f.weber/homebrewery
0
0
Fork 0
mirror of https://github.com/naturalcrit/homebrewery.git synced 2025-12-24 16:22:44 +00:00
Code Wiki Activity

Fix sanitizing brews in user page, hide own G brews on other profiles

Browse Source
This commit is contained in:
Trevor Buckner
2021-06-10 14:22:12 -04:00
parent 19456e8be0
commit f80d5e6b52
5 changed files with 9420 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog.md
View File

@@ -6,9 +6,10 @@ h5 {
# changelog
### Saturday, 10/6/2021 - v2.12.0
### Thursday, 10/6/2021 - v2.12.0
- New "style" tab to better organize custom CSS in preparation for new themes and sharable styles.
- Your own Google brews will no longer show up in the list when viewing someone else's profile.
### Saturday, 02/5/2021 - v2.11.2

2
client/homebrew/homebrew.jsx
View File

@@ -31,7 +31,7 @@ const Homebrew = createClass({
}
};
},
componentWillMount : function() {
componentDidMount : function() {
global.account = this.props.account;
global.version = this.props.version;
global.enable_v3 = this.props.enable_v3;

9433
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

28
server.js
View File

@@ -138,25 +138,25 @@ app.get('/download/:id', asyncHandler(async (req, res)=>{
//User Page
app.get('/user/:username', async (req, res, next)=>{
const fullAccess = req.account && (req.account.username == req.params.username);
const ownAccount = req.account && (req.account.username == req.params.username);
let googleBrews = [];
if(req.account && req.account.googleId){
googleBrews = await GoogleActions.listGoogleBrews(req, res)
.catch((err)=>{
console.error(err);
});
}
const brews = await HomebrewModel.getByUser(req.params.username, fullAccess)
let brews = await HomebrewModel.getByUser(req.params.username, ownAccount)
.catch((err)=>{
console.log(err);
});
if(googleBrews) {
req.brews = _.concat(brews, googleBrews);
} else {req.brews = brews;}
if(ownAccount && req?.account?.googleId){
const googleBrews = await GoogleActions.listGoogleBrews(req, res)
.catch((err)=>{
console.error(err);
});
brews = _.concat(brews, googleBrews);
}
req.brews = _.map(brews, (brew)=>{
return sanitizeBrew(brew, !ownAccount);
});
return next();
});

4
server/homebrew.model.js
View File

@@ -58,9 +58,7 @@ HomebrewSchema.statics.getByUser = function(username, allowAccess=false){
}
Homebrew.find(query, (err, brews)=>{
if(err) return reject('Can not find brew');
return resolve(_.map(brews, (brew)=>{
return brew.sanatize(!allowAccess);
}));
return resolve(brews);
});
});
};