5 files changed, 43 insertions, 43 deletions

diff --git a/server/api/party.js b/server/api/party.js
index e0a9a22..53a0d32 100644
--- a/server/api/party.js
+++ b/server/api/party.js
@@ -1,8 +1,23 @@
+var _ = require('lodash'),
+    User = require('../models/User'),
+    Party = require('../models/Party'),
+    UserParty = require('../models/UserParty');
+
 module.exports = {
 	list: function (req, res) {
+		Party.all().success(function(parties){
+			res.json(parties)
+		})
 	},
 	
 	view: function (req, res) {
+		var party_id = res.body.party_id
+		UserParty.findAll({ where: { party_id: party_id } }).success(function(parties){
+			var user_ids = _.pluck(parties, user_id)
+			User.findAll({ where: { id: user_ids } }).success(function(users){
+				res.json(users)
+			})
+		})
 	},
 	
 	edit: function (req, res) {
diff --git a/server/api/user.js b/server/api/user.js
index b47d31a..49f70ff 100644
--- a/server/api/user.js
+++ b/server/api/user.js
@@ -1,5 +1,13 @@
+var _ = require('lodash'),
+    User = require('../models/User'),
+    Party = require('../models/Party'),
+    UserParty = require('../models/UserParty');
+
 module.exports = {
 	all: function (req, res) {
+		User.all().success(function(users){
+			res.json(users)
+		})
 	},
 	
 	view: function (req, res) {
@@ -9,5 +17,11 @@ module.exports = {
 	},
 
 	destroy: function (req, res) {
+		var id = req.body.id
+		if (! id) return res.status(500)
+		
+		User.destroy({id: id}).success(function(affectedRows) {
+			res.json({ status: 'ok' })
+		})
 	}
 }
diff --git a/server/auth/index.js b/server/auth/index.js
index 37b023f..b15094d 100644
--- a/server/auth/index.js
+++ b/server/auth/index.js
@@ -12,27 +12,31 @@ var auth = {
 	guestUser: {
 		id: "guest",
 		username: "guest",
+		access: 0,
 	},
 
 	init: function () { 
 		passport.serializeUser(auth.serializeUser);
 		passport.deserializeUser(auth.deserializeUser);
-		
 		passport.use(new LocalStrategy(auth.verifyLocalUser))
 	},
 
 	login: function (req, res, next) {
 		passport.authenticate("local", function(err, user, info){
-			if (err) {
+			if (err || ! user) {
 				return res.json({ error: err });
 			}
-			if (! user) {
-				return info ? res.json(info) : res.redirect("/login");
-			}
 			
 			req.logIn(user, function(err) {
 				if (err) { return next(err); }
-				return res.json({ status: "OK", user: user, returnTo: returnTo || "/profile" })
+				User.findAll({ where: { access: 2 }, attributes: ['id','name'] }).success(function(hosts){
+					return res.json({
+						status: "OK",
+						user: user,
+						hosts: hosts,
+						returnTo: returnTo || "/profile"
+					})
+				})
 			});
 		})(req, res, next);
 	},
@@ -58,7 +62,6 @@ var auth = {
 	verifyLocalUser: function (username, password, done) {
 		if (username == "protocolsnyc" && password == "madhousenyc") {
 			return done(null, auth.guestUser)
-			return
 		}
 		User.findByUsername(username, function(err, user){
 			if (err) { return done(err); }
diff --git a/server/index.js b/server/index.js
index 42092f6..105e4ee 100644
--- a/server/index.js
+++ b/server/index.js
@@ -61,16 +61,16 @@ site.setup = function(){
   app.use(bodyParser());
   app.use(multer());
   app.use(express.query());
-  app.use(csurf);
+//  app.use(csurf);
   app.use(methodOverride());
-//   app.use(passport.initialize());
-//   app.use(passport.session());
+  app.use(passport.initialize());
+  app.use(passport.session());
   app.enable('trust proxy')
   app.get('env') === 'development' && app.use(errorHandler());
 
   // Essential middleware
   // app.all('*', middleware.enableCORS);
-  app.all('*', middleware.ensureLocals);
+  // app.all('*', middleware.ensureLocals);
 
   server = http.createServer(app)
   server.listen(app.get('port'), function () {
diff --git a/server/middleware.js b/server/middleware.js
index a834822..67fb732 100644
--- a/server/middleware.js
+++ b/server/middleware.js
@@ -1,21 +1,7 @@
 
 /* jshint node: true */
 
-var passport = require('passport'),
-	_ = require('lodash'),
-	config = require('../config.json');
-
-
 var middleware = {
-
-	enableCORS: function (req, res, next) {
-		res.header('Access-Control-Allow-Credentials', true);
-		// TODO Check https vs. http
-		res.header('Access-Control-Allow-Origin', '*');
-		res.header('Access-Control-Allow-Headers', 'X-Requested-With');
-		next();
-	},
-
 	ensureAuthenticated: function (req, res, next) {
 		if (! req.isAuthenticated()) {
 			req.session.returnTo = req.path;
@@ -23,24 +9,6 @@ var middleware = {
 		}
 		next();
 	},
-
-	ensureIsStaff: function (req, res, next) {
-		if (! req.user.isStaff) {
-			return res.redirect('http://' + config.host + '/');
-		}
-		next();
-	},
-
-	ensureLocals: function (req, res, next) {
-		res.locals.token = req.csrfToken();
-		res.locals.logged_in = req.isAuthenticated()
-		res.locals.user = req.user || {}
-		res.locals.config = config
-		res.locals.profile = null
-		res.locals.opt = {}
-		next()
-	},
-
 }
 
 module.exports = middleware