var models = require('../models'); var Note = models.Note; var User = models.User; var Category = models.Category; var noteSafeParams = ["id", "link","description","title","icon","content", "userId", 'CategoryId']; var userSafeParams = ['id', 'name', 'username', 'bio', 'twitter_handle', 'site']; module.exports = function(app) { app.get('/notes', function(req, res) { models.sequelize.sync().on('success', function() { Note.findAll({attributes: noteSafeParams, include: [Category, {model: User, attributes: userSafeParams}]}).success(function(notes) { res.json(notes); }) }); }); app.post('/notes', function(req, res) { models.sequelize.sync().on('success', function() { Note.create({UserId: req.user.id, CategoryId: req.param('CategoryId'), link: req.param('link'), title: req.param('title'), content: req.param('content'), description: req.param('description'), icon: req.param('icon')}).success(function(notes) { res.json(notes); }) }); }); app.put('/notes', function(req, res) { var param; var updateParams = {}; var noteId = parseInt(req.param('id')); models.sequelize.sync().on('success', function() { Note.find({where: {id: noteId}, attributes: noteSafeParams, include: [Category]}).success(function(note) { // Return an 401 aunauthorized if a user tries to editor another user's note if(!req.user || req.user.id !== note.values.UserId) { res.status(401); res.json({error: "You are not authorized to edit this note"}); return; } // Loop through the noteSafeParams and update their values from the given ones. for(var i=0, l = noteSafeParams.length; i < l; i++ ) { param = noteSafeParams[i]; updateParams[param] = req.param(param); } note.updateAttributes(updateParams).success(function() { res.json(note); }); }); }); }); app.get('/notes/:id', function(req, res) { var noteId = parseInt(req.params.id, 10); // If a note is not found at the given id, return an empty object if(!noteId) { res.json({}); return; } models.sequelize.sync().on('success', function() { Note.find({where: {id: noteId}, attributes: noteSafeParams, include: [Category, {model: User, attributes: userSafeParams}]}).success(function(note) { res.json(note); }); }); }); };