comments.js
2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
var express = require('express');
var router = express.Router();
var Comment = require('../models/Comment');
var Post = require('../models/Post');
var util = require('../util');
// create
router.post('/', util.isLoggedin, checkPostId, function(req, res){
var post = res.locals.post;
req.body.author = req.user._id;
req.body.post = post._id;
Comment.create(req.body, function(err, comment){
if(err){
req.flash('commentForm', { _id:null, form:req.body });
req.flash('commentError', { _id:null, parentComment:req.body.parentComment, errors:util.parseError(err) });
}
return res.redirect('/posts/'+post._id+res.locals.getPostQueryString());
});
});
// update
router.put('/:id', util.isLoggedin, checkPermission, checkPostId, function(req, res){
var post = res.locals.post;
req.body.updatedAt = Date.now();
Comment.findOneAndUpdate({_id:req.params.id}, req.body, {runValidators:true}, function(err, comment){
if(err){
req.flash('commentForm', { _id:req.params.id, form:req.body });
req.flash('commentError', { _id:req.params.id, parentComment:req.body.parentComment, errors:util.parseError(err) });
}
return res.redirect('/posts/'+post._id+res.locals.getPostQueryString());
});
});
// destroy
router.delete('/:id', util.isLoggedin, checkPermission, checkPostId, function(req, res){
var post = res.locals.post;
Comment.findOne({_id:req.params.id}, function(err, comment){
if(err) return res.json(err);
// save updated comment
comment.isDeleted = true;
comment.save(function(err, comment){
if(err) return res.json(err);
return res.redirect('/posts/'+post._id+res.locals.getPostQueryString());
});
});
});
module.exports = router;
// private functions
function checkPermission(req, res, next){
Comment.findOne({_id:req.params.id}, function(err, comment){
if(err) return res.json(err);
if(comment.author != req.user.id) return util.noPermission(req, res);
next();
});
}
function checkPostId(req, res, next){
Post.findOne({_id:req.query.postId}, function(err, post){
if(err) return res.json(err);
res.locals.post = post;
next();
});
}