diff --git a/opt/comments-server-side/ForumUser.js b/opt/comments-server-side/ForumUser.js index fbde5ca7854a04234ae51323d6826a2e52c77842..561c7a29ec75d1076dadea823b98c3eefdc11d7b 100644 --- a/opt/comments-server-side/ForumUser.js +++ b/opt/comments-server-side/ForumUser.js @@ -12,69 +12,60 @@ var ForumUser = exports.ForumUser = function(client) { ForumUser.prototype = { login: function(username, password, callback) { - var sql = "SELECT userid, usergroupid, membergroupids, email, username, password, salt FROM user WHERE username = ?", self = this; - this.client.query(sql, [username], + this.client.query(sql, [username], function(err, results, fields) { + if (err) { + callback(err); + return; + } - function selectCb(err, results, fields) { - if (err) { - callback(err); - return; - } + if (results.length == 0) { + callback("No such user"); + return; + } - if (results.length == 0) { - callback("No such user"); - return; - } + var user = results[0]; - if (!self.checkPassword(password, results[0].salt, results[0].password)) { - callback("Invalid password"); - return; - } + if (!self.checkPassword(password, user.salt, user.password)) { + callback("Invalid password"); + return; + } - var user = self.getUserFromResult(results[0]); + user.moderator = self.isModerator(user); - callback(null, user); - } - ); + callback(null, user); + }); }, clientUser: function(user) { - - crypto.createHash('md5').update(user.email).digest("hex"); - return { - emailHash: user.email, + emailHash: crypto.createHash('md5').update(user.email).digest("hex"), userName: user.username, userId: user.userid, - mod: _.include(user.membergroupids, 7) + mod: user.moderator }; }, checkPassword: function(password, salt, saltedPassword) { - password = crypto.createHash('md5').update(password).digest("hex") + salt; password = crypto.createHash('md5').update(password).digest("hex"); return password == saltedPassword; }, - getUserFromResult: function(result) { - - var ids, id; + isModerator: function(user) { + var COMMUNITY_SUPPORT_TEAM = 2; + var DEV_TEAM = 19; - if (result.membergroupids) { - ids = result.membergroupids.split(','); - result.membergroupids = []; - for (id in ids) { - result.membergroupids.push(Number(ids[id])); - } + if (typeof user.membergroupids === "string") { + var ids = _.map(user.membergroupids.split(','), parseInt); + } + else { + var ids = []; } - result.moderator = _.include(result.membergroupids, 7); - - return result; + return _.include(ids, COMMUNITY_SUPPORT_TEAM) || _.include(ids, DEV_TEAM); } }; diff --git a/opt/comments-server-side/util.js b/opt/comments-server-side/util.js index ff6b37c867c2cceeba802597f24d6a938871ecdf..8db8f6c106812f14f1a00eada9d432f1a296dd06 100644 --- a/opt/comments-server-side/util.js +++ b/opt/comments-server-side/util.js @@ -216,14 +216,6 @@ exports.findCommentMeta = function(req, res, next) { } }; -/** - * True if the user is moderator - */ -function isModerator(user) { - return _.include(user.membergroupids, 7); -} -exports.isModerator = isModerator; - /** * True if the user is author of the comment */ @@ -241,7 +233,7 @@ exports.isAuthor = isAuthor; * @param {Function} next */ exports.requireOwner = function(req, res, next) { - if (isModerator(req.session.user) || isAuthor(req.session.user, req.comment)) { + if (req.session.user.moderator || isAuthor(req.session.user, req.comment)) { next(); } else { @@ -430,7 +422,7 @@ exports.getCommentReads = function(req, res, next) { req.commentMeta = req.commentMeta || {}; req.commentMeta.reads = req.commentMeta.reads || []; - if (req.session.user && isModerator(req.session.user)) { + if (req.session.user && req.session.user.moderator) { Meta.find({ userId: req.session.user.userid }, function(err, commentMeta) {