codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2025-03-31 07:12:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added basic JSONP support for /auth/whoami public properties.

Browse source
This commit is contained in:
Nick Winter 2014-09-22 14:56:02 -07:00
parent de85d8c170
commit c54bf3553f
2 changed files with 7 additions and 4 deletions

5
server/routes/auth.coffee
View file

@ -74,7 +74,10 @@ module.exports.setup = (app) ->
sendSelf = (req, res) ->
res.setHeader('Content-Type', 'text/json')
res.send(UserHandler.formatEntity(req, req.user))
if req.query.callback
res.jsonp UserHandler.formatEntity(req, req.user, true)
else
res.send UserHandler.formatEntity(req, req.user, false)
res.end()
app.post('/auth/logout', (req, res) ->

6
server/users/user_handler.coffee
View file

@ -30,13 +30,13 @@ UserHandler = class UserHandler extends Handler
props.push @privateProperties... if req.user.isAdmin() # Admins are mad with power
props
formatEntity: (req, document) =>
formatEntity: (req, document, publicOnly=false) =>
return null unless document?
obj = document.toObject()
delete obj[prop] for prop in serverProperties
includePrivates = req.user and (req.user.isAdmin() or req.user._id.equals(document._id))
includePrivates = not publicOnly and (req.user and (req.user.isAdmin() or req.user._id.equals(document._id)))
delete obj[prop] for prop in @privateProperties unless includePrivates
includeCandidate = includePrivates or (obj.jobProfile?.active and req.user and ('employer' in (req.user.get('permissions') ? [])) and @employerCanViewCandidate req.user, obj)
includeCandidate = not publicOnly and (includePrivates or (obj.jobProfile?.active and req.user and ('employer' in (req.user.get('permissions') ? [])) and @employerCanViewCandidate req.user, obj))
delete obj[prop] for prop in candidateProperties unless includeCandidate
return obj