Skip to content

Commit

Permalink
Add confimation page for mail template deletion (Ticket cliftonc#100)…
Browse files Browse the repository at this point in the history 
…. Make utils.escapeHtmlQuotes safer. Fix required fields in mail template schema. Add error handling for missing fields.
  • Loading branch information
@gajohnson
gajohnson committed May 17, 2012
1 parent df99415 commit dc86663
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 20 deletions.
6 changes: 4 additions & 2 deletions lib/core/Router.js
View file
Expand Up @@ -159,8 +159,10 @@ var Router = function(moduleName, modulePath) {
};
if (!permit.allow) {
if (!allPages) {
req.flash('error', req.t(permit.msg));
res.statusCode = 401;
if (!req.cookies.logout) {
req.flash('error', req.t(permit.msg));
res.statusCode = 401;
}
res.redirect("/");
return group()();
} else {
Expand Down
7 changes: 6 additions & 1 deletion lib/core/Utils.js
View file
Expand Up @@ -69,6 +69,11 @@ module.exports = {

},
escapeHtmlQuotes: function (string) {
return string.replace(/\"/g, '"').replace(/\'/g, ''');
if (string && string.replace) {
return string.replace(/\"/g, '"').replace(/\'/g, ''');
}
else {
return string;
}
}
};
85 changes: 74 additions & 11 deletions modules/core/mail/mail.js
View file
Expand Up @@ -17,7 +17,7 @@ var routes = [
{path: 'POST /admin/mail/new', fn: newMailTemplate, permit:{}, admin:true},
{path: 'GET /admin/mail/edit/:id', fn: editMailTemplateForm, permit:{}, admin:true},
{path: 'POST /admin/mail/edit/:id', fn: editMailTemplate, permit:{}, admin:true},
{path: 'GET /admin/mail/delete/:id', fn: deleteMailTemplate, permit:{}, admin:true},
{path: 'GET /admin/mail/delete/:id', fn: deleteMailTemplateForm, permit:{}, admin:true},
{path: 'POST /admin/mail/delete/:id', fn: deleteMailTemplate, permit:{}, admin:true}
];

Expand Down Expand Up @@ -51,8 +51,8 @@ function init(module, app, next) {
var MailTemplate = new calipso.lib.mongoose.Schema({
name: {type: String, required: true, "default": ''},
to: {type: String, required: true},
subject: {type: String, required: true, "defualt": ''},
body: {type: String, required: true, "default": ''},
subject: {type: String, required: false, "defualt": ''},
body: {type: String, required: false, "default": ''},
event: {type: String, required: false}
});
calipso.db.model('MailTemplate', MailTemplate);
Expand All @@ -69,6 +69,7 @@ function bindEvents(){
return;
}
mailTemplates.forEach(function(mt){
if (!mt.event) return;
calipso.e.post(mt.event, module.name, function(e, data){
MailTemplate.find({event:e.substring(5)}, function(err, mts){
if(err || !mts){
Expand Down Expand Up @@ -247,6 +248,10 @@ function newMailTemplate(req, res, options, next) {
body:form.body
});
mt.save(function(err){
if (err) {
req.flash('error',req.t('You must fill in the required fields.' + err));
return next();
}
calipso.reloadConfig(mt.event, null, function(){
res.redirect('/admin/mail/show');
return next(err);
Expand Down Expand Up @@ -324,6 +329,10 @@ function editMailTemplate(req, res, options, next) {
mailTemplate.subject = form.subject;
mailTemplate.body = form.body;
mailTemplate.save(function(err){
if (err) {
req.flash('error',req.t('You must fill in the required fields.' + err));
return next();
}
calipso.reloadConfig(mailTemplate.event, null, function(){
res.redirect('/admin/mail/show');
return next(err);
Expand All @@ -333,19 +342,73 @@ function editMailTemplate(req, res, options, next) {
});
});
}
function deleteMailTemplate(req, res, options, next) {
var MailTemplate = calipso.db.model('MailTemplate');
function deleteMailTemplateForm(req, res, options, next) {
var id = req.moduleParams.id;
MailTemplate.findById(id, function(err, mailTemplate){
var template = calipso.modules.mail.templates.newTemplate;
var MailTemplate = calipso.db.model('MailTemplate');
if (!id) {
req.flash('error',req.t('The template you were deleting cannot be found.'));
return next();
}
MailTemplate.findById(id, function (err, mailTemplate) {
if(err || !mailTemplate) {
req.flash('error',req.t('The template you were deleting cannot be found.'));
return next();
}
mailTemplate.remove(function(err){
calipso.reloadConfig(mailTemplate.event, null, function(){
res.redirect('/admin/mail/show');
return next(err);
}); // Reinitialize calipso to pick up new event bindings
var form = {
id:'content-type-form',
title:'Are you sure you want to do this?',
description:'This action cannot be undone.',
type:'form',
method:'POST',
action:'/admin/mail/delete/' + id,
tabs:false,
fields:[
{
label:'Deleting',
description: mailTemplate.name,
name:'id',
type:'hidden',
value:mailTemplate.id
},
],
buttons:[
{
name:'delete',
type:'submit',
value:'Delete'
},
{
name:'cancel',
type:'button',
href:'/admin/mail/edit/' + id,
value:'Cancel'
}
]
};
calipso.form.render(form, null, req, function(form) {
calipso.theme.renderItem(req, res, template, 'content.new-mail-template', {form:form}, next);
});
});
}
function deleteMailTemplate(req, res, options, next) {
var MailTemplate = calipso.db.model('MailTemplate');
calipso.form.process(req, function(form) {
if (!form) {
req.flash('error',req.t('The template you were deleting cannot be found.'));
return next();
}
MailTemplate.findById(form.id, function (err, mailTemplate){
if (err || !mailTemplate) {
req.flash('error',req.t('The template you were deleting cannot be found.'));
return next();
}
mailTemplate.remove(function(err){
calipso.reloadConfig(mailTemplate.event, null, function(){
res.redirect('/admin/mail/show');
return next(err);
}); // Reinitialize calipso to pick up new event bindings
});
});
});
}
Expand Down
12 changes: 6 additions & 6 deletions modules/core/user/user.js
View file
Expand Up @@ -20,7 +20,7 @@ exports = module.exports = {
function route(req, res, module, app, next) {

var aPerm = calipso.permission.Helper.hasPermission("admin:user");

// Menu
res.menu.admin.addMenuItem(req, {name:'Security', path: 'admin/security', weight: 5, url:'', description: 'Users, Roles & Permissions ...', permit:aPerm });
res.menu.admin.addMenuItem(req, {name:'Users', path: 'admin/security/users', weight: 10, url: '/user/list', description: 'Manage users ...', permit:aPerm });
Expand Down Expand Up @@ -245,7 +245,7 @@ function roleForm(req, res, template, block, next) {
calipso.theme.renderItem(req, res, form, block, {}, next);
});
}

if (req.moduleParams.role) {
Role.findOne({_id:req.moduleParams.role}, function(err, role) {
finish(role);
Expand Down Expand Up @@ -531,7 +531,7 @@ function updateRole(req, res, template, block, next) {
role.save(function (err) {
if (err)
req.flash('error', req.t('There was an error {err}', {err:err}));

})
res.redirect('/admin/role/list');
});
Expand Down Expand Up @@ -752,7 +752,7 @@ calipso.lib.user = {createUserSession:createUserSession};
* Logout
*/
function logoutUser(req, res, template, block, next) {
var returnTo = req.moduleParams.returnto || null
var returnTo = req.moduleParams.returnto || null;
if(req.session && req.session.user) {

var User = calipso.db.model('User');
Expand All @@ -775,7 +775,7 @@ function logoutUser(req, res, template, block, next) {

} else {
// Fail quietly
res.redirect('back');
res.redirect(returnTo || 'back');
}

}
Expand Down Expand Up @@ -1162,7 +1162,7 @@ function install(next) {
self()(new Error("No administrative user details provided through login process!"));
}

},
},
function allDone(err) {
if(err) {
calipso.error("User module failed installation " + err.message);
Expand Down

0 comments on commit dc86663

Please sign in to comment.