From a98deb1ff8e52602456482f6f51d42838c729f1d Mon Sep 17 00:00:00 2001
From: Nick Winter <livelily@gmail.com>
Date: Tue, 16 Dec 2014 18:57:54 -0800
Subject: [PATCH 1/2] Making item requiring smarter about which slots can be
 required for non-warriors.

---
 app/lib/LevelOptions.coffee               |  4 +--
 app/views/play/menu/InventoryModal.coffee | 43 ++++++++++++-----------
 2 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/app/lib/LevelOptions.coffee b/app/lib/LevelOptions.coffee
index e1bf89da7..a167745cf 100644
--- a/app/lib/LevelOptions.coffee
+++ b/app/lib/LevelOptions.coffee
@@ -306,7 +306,7 @@ module.exports = LevelOptions =
     requiredGear: {}
     restrictedGear: {}
   'the-mighty-sand-yak':
-    requiredGear: {}
+    #requiredGear: {neck: 'rough-sense-stone'}  # Too many players probably won't have this, and we don't have a way to require players to buy it yet.
     restrictedGear: {}
   'oasis':
     requiredGear: {}
@@ -321,7 +321,7 @@ module.exports = LevelOptions =
     requiredGear: {}
     restrictedGear: {}
   'medical-attention':
-    requiredGear: {}  # sense stone
+    #requiredGear: {neck: 'polished-sense-stone'}  # We don't have a way to require players to buy it yet.
     restrictedGear: {}
   'minesweeper':
     requiredGear: {}
diff --git a/app/views/play/menu/InventoryModal.coffee b/app/views/play/menu/InventoryModal.coffee
index 0a06212ac..fe1b44441 100644
--- a/app/views/play/menu/InventoryModal.coffee
+++ b/app/views/play/menu/InventoryModal.coffee
@@ -379,26 +379,27 @@ module.exports = class InventoryModal extends ModalView
           console.log 'Unequipping restricted item', restrictedGear[slot], 'for', slot, 'before level', @options.levelID
           @unequipItemFromSlot @$el.find(".item-slot[data-slot='#{slot}']")
           delete equipment[slot]
-      if (heroClass is 'Warrior' or
-          (heroClass is 'Ranger' and @options.levelID in ['swift-dagger', 'shrapnel']) or
-          (heroClass is 'Wizard' and @options.levelID in ['touch-of-death', 'bonemender']))
-        # After they switch to a ranger or wizard, we stop being so finicky about gear.
-        for slot, item of requiredGear
-          continue if item is 'tarnished-bronze-breastplate' and inWorldMap and @options.levelID is 'the-raised-sword'  # Don't tell them they need it until they need it in the level
-          equipped = equipment[slot]
-          continue if equipped and not (
-            (item is 'crude-builders-hammer' and equipped in [gear['simple-sword'], gear['long-sword'], gear['sharpened-sword'], gear['roughedge']]) or
-            (item in ['simple-sword', 'long-sword', 'roughedge', 'sharpened-sword'] and equipped is gear['crude-builders-hammer']) or
-            (item is 'leather-boots' and equipped is gear['simple-boots']) or
-            (item is 'simple-boots' and equipped is gear['leather-boots'])
-          )
-          itemModel = @items.findWhere {slug: item}
-          continue unless itemModel
-          availableSlotSelector = "#unequipped .item[data-item-id='#{itemModel.id}']"
-          @highlightElement availableSlotSelector, delay: 500, sides: ['right'], rotation: Math.PI / 2
-          @$el.find(availableSlotSelector).addClass 'should-equip'
-          @$el.find("#equipped div[data-slot='#{slot}']").addClass 'should-equip'
-          @remainingRequiredEquipment.push slot: slot, item: gear[item]
+      for slot, item of requiredGear
+        if (slot in ['right-hand', 'left-hand', 'head', 'torso']) and not (heroClass is 'Warrior' or
+            (heroClass is 'Ranger' and @options.levelID in ['swift-dagger', 'shrapnel']) or
+            (heroClass is 'Wizard' and @options.levelID in ['touch-of-death', 'bonemender']))
+          # After they switch to a ranger or wizard, we stop being so finicky about class-specific gear.
+          continue
+        continue if item is 'tarnished-bronze-breastplate' and inWorldMap and @options.levelID is 'the-raised-sword'  # Don't tell them they need it until they need it in the level
+        equipped = equipment[slot]
+        continue if equipped and not (
+          (item is 'crude-builders-hammer' and equipped in [gear['simple-sword'], gear['long-sword'], gear['sharpened-sword'], gear['roughedge']]) or
+          (item in ['simple-sword', 'long-sword', 'roughedge', 'sharpened-sword'] and equipped is gear['crude-builders-hammer']) or
+          (item is 'leather-boots' and equipped is gear['simple-boots']) or
+          (item is 'simple-boots' and equipped is gear['leather-boots'])
+        )
+        itemModel = @items.findWhere {slug: item}
+        continue unless itemModel
+        availableSlotSelector = "#unequipped .item[data-item-id='#{itemModel.id}']"
+        @highlightElement availableSlotSelector, delay: 500, sides: ['right'], rotation: Math.PI / 2
+        @$el.find(availableSlotSelector).addClass 'should-equip'
+        @$el.find("#equipped div[data-slot='#{slot}']").addClass 'should-equip'
+        @remainingRequiredEquipment.push slot: slot, item: gear[item]
       if hadRequired and not @remainingRequiredEquipment.length
         @endHighlight()
         @highlightElement '#play-level-button', duration: 5000
@@ -626,3 +627,5 @@ gear =
   'enchanted-stick': '544d87188494308424f564f1'
   'unholy-tome-i': '546374bc3839c6e02811d308'
   'book-of-life-i': '546375653839c6e02811d30b'
+  'rough-sense-stone': '54693140a2b1f53ce79443bc'
+  'polished-sense-stone': '53e215a253457600003e3eaf'

From 9baef64dd095e30e95c7d6c4065ee9c93a6fab89 Mon Sep 17 00:00:00 2001
From: Matt Lott <mattlott@live.com>
Date: Tue, 16 Dec 2014 21:45:17 -0800
Subject: [PATCH 2/2] Fix double 403 in Handler.get

---
 server/analytics/analytics_log_event_handler.coffee | 2 +-
 server/commons/Handler.coffee                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/analytics/analytics_log_event_handler.coffee b/server/analytics/analytics_log_event_handler.coffee
index 0c512ab74..18c5d5020 100644
--- a/server/analytics/analytics_log_event_handler.coffee
+++ b/server/analytics/analytics_log_event_handler.coffee
@@ -10,7 +10,7 @@ class AnalyticsLogEventHandler extends Handler
   ]
 
   hasAccess: (req) ->
-    req.method in ['PUT', 'POST'] or req.user?.isAdmin()
+    req.method in ['POST'] or req.user?.isAdmin()
 
   makeNewInstance: (req) ->
     instance = super(req)
diff --git a/server/commons/Handler.coffee b/server/commons/Handler.coffee
index 0c1b68a2e..2b3d7b96e 100644
--- a/server/commons/Handler.coffee
+++ b/server/commons/Handler.coffee
@@ -106,7 +106,7 @@ module.exports = class Handler
 
   # generic handlers
   get: (req, res) ->
-    @sendForbiddenError(res) if not @hasAccess(req)
+    return @sendForbiddenError(res) if not @hasAccess(req)
 
     specialParameters = ['term', 'project', 'conditions']