f.weber/homebrewery
0
0
Fork 0
mirror of https://github.com/naturalcrit/homebrewery.git synced 2026-01-05 05:52:46 +00:00
Code Wiki Activity

Fix sanitizing brews in user page, hide own G brews on other profiles

Browse Source
This commit is contained in:
Trevor Buckner
2021-06-10 14:22:12 -04:00
parent 19456e8be0
commit f80d5e6b52
5 changed files with 9420 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog.md
View File

@@ -6,9 +6,10 @@ h5 {
# changelog # changelog
### Saturday, 10/6/2021 - v2.12.0 ### Thursday, 10/6/2021 - v2.12.0
- New "style" tab to better organize custom CSS in preparation for new themes and sharable styles. - New "style" tab to better organize custom CSS in preparation for new themes and sharable styles.
- Your own Google brews will no longer show up in the list when viewing someone else's profile.
### Saturday, 02/5/2021 - v2.11.2 ### Saturday, 02/5/2021 - v2.11.2

2
client/homebrew/homebrew.jsx
View File

@@ -31,7 +31,7 @@ const Homebrew = createClass({
} }
}; };
}, },
componentWillMount : function() { componentDidMount : function() {
global.account = this.props.account; global.account = this.props.account;
global.version = this.props.version; global.version = this.props.version;
global.enable_v3 = this.props.enable_v3; global.enable_v3 = this.props.enable_v3;

9433
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

28
server.js
View File

@@ -138,25 +138,25 @@ app.get('/download/:id', asyncHandler(async (req, res)=>{
//User Page //User Page
app.get('/user/:username', async (req, res, next)=>{ app.get('/user/:username', async (req, res, next)=>{
const fullAccess = req.account && (req.account.username == req.params.username); const ownAccount = req.account && (req.account.username == req.params.username);
let googleBrews = []; let brews = await HomebrewModel.getByUser(req.params.username, ownAccount)
if(req.account && req.account.googleId){
googleBrews = await GoogleActions.listGoogleBrews(req, res)
.catch((err)=>{
console.error(err);
});
}
const brews = await HomebrewModel.getByUser(req.params.username, fullAccess)
.catch((err)=>{ .catch((err)=>{
console.log(err); console.log(err);
}); });
if(googleBrews) { if(ownAccount && req?.account?.googleId){
req.brews = _.concat(brews, googleBrews); const googleBrews = await GoogleActions.listGoogleBrews(req, res)
} else {req.brews = brews;} .catch((err)=>{
console.error(err);
});
brews = _.concat(brews, googleBrews);
}
req.brews = _.map(brews, (brew)=>{
return sanitizeBrew(brew, !ownAccount);
});
return next(); return next();
}); });

4
server/homebrew.model.js
View File

@@ -58,9 +58,7 @@ HomebrewSchema.statics.getByUser = function(username, allowAccess=false){
} }
Homebrew.find(query, (err, brews)=>{ Homebrew.find(query, (err, brews)=>{
if(err) return reject('Can not find brew'); if(err) return reject('Can not find brew');
return resolve(_.map(brews, (brew)=>{ return resolve(brews);
return brew.sanatize(!allowAccess);
}));
}); });
}); });
}; };