From 9ed63c528951168bd386e48153b962aa142d4ac9 Mon Sep 17 00:00:00 2001
From: chapel <jacob.chapel@gmail.com>
Date: Sat, 12 Nov 2011 14:11:23 -0800
Subject: [PATCH] Sanitize schools and make sure courses are sent out

---
 app.js    | 12 +++++++-----
 models.js | 10 ++++++++++
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/app.js b/app.js
index 6b6f8b0..601dda1 100644
--- a/app.js
+++ b/app.js
@@ -486,6 +486,7 @@ app.get( '/', loadUser, function( req, res ) {
 app.get( '/schools', checkAjax, loadUser, function( req, res ) {
   var user = req.user;
 
+  var schoolList = [];
   // Find all schools and sort by name
   // XXX mongoose's documentation on sort is extremely poor, tread carefully
   School.find( {} ).sort( 'name', '1' ).run( function( err, schools ) {
@@ -499,19 +500,20 @@ app.get( '/schools', checkAjax, loadUser, function( req, res ) {
           school.authorize( user, function( authorized ) {
             // This is used to display interface elements for those users
             // that are are allowed to see them, for instance a 'New Course' button.
-            school.authorized = authorized;
-
+            var sanitizedSchool = school.sanitized;
+            sanitizedSchool.authorized = authorized;
             // Find all courses for school by it's id and sort by name
             Course.find( { 'school' : school._id } ).sort( 'name', '1' ).run( function( err, courses ) {
               // If any courses are found, set them to the appropriate school, otherwise
               // leave empty.
               if( courses.length > 0 ) {
-                school.courses = courses.filter(function(course) {
+                sanitizedSchool.courses = courses.filter(function(course) {
                   if (!course.deleted) return course;
                 });
               } else {
-                school.courses = [];
+                sanitizedSchool.courses = [];
               }
+              schoolList.push(sanitizedSchool);
               // This tells async (the module) that each iteration of forEach is
               // done and will continue to call the rest until they have all been
               // completed, at which time the last function below will be called.
@@ -522,7 +524,7 @@ app.get( '/schools', checkAjax, loadUser, function( req, res ) {
         // After all schools and courses have been found, render them
         function( err ) {
           //res.render( 'schools', { 'schools' : schools } );
-          res.json({ 'schools' : schools });
+          res.json({ 'schools' : schoolList });
         }
       );
     } else {
diff --git a/models.js b/models.js
index 347fa9a..87d5c72 100644
--- a/models.js
+++ b/models.js
@@ -132,6 +132,16 @@ var SchoolSchema = new Schema( {
 	users				: Array
 });
 
+SchoolSchema.virtual( 'sanitized' ).get(function() {
+  var school = {
+    name: this.name,
+    description: this.description,
+    url: this.url
+  }
+
+  return school;
+})
+
 SchoolSchema.method( 'authorize', function( user, cb ) {
 	return cb(user.admin || ( this.users.indexOf( user._id ) !== -1 ));
 });
-- 
2.25.1