mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2025-03-22 10:55:19 -04:00
Don't allow loading users sessions for non premium dashboards.
Hoist memberLimit variable Don't sort member's on the server side, let the client handle it Use mongo limits instead of breaking server side.
This commit is contained in:
Rob
parent
cde3b252da
commit
fcf0bc85fe
1 changed files with 7 additions and 7 deletions
|
|
@ -10,6 +10,8 @@ LevelSessionHandler = require '../levels/sessions/level_session_handler'
|
|||
User = require '../users/User'
|
||||
UserHandler = require '../users/user_handler'
|
||||
|
||||
memberLimit = 200
|
||||
|
||||
ClanHandler = class ClanHandler extends Handler
|
||||
modelClass: Clan
|
||||
jsonSchema: require '../../app/schemas/models/clan.schema'
|
||||
|
|
@ -94,17 +96,15 @@ ClanHandler = class ClanHandler extends Handler
|
|||
|
||||
getMemberAchievements: (req, res, clanID) ->
|
||||
# TODO: add tests
|
||||
memberLimit = 200
|
||||
Clan.findById clanID, (err, clan) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless clan
|
||||
memberIDs = _.map clan.get('members') ? [], (memberID) -> memberID.toHexString?() or memberID
|
||||
User.find {_id: {$in: memberIDs}}, 'nameLower', {sort: {nameLower: 1}}, (err, users) =>
|
||||
User.find {_id: {$in: memberIDs}}, 'nameLower', {limit: memberLimit}, (err, users) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
memberIDs = []
|
||||
for user in users
|
||||
memberIDs.push user.id
|
||||
break unless memberIDs.length < memberLimit
|
||||
EarnedAchievement.find {user: {$in: memberIDs}}, 'achievementName user', (err, documents) =>
|
||||
return @sendDatabaseError(res, err) if err?
|
||||
cleandocs = (EarnedAchievementHandler.formatEntity(req, doc) for doc in documents)
|
||||
|
|
@ -115,8 +115,8 @@ ClanHandler = class ClanHandler extends Handler
|
|||
Clan.findById clanID, (err, clan) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless clan
|
||||
memberIDs = clan.get('members') ? []
|
||||
User.find {_id: {$in: memberIDs}}, 'name nameLower points heroConfig.thangType', {sort: {nameLower: 1}}, (err, users) =>
|
||||
memberIDs = _.map clan.get('members') ? [], (memberID) -> memberID.toHexString?() or memberID
|
||||
User.find {_id: {$in: memberIDs}}, 'name nameLower points heroConfig.thangType', {}, (err, users) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
cleandocs = (UserHandler.formatEntity(req, doc) for doc in users)
|
||||
@sendSuccess(res, cleandocs)
|
||||
|
|
@ -124,12 +124,12 @@ ClanHandler = class ClanHandler extends Handler
|
|||
getMemberSessions: (req, res, clanID) ->
|
||||
# TODO: add tests
|
||||
# TODO: restrict information returned based on clan type
|
||||
memberLimit = 200
|
||||
Clan.findById clanID, (err, clan) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
return @sendNotFoundError(res) unless clan
|
||||
return @sendForbiddenError(res) unless clan.get('dashboardType') is 'premium'
|
||||
memberIDs = _.map clan.get('members') ? [], (memberID) -> memberID.toHexString?() or memberID
|
||||
User.find {_id: {$in: memberIDs}}, 'name', {sort: {name: 1}}, (err, users) =>
|
||||
User.find {_id: {$in: memberIDs}}, 'name', {limit: memberLimit}, (err, users) =>
|
||||
return @sendDatabaseError(res, err) if err
|
||||
memberIDs = []
|
||||
for user in users
|
||||
|
|
|
|||
Loading…
Reference in a new issue