From b82a5461cea2901ead9c74cd2ef44cb139357678 Mon Sep 17 00:00:00 2001
From: Baris Soner Usakli <barisusakli@gmail.com>
Date: Thu, 20 Feb 2014 17:03:08 -0500
Subject: [PATCH] more cleanup to user routes

---
 src/routes/user.js | 116 +++++++++++++++------------------------------
 1 file changed, 39 insertions(+), 77 deletions(-)

diff --git a/src/routes/user.js b/src/routes/user.js
index 1575dbb726..45a0c7f20c 100644
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -45,18 +45,17 @@ var fs = require('fs'),
 
 		app.namespace('/user', function () {
 
-			function createRoute(routeName, path, templateName) {
-				app.get(routeName, function(req, res, next) {
-					if (!req.params.userslug) {
-						return next();
-					}
+			function createRoute(routeName, path, templateName, access) {
+
+				function isAllowed(req, res, next) {
+					var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
-					if (!req.user && (path === '/favourites' || !!parseInt(meta.config.privateUserInfo, 10))) {
+					if (!callerUID && !!parseInt(meta.config.privateUserInfo, 10)) {
 						return res.redirect('/403');
 					}
 
 					user.getUidByUserslug(req.params.userslug, function (err, uid) {
-						if(err) {
+						if (err) {
 							return next(err);
 						}
 
@@ -64,82 +63,50 @@ var fs = require('fs'),
 							return res.redirect('/404');
 						}
 
-						app.build_header({
-							req: req,
-							res: res
-						}, function (err, header) {
-							if(err) {
-								return next(err);
-							}
-							res.send(header + app.create_route('user/' + req.params.userslug + path, templateName) + templates['footer']);
-						});
-					});
-				})
-			}
+						if (parseInt(uid, 10) === callerUID) {
+							return next();
+						}
 
-			createRoute('/:userslug', '', 'account');
-			createRoute('/:userslug/following', '/following', 'following');
-			createRoute('/:userslug/followers', '/followers', 'followers');
-			createRoute('/:userslug/favourites', '/favourites', 'favourites');
-			createRoute('/:userslug/posts', '/posts', 'accountposts');
+						if (req.path.indexOf('/edit') !== -1) {
+							user.isAdministrator(callerUID, function(err, isAdmin) {
+								if(err) {
+									return next(err);
+								}
 
-			app.get('/:userslug/edit', function (req, res, next) {
+								if(!isAdmin) {
+									return res.redirect('/403');
+								}
 
-				if (!req.user) {
-					return res.redirect('/403');
+								next();
+							});
+						} else if (req.path.indexOf('/settings') !== -1 || req.path.indexOf('/favourites') !== -1) {
+							res.redirect('/403')
+						} else {
+							next();
+						}
+					});
 				}
 
-				user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
-					function done() {
-						app.build_header({
-							req: req,
-							res: res
-						}, function (err, header) {
-							res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']);
-						});
-					}
-
-					if(err || !userslug) {
-						return next(err);
-					}
-
-					if (userslug === req.params.userslug) {
-						return done();
-					}
-
-					user.isAdministrator(req.user.uid, function(err, isAdmin) {
+				app.get(routeName, isAllowed, function(req, res, next) {
+					app.build_header({
+						req: req,
+						res: res
+					}, function (err, header) {
 						if(err) {
 							return next(err);
 						}
-
-						if(!isAdmin) {
-							return res.redirect('/403');
-						}
-
-						done();
+						res.send(header + app.create_route('user/' + req.params.userslug + path, templateName) + templates['footer']);
 					});
 				});
-			});
-
-			app.get('/:userslug/settings', function (req, res) {
-
-				if (!req.user) {
-					return res.redirect('/403');
-				}
+			}
 
-				user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
-					if (req.params.userslug && userslug === req.params.userslug) {
-						app.build_header({
-							req: req,
-							res: res
-						}, function (err, header) {
-							res.send(header + app.create_route('user/' + req.params.userslug + '/settings', 'accountsettings') + templates['footer']);
-						})
-					} else {
-						return res.redirect('/404');
-					}
-				});
-			});
+			createRoute('/:userslug', '', 'account');
+			createRoute('/:userslug/following', '/following', 'following');
+			createRoute('/:userslug/followers', '/followers', 'followers');
+			createRoute('/:userslug/favourites', '/favourites', 'favourites');
+			createRoute('/:userslug/posts', '/posts', 'accountposts');
+			createRoute('/:userslug/edit', '/edit', 'accountedit');
+			createRoute('/:userslug/settings', '/settings', 'accountsettings');
 
 			app.post('/uploadpicture', function (req, res) {
 				if (!req.user) {
@@ -313,7 +280,6 @@ var fs = require('fs'),
 						});
 					});
 				});
-
 			});
 		}
 
@@ -512,8 +478,6 @@ var fs = require('fs'),
 			});
 		}
 
-
-
 		function getUsersSortedByJoinDate(req, res) {
 			user.getUsers('users:joindate', 0, 49, function (err, data) {
 				res.json({
@@ -677,9 +641,7 @@ var fs = require('fs'),
 					callback(null, userData);
 				});
 			});
-
 		}
-
 	};
 
 }(exports));