Merge pull request #513 from Martii/Issue-261RemoveReasons

Support existing incompleted "reason" value for remove user and script

Auto-merge with private sizzle approval to temporarily bypass section block in #262

Author: Martii

controllers/remove.js

@@ -11,18 +11,40 @@ var Script = require('../models/script').Script;
 var User = require('../models/user').User;
 var destroySessions = require('../libs/modifySessions').destroy;
 
+var formidable = require('formidable');
+var statusCodePage = require('../libs/templateHelpers').statusCodePage;
+
 // Simple controller to remove content and save it in the graveyard
 exports.rm = function (aReq, aRes, aNext) {
   var type = aReq.params[0];
   var path = aReq.params[1];
   var authedUser = aReq.session.user;
 
+  var form = null;
+  var reason = null;
+
+  if (!/multipart\/form-data/.test(aReq.headers['content-type'])) {
+    return aNext();
+  }
+
+  form = new formidable.IncomingForm();
+  form.parse(aReq, function (aErr, aFields) {
+    reason = aFields.reason.trim();
+  });
+
+  if (!reason || reason === '' || /^User removed$/i.test(reason)) {
+    return statusCodePage(aReq, aRes, aNext, {
+      statusCode: 403,
+      statusMessage: 'Invalid reason for removal.'
+    });
+  }
+
   switch (type) {
     case 'scripts':
     case 'libs':
       path += type === 'libs' ? '.js' : '.user.js';
       Script.findOne({ installName: path }, function (aErr, aScript) {
-        removeLib.remove(Script, aScript, authedUser, '', function (aRemoved) {
+        removeLib.remove(Script, aScript, authedUser, reason, function (aRemoved) {
           if (!aRemoved) { return aNext(); }
           aRes.redirect('/');
         });
@@ -31,7 +53,7 @@ exports.rm = function (aReq, aRes, aNext) {
     case 'users':
       User.findOne({ name: { $regex: new RegExp('^' + path + '$', "i") } },
         function (aErr, aUser) {
-          removeLib.remove(User, aUser, authedUser, '', function (aRemoved) {
+          removeLib.remove(User, aUser, authedUser, reason, function (aRemoved) {
             if (!aRemoved) { return aNext(); }
 
             // Destory all the sessions belonging to the removed user

libs/remove.js

@@ -78,7 +78,7 @@ exports.remove = function (aModel, aContent, aUser, aReason, aCallback) {
         model.find({ _authorId: aContent._id },
           function (aErr, aContentArr) {
             async.each(aContentArr, function (aContent, innerCb) {
-              remove(model, aContent, aUser, null, innerCb);
+              remove(model, aContent, aUser, 'User removed', innerCb);
             }, aCallback);
           });
       }, function () {

views/includes/scriptModals.html

@@ -32,7 +32,9 @@ <h4 class="modal-title">Remove {{script.fullName}}</h4>
         <p>Are you sure you want to remove this script? You cannot undo this.</p>
       </div>
       <div class="modal-footer">
-        <form action="{{{script.scriptRemovePageUrl}}}" method="post">
+        <form action="{{{script.scriptRemovePageUrl}}}" method="post" enctype="multipart/form-data">
+          <input type="text" class="form-control" name="reason" placeholder="Reason for removal.">
+          <br />
           <button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-fw fa-close"></i> Close</button>
           <input type="hidden" name="remove" value="true">
           <button type="submit" class="btn btn-danger"><i class="fa fa-fw fa-ban"></i> Remove</button>

views/includes/userModals.html

@@ -10,7 +10,9 @@ <h4 class="modal-title">Remove {{user.name}}</h4>
         <p>Are you sure you want to remove this user? You cannot undo this.</p>
       </div>
       <div class="modal-footer">
-        <form action="{{{user.userRemovePageUrl}}}" method="post">
+        <form action="{{{user.userRemovePageUrl}}}" method="post" enctype="multipart/form-data">
+          <input type="text" class="form-control" name="reason" placeholder="Reason for removal.">
+          <br />
           <button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-fw fa-close"></i> Close</button>
           <input type="hidden" name="remove" value="true">
           <button type="submit" class="btn btn-danger"><i class="fa fa-fw fa-ban"></i> Remove</button>