}); }); function respondForum (req, res) { var forum = expose(keys)(req.forum); if (req.user) { forum.privileges = privileges.all(req.forum, req.user); } else { forum.privileges = {}; } return res.status(200).json(forum); } app.get('/forum', middlewares.findForumByName, middlewares.privileges('canView'), respondForum ); app.get('/forum/:id', middlewares.findForum, middlewares.privileges('canView'), respondForum ); app.get('/forum/:id/permissions', restrict, middlewares.findForum, middlewares.privileges('canEdit'), function (req, res) { if (!mongoose.Types.ObjectId.isValid(req.params.id)) {
if (!topic.forum) { log('Error finding forum of comment: %s', topic.forum) return res.status(500).send() } api.forum.findById(topic.forum, function (_err, forum) { if (_err || !forum) return _handleError(_err, req, res) req.forum = forum next() }) }) }) }) app.post('/comment/:id/reply', restrict, privileges('canVoteAndComment'), function (req, res) { log('Request /comment/%s/reply %j', req.params.id, req.body.reply) var reply = req.body.reply reply.author = req.user api.comment.reply(req.params.id, reply, function (err, replyDoc) { if (err) return _handleError(err, req, res) log('Serving reply %j', replyDoc) var keys = [ 'id createdAt text', 'author.id author.fullName author.avatar' ].join(' ') res.json(expose(keys)(replyDoc))