From f35c14ee070181fa5162e8a2d8e1441431efb25c Mon Sep 17 00:00:00 2001
From: psychobunny <psycho.bunny@hotmail.com>
Date: Fri, 28 Feb 2014 15:58:29 -0500
Subject: [PATCH] bugfixes + cleanup for accounts and users routes

---
 src/controllers/accounts.js |  6 +++---
 src/controllers/users.js    |  4 ++--
 src/webserver.js            | 36 +++++++++++++++++++-----------------
 3 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js
index 725ef706c2..7b303ed6d3 100644
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@@ -164,9 +164,9 @@ accountsController.getAccount = function(req, res, next) {
 					userData.signature = signature;
 
 					if (res.locals.isAPI) {
-						res.json({});
+						res.json(userData);
 					} else {
-						res.render('account', {});
+						res.render('account', userData);
 					};
 				});
 			});
@@ -469,6 +469,6 @@ accountsController.uploadPicture = function (req, res, next) {
 			});
 		});
 	});
-});
+};
 
 module.exports = accountsController;
\ No newline at end of file
diff --git a/src/controllers/users.js b/src/controllers/users.js
index 977576fc10..12f267154f 100644
--- a/src/controllers/users.js
+++ b/src/controllers/users.js
@@ -1,4 +1,4 @@
-var usersController = {},
+var usersController = {};
 
 var async = require('async'),
 	user = require('./../user'),
@@ -124,7 +124,7 @@ usersController.getUsersForSearch = function(req, res, next) {
 		res.json(data);
 	} else {
 		res.render('users', data);
-	};
+	}
 };
 
 
diff --git a/src/webserver.js b/src/webserver.js
index 150a052987..220cb6e9b3 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -31,7 +31,6 @@ var path = require('path'),
 	controllers = require('./controllers'),
 
 	admin = require('./routes/admin'),
-	userRoute = require('./routes/user'),
 	apiRoute = require('./routes/api'),
 	feedsRoute = require('./routes/feeds'),
 	metaRoute = require('./routes/meta');
@@ -124,6 +123,9 @@ process.on('uncaughtException', function(err) {
 	};
 
 	app.checkAccountPermissions = function(req, res, next) {
+		var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
+
+		// this function requires userslug to be passed in. todo: /user/uploadpicture should pass in userslug I think
 		user.getUidByUserslug(req.params.userslug, function (err, uid) {
 			if (err) {
 				return next(err);
@@ -630,7 +632,6 @@ process.on('uncaughtException', function(err) {
 		auth.registerApp(app);
 		metaRoute.createRoutes(app);
 		admin.createRoutes(app);
-		userRoute.createRoutes(app);
 		apiRoute.createRoutes(app);
 		feedsRoute.createRoutes(app);
 
@@ -705,32 +706,33 @@ process.on('uncaughtException', function(err) {
 		app.get('/api/category/:category_id/:slug?', app.prepareAPI, controllers.categories.get);
 
 		/* Accounts */
-		app.get'/user/:userslug', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getAccount);
-		app.get'/api/user/:userslug', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getAccount);
+		app.get('/user/:userslug', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getAccount);
+		app.get('/api/user/:userslug', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getAccount);
 
-		app.get'/user/:userslug/following', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing);
-		app.get'/api/user/:userslug/following', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing);
+		app.get('/user/:userslug/following', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing);
+		app.get('/api/user/:userslug/following', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowing);
 
-		app.get'/user/:userslug/followers', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers);
-		app.get'/api/user/:userslug/followers', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers);
+		app.get('/user/:userslug/followers', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers);
+		app.get('/api/user/:userslug/followers', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getFollowers);
 
-		app.get'/user/:userslug/favourites', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites);
-		app.get'/api/user/:userslug/favourites', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites);
+		app.get('/user/:userslug/favourites', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites);
+		app.get('/api/user/:userslug/favourites', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.getFavourites);
 
-		app.get'/user/:userslug/posts', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getPosts);
-		app.get'/api/user/:userslug/posts', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getPosts);
+		app.get('/user/:userslug/posts', app.buildHeader, app.checkGlobalPrivacySettings, controllers.accounts.getPosts);
+		app.get('/api/user/:userslug/posts', app.prepareAPI, app.checkGlobalPrivacySettings, controllers.accounts.getPosts);
 
-		app.get'/user/:userslug/edit', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit);
-		app.get'/api/user/:userslug/edit', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit);
+		app.get('/user/:userslug/edit', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit);
+		app.get('/api/user/:userslug/edit', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountEdit);
 
 		// todo: admin recently gained access to this page, pls check if it actually works
-		app.get'/user/:userslug/settings', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings);
-		app.get'/api/user/:userslug/settings', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings);
+		app.get('/user/:userslug/settings', app.buildHeader, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings);
+		app.get('/api/user/:userslug/settings', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.accountSettings);
 
 		app.get('/api/user/uid/:uid', app.checkGlobalPrivacySettings, controllers.accounts.getUserByUID);
 
 		// this should have been in the API namespace
-		app.post'/user/uploadpicture', app.prepareAPI, app.checkGlobalPrivacySettings, app.checkAccountPermissions, controllers.accounts.uploadPicture);
+		// also, perhaps pass in :userslug so we can use checkAccountPermissions middleware, in future will allow admins to upload a picture for a user
+		app.post('/user/uploadpicture', app.prepareAPI, app.checkGlobalPrivacySettings, /*app.checkAccountPermissions,*/ controllers.accounts.uploadPicture);
 
 		/* Users */
 		app.get('/users', app.buildHeader, app.checkGlobalPrivacySettings, controllers.users.getOnlineUsers);