REDO Bug 914904 Protect against SQL errors... 07ec508

mozilla · Sep 18, 2013 · ecec594 · ecec594
1 parent 3ee7177
commit ecec594
Showing 1 changed file with 29 additions and 3 deletions.
diff --git a/lib/events/controllers/events.js b/lib/events/controllers/events.js
@@ -53,6 +53,9 @@ module.exports = function(init) {
             var allowed = util.sans(SAFE_FIELDS, ['id', 'featured', 'picture']).concat('organizer');
 
             Event.create(event, allowed).success(picture_handler(picture, function (event) {
+                if (err)
+                    return res.reply(500, { error: err });
+
                 geocode_filler(event);
                 res.reply(201, 'Event created', { event: event_output_filter(event) },
                                                 { location: event.uri() });
@@ -103,6 +106,8 @@ module.exports = function(init) {
                     allowed.push('featured');
 
                 event.updateAttributes(changes, allowed).success(picture_handler(picture, function (event) {
+                    if (err)
+                        return res.reply(500, { error: err });
                     geocode_filler(event);
                     res.reply(200, 'Event modified', { event: event_output_filter(event) })
                 })).error(function(err) {
@@ -118,6 +123,10 @@ module.exports = function(init) {
                     if (picture)
                         s3.delete(picture);
                     res.reply(200, 'Event deleted');
+                }).error(function (err) {
+                    res.reply( 500, {
+                        error: err
+                    });
                 });
             }, true);
         },
@@ -175,9 +184,15 @@ module.exports = function(init) {
                 s3.put(picture.data, picture.type, function(f) {
                     if (event.picture)
                         s3.delete(event.picture);
-                    event.updateAttributes({ picture: s3.url(f) }).success(cb)
+                    event.updateAttributes({
+                        picture: s3.url(f)
+                    }).success(function (event) {
+                        cb(null, event);
+                    }).error(function( err) {
+                        cb(err);
+                    });
                 })
-            else cb(event);
+            else cb(null, event);
         }
     }
 
@@ -367,7 +382,10 @@ module.exports = function(init) {
                 var page  = Math.abs(parseInt(req.query._page)  || 0),
                     limit = Math.abs(parseInt(req.query._limit) || PAGE_SIZE);
 
-                Event.findAll({ offset: page * limit, limit: limit }).success(function(events) {
+                Event.findAll({
+                    offset: page * limit,
+                    limit: limit
+                }).success(function(events) {
                     var count = events.length;
 
                     _reply_events({
@@ -378,9 +396,17 @@ module.exports = function(init) {
                         offset:     page * limit,
                         events:     events
                     }, isAdmin);
+                }).error(function (err) {
+                    res.reply(500, {
+                        error: err
+                    });
                 });
             } else Event.all().success(function(events) {
                 _reply_events({ events: events }, isAdmin);
+            }).error(function (err) {
+                res.reply(500, {
+                  error: err
+                });
             });
         }
         if (req.session.username || requireAdmin)