Don't allow loading users sessions for non premium dashboards.

Hoist memberLimit variable
Don't sort member's on the server side, let the client handle it
Use mongo limits instead of breaking server side.
This commit is contained in:
Rob 2015-11-04 17:01:05 -08:00
parent cde3b252da
commit fcf0bc85fe

View file

@ -10,6 +10,8 @@ LevelSessionHandler = require '../levels/sessions/level_session_handler'
User = require '../users/User'
UserHandler = require '../users/user_handler'
memberLimit = 200
ClanHandler = class ClanHandler extends Handler
modelClass: Clan
jsonSchema: require '../../app/schemas/models/clan.schema'
@ -94,17 +96,15 @@ ClanHandler = class ClanHandler extends Handler
getMemberAchievements: (req, res, clanID) ->
# TODO: add tests
memberLimit = 200
Clan.findById clanID, (err, clan) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless clan
memberIDs = _.map clan.get('members') ? [], (memberID) -> memberID.toHexString?() or memberID
User.find {_id: {$in: memberIDs}}, 'nameLower', {sort: {nameLower: 1}}, (err, users) =>
User.find {_id: {$in: memberIDs}}, 'nameLower', {limit: memberLimit}, (err, users) =>
return @sendDatabaseError(res, err) if err
memberIDs = []
for user in users
memberIDs.push user.id
break unless memberIDs.length < memberLimit
EarnedAchievement.find {user: {$in: memberIDs}}, 'achievementName user', (err, documents) =>
return @sendDatabaseError(res, err) if err?
cleandocs = (EarnedAchievementHandler.formatEntity(req, doc) for doc in documents)
@ -115,8 +115,8 @@ ClanHandler = class ClanHandler extends Handler
Clan.findById clanID, (err, clan) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless clan
memberIDs = clan.get('members') ? []
User.find {_id: {$in: memberIDs}}, 'name nameLower points heroConfig.thangType', {sort: {nameLower: 1}}, (err, users) =>
memberIDs = _.map clan.get('members') ? [], (memberID) -> memberID.toHexString?() or memberID
User.find {_id: {$in: memberIDs}}, 'name nameLower points heroConfig.thangType', {}, (err, users) =>
return @sendDatabaseError(res, err) if err
cleandocs = (UserHandler.formatEntity(req, doc) for doc in users)
@sendSuccess(res, cleandocs)
@ -124,12 +124,12 @@ ClanHandler = class ClanHandler extends Handler
getMemberSessions: (req, res, clanID) ->
# TODO: add tests
# TODO: restrict information returned based on clan type
memberLimit = 200
Clan.findById clanID, (err, clan) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res) unless clan
return @sendForbiddenError(res) unless clan.get('dashboardType') is 'premium'
memberIDs = _.map clan.get('members') ? [], (memberID) -> memberID.toHexString?() or memberID
User.find {_id: {$in: memberIDs}}, 'name', {sort: {name: 1}}, (err, users) =>
User.find {_id: {$in: memberIDs}}, 'name', {limit: memberLimit}, (err, users) =>
return @sendDatabaseError(res, err) if err
memberIDs = []
for user in users