From b04933c223ec43df391736b7fe3d4ae02fa7660c Mon Sep 17 00:00:00 2001 From: dsc Date: Mon, 9 Apr 2012 20:00:58 -0700 Subject: [PATCH] Makes Reportcard graphs read-only. --- lib/graph/graph-edit-view.co | 2 +- lib/graph/graph-model.co | 8 ++++---- lib/server/controllers/graph.co | 27 ++++++++++++++++++++++++--- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/lib/graph/graph-edit-view.co b/lib/graph/graph-edit-view.co index 42329be..33f4bab 100644 --- a/lib/graph/graph-edit-view.co +++ b/lib/graph/graph-edit-view.co @@ -262,7 +262,7 @@ GraphEditView = exports.GraphEditView = BaseView.extend do # {{{ updateURL: -> data = @toJSON() title = "#{@model.get('name') or 'New Graph'} | Edit Graph | GraphKit" - url = @toURL() + url = @toURL('edit') # console.log 'History.pushState', JSON.stringify(data), title, url History.pushState data, title, url diff --git a/lib/graph/graph-model.co b/lib/graph/graph-model.co index 87fb3d3..11e106d 100644 --- a/lib/graph/graph-model.co +++ b/lib/graph/graph-model.co @@ -270,10 +270,10 @@ Graph = exports.Graph = BaseModel.extend do # {{{ /** * @returns {String} URL identifying this model. */ - toURL: -> - slug = @get 'slug', '' - slug = "/#slug" if slug - "#{@urlRoot}#slug?#{@toKV { keepSlug: !!slug }}" + toURL: (action) -> + slug = @get 'slug' + path = _.compact [ @urlRoot, slug, action ] .join '/' + "#path?#{@toKV { keepSlug: !!slug }}" toString: -> "#{@ctorName}(id=#{@id}, cid=#{@cid})" # }}} diff --git a/lib/server/controllers/graph.co b/lib/server/controllers/graph.co index d557f74..d3921ce 100644 --- a/lib/server/controllers/graph.co +++ b/lib/server/controllers/graph.co @@ -12,6 +12,22 @@ Controller = require '../controller' * @class Resource controller for graph requests. */ class GraphController extends Controller + PROTECTED_GRAPH_IDS : <[ + unique_visitors + pageviews + pageviews_mobile + reach + commons + articles + articles_per_day + edits + new_editors + active_editors + active_editors_target + very_active_editors + ]> + PROTECT_GRAPHS : true + name : 'graphs' dataDir : 'data/graphs' -> super ... @@ -63,25 +79,30 @@ class GraphController extends Controller # GET /graphs/new new: (req, res) -> - ... + res.render 'graph/edit' # POST /graphs create: (req, res) -> return unless data = @processBody req, res file = @toFile data.id if exists file - return res.send { result:"error", message:"Graph already exists!" } + return res.send { result:"error", message:"Graph '#{data.id}' already exists!" } else fs.writeFile file, JSON.stringify(data), "utf8", @errorHandler(res, "Error writing graph!") # PUT /graphs/:graph update: (req, res) -> return unless data = @processBody req, res + if @PROTECT_GRAPHS and _ @PROTECTED_GRAPH_IDS .contains data.id + return res.send {result:"error", message:"Graph '#{data.id}' is read-only."}, 403 fs.writeFile @toFile(data.id), JSON.stringify(data), "utf8", @errorHandler(res, "Error writing graph!") # DELETE /graphs/:graph destroy: (req, res) -> - fs.unlink @toFile(req.param.graph), @errorHandler(res, "Graph does not exist!") + id = req.param.graph + if @PROTECT_GRAPHS and _ @PROTECTED_GRAPH_IDS .contains id + return res.send {result:"error", message:"Graph '#{id}' is read-only."}, 403 + fs.unlink @toFile(id), @errorHandler(res, "Graph '#{id}' does not exist!") ### Helpers -- 1.7.0.4