krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-19 15:48:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

v3: limit fields of challenge tasks that can be updated

Browse Source
This commit is contained in:
Matteo Pagliazzi
2016-05-18 23:27:49 +02:00
parent 65c739f7de
commit e98930cd4a
3 changed files with 110 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
website/server/controllers/api-v3/tasks.js
View File

@@ -307,7 +307,18 @@ api.updateTask = {
// we have to convert task to an object because otherwise things don't get merged correctly. Bad for performances?
let [updatedTaskObj] = common.ops.updateTask(task.toObject(), req);
_.assign(task, Tasks.Task.sanitize(updatedTaskObj));
// Sanitize differently user tasks linked to a challenge
let sanitizedObj;
if (!challenge && task.userId && task.challenge && task.challenge.id) {
sanitizedObj = Tasks.Task.sanitizeUserChallengeTask(updatedTaskObj);
} else {
sanitizedObj = Tasks.Task.sanitize(updatedTaskObj);
}
_.assign(task, sanitizedObj);
// console.log(task.modifiedPaths(), task.toObject().repeat === tep)
// repeat is always among modifiedPaths because mongoose changes the other of the keys when using .toObject()
// see https://github.com/Automattic/mongoose/issues/2749