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`return done(err) if err`
Made the wizard icons colored based on user settings. 2014-03-03 10:21:51 -08:00			`if document and returnWizard`
			`callback(null, {name:document.get('name'), wizard:document.get('wizard') or {}})`
			`else`
			`callback(null, document?.get('name') or '')`
Added simulation counts. 2014-03-20 15:40:02 -07:00
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`funcs = {}`
			`for id in ids`
			`return errors.badInput(res, "Given an invalid id: #{id}") unless Handler.isID(id)`
			`funcs[id] = makeFunc(id)`
Added simulation counts. 2014-03-20 15:40:02 -07:00
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`async.parallel funcs, (err, results) ->`
			`return errors.serverError err if err`
			`res.send results`
			`res.end()`
Ready for action, sir! 2014-01-03 10:32:13 -08:00
Added a handler for fetching a user id given a name. 2014-02-27 14:07:11 -08:00			`nameToID: (req, res, name) ->`
Added an async name checker for the wizard settings modal. 2014-02-27 14:42:11 -08:00			`User.findOne({nameLower:name.toLowerCase()}).exec (err, otherUser) ->`
			`res.send(if otherUser then otherUser._id else JSON.stringify(''))`
Added a handler for fetching a user id given a name. 2014-02-27 14:07:11 -08:00			`res.end()`

Ready for action, sir! 2014-01-03 10:32:13 -08:00			`post: (req, res) ->`
			`return @sendBadInputError(res, 'No input.') if _.isEmpty(req.body)`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 20:27:38 -08:00			`return @sendBadInputError(res, 'Must have an anonymous user to post with.') unless req.user`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return @sendBadInputError(res, 'Existing users cannot create new ones.') unless req.user.get('anonymous')`
			`req.body._id = req.user._id if req.user.get('anonymous')`
			`@put(req, res)`

			`hasAccessToDocument: (req, document) ->`
			`if req.route.method in ['put', 'post', 'patch']`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 20:27:38 -08:00			`return true if req.user?.isAdmin()`
			`return req.user?._id.equals(document._id)`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return true`

			`getByRelationship: (req, res, args...) ->`
			`return @agreeToCLA(req, res) if args[1] is 'agreeToCLA'`
Added a url for looking up a user's icon. 2014-02-07 16:11:07 -08:00			`return @avatar(req, res, args[0]) if args[1] is 'avatar'`
Added a route for getting user names by id. 2014-02-17 15:19:19 -08:00			`return @getNamesByIds(req, res) if args[1] is 'names'`
Added a handler for fetching a user id given a name. 2014-02-27 14:07:11 -08:00			`return @nameToID(req, res, args[0]) if args[1] is 'nameToID'`
Fixed 101: added level completion status to /play. 2014-03-31 15:48:22 -07:00			`return @getLevelSessions(req, res, args[0]) if args[1] is 'level.sessions'`
Loading active candidate profiles from the database into a table for employers. 2014-04-06 17:01:56 -07:00			`return @getCandidates(req, res) if args[1] is 'candidates'`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return @sendNotFoundError(res)`
Merge branch 'backbone_mediator' of https://github.com/rubenvereecken/codecombat into feature/jsondiffpatch Conflicts: app/initialize.coffee bower.json 2014-04-11 10:33:22 -07:00			`super(arguments...)`
A few updates to the contributors lists. 2014-02-01 08:22:26 -08:00
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`agreeToCLA: (req, res) ->`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 20:27:38 -08:00			`return @sendUnauthorizedError(res) unless req.user`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`doc =`
			`user: req.user._id+''`
			`email: req.user.get 'email'`
			`name: req.user.get 'name'`
			`githubUsername: req.body.githubUsername`
Fixed the CLA date property setting. 2014-01-05 16:02:50 -08:00			`created: new Date()+''`
Fixed CLA signing bug Fat arrows to the rescue! 2014-01-18 10:16:55 -08:00			`collection = mongoose.connection.db.collection 'cla.submissions', (err, collection) =>`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return @sendDatabaseError(res, err) if err`
Fixed CLA signing bug Fat arrows to the rescue! 2014-01-18 10:16:55 -08:00			`collection.insert doc, (err) =>`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return @sendDatabaseError(res, err) if err`
			`req.user.set('signedCLA', doc.created)`
Fixed CLA signing bug Fat arrows to the rescue! 2014-01-18 10:16:55 -08:00			`req.user.save (err) =>`
Ready for action, sir! 2014-01-03 10:32:13 -08:00			`return @sendDatabaseError(res, err) if err`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 23:13:47 +01:00			`@sendSuccess(res, {result:'success'})`
Ready for action, sir! 2014-01-03 10:32:13 -08:00
Added a url for looking up a user's icon. 2014-02-07 16:11:07 -08:00			`avatar: (req, res, id) ->`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`@modelClass.findById(id).exec (err, document) =>`
Added a url for looking up a user's icon. 2014-02-07 16:11:07 -08:00			`return @sendDatabaseError(res, err) if err`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`photoURL = document?.get('photoURL')`
			`photoURL \|\|= @buildGravatarURL document`
			`res.redirect photoURL`
Added a url for looking up a user's icon. 2014-02-07 16:11:07 -08:00			`res.end()`

Fixed 101: added level completion status to /play. 2014-03-31 15:48:22 -07:00			`getLevelSessions: (req, res, userID) ->`
			`return @sendUnauthorizedError(res) unless req.user._id+'' is userID or req.user.isAdmin()`
			`query = {'creator': userID}`
			`projection = null`
			`if req.query.project`
			`projection = {}`
			`projection[field] = 1 for field in req.query.project.split(',')`
			`LevelSession.find(query).select(projection).exec (err, documents) =>`
			`return @sendDatabaseError(res, err) if err`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`documents = (LevelSessionHandler.formatEntity(req, doc) for doc in documents)`
Fixed 101: added level completion status to /play. 2014-03-31 15:48:22 -07:00			`@sendSuccess(res, documents)`

Loading active candidate profiles from the database into a table for employers. 2014-04-06 17:01:56 -07:00			`getCandidates: (req, res) ->`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`authorized = req.user.isAdmin() or ('employer' in req.user.get('permissions'))`
			`since = (new Date((new Date()) - 2 * 30.4 * 86400 * 1000)).toISOString()`
			`#query = {'jobProfileApproved': true, 'jobProfile.active': true, 'jobProfile.updated': {$gt: since}}`
			`query = {'jobProfile.active': true, 'jobProfile.updated': {$gt: since}} # testing`
Finished most of basic features for job profiles. 2014-04-07 17:58:02 -07:00			`query.jobProfileApproved = true unless req.user.isAdmin()`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`selection = 'jobProfile'`
Finished most of basic features for job profiles. 2014-04-07 17:58:02 -07:00			`selection += ' email' if authorized`
			`selection += ' jobProfileApproved' if req.user.isAdmin()`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`User.find(query).select(selection).exec (err, documents) =>`
Loading active candidate profiles from the database into a table for employers. 2014-04-06 17:01:56 -07:00			`return @sendDatabaseError(res, err) if err`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`candidates = (@formatCandidate(authorized, doc) for doc in documents)`
			`@sendSuccess(res, candidates)`

			`formatCandidate: (authorized, document) ->`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`fields = if authorized then ['jobProfile', 'jobProfileApproved', 'photoURL', '_id'] else ['jobProfile']`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`obj = _.pick document.toObject(), fields`
Added specific job profile photo support. Improved right column design a bit. 2014-04-10 17:54:28 -07:00			`obj.photoURL \|\|= obj.jobProfile.photoURL if authorized`
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`obj.photoURL \|\|= @buildGravatarURL document if authorized`
Added some i18n and improved employer page. 2014-04-11 12:49:44 -07:00			`subfields = ['country', 'city', 'lookingFor', 'jobTitle', 'skills', 'experience', 'updated']`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`if authorized`
Added some i18n and improved employer page. 2014-04-11 12:49:44 -07:00			`subfields = subfields.concat ['name']`
More work on the job profiles. 2014-04-07 15:21:05 -07:00			`obj.jobProfile = _.pick obj.jobProfile, subfields`
			`obj`
Fixed 101: added level completion status to /play. 2014-03-31 15:48:22 -07:00
Ripped out Gravatar profiles in favor of our own photo uploads, with Gravatar and Wizard portrait fallbacks. 2014-04-09 16:46:44 -07:00			`buildGravatarURL: (user) ->`
			`emailHash = @buildEmailHash user`
			`defaultAvatar = "http://codecombat.com/file/db/thang.type/52a00d55cf1818f2be00000b/portrait.png"`
			`"https://www.gravatar.com/avatar/#{emailHash}?default=#{defaultAvatar}"`

			`buildEmailHash: (user) ->`
			`# emailHash is used by gravatar`
			`hash = crypto.createHash('md5')`
			`if user.get('email')`
			`hash.update(_.trim(user.get('email')).toLowerCase())`
			`else`
			`hash.update(user.get('_id') + '')`
			`hash.digest('hex')`
Fixed 101: added level completion status to /play. 2014-03-31 15:48:22 -07:00
whatever 2014-03-16 19:11:55 +04:00			`module.exports = new UserHandler()`
No results found.