4 files changed, 104 insertions, 2 deletions

diff --git a/server/lib/api/collaborator.js b/server/lib/api/collaborator.js
new file mode 100644
index 0000000..1fda01b
--- /dev/null
+++ b/server/lib/api/collaborator.js
@@ -0,0 +1,89 @@
+/* jshint node: true */
+
+var _ = require('lodash'),
+  auth = require('../auth'),
+	util = require('../util'),
+	upload = require('../upload'),
+	config = require('../../../config.json'),
+	User = require('../schemas/User'),
+	Collaborator = require('../schemas/Collaborator'),
+	Project = require('../schemas/Project');
+
+var collaborator = {
+
+	join: function(req, res){
+	  var nonce = req.params.nonce
+	  if (! nonce || ! nonce.length) { return res.json({ error: "invalid invite code" }) }
+	  Collaborator.findOne({ nonce: nonce }, function(err, collaborator){
+	    if (err || ! collaborator) { return res.json({ error: "can't find collaborator" }) }
+	    collaborator.user_id = req.user._id
+	    collaborator.nonce = ""
+			collaborator.save(function(err, collaborator){
+        Project.findOne({ _id: collaborator.project_id }, function(err, project){
+          if (err || ! project) { return res.json({ error: err }) }
+          res.redirect("/project/" + project.slug + "/edit")
+        })
+      })
+	  })
+	},
+
+  //
+
+  index: function(req, res){
+    if (! req.project) {
+      return res.json({ error: "can't find project" })
+    }
+    if (String(req.project.user_id) !== String(req.user._id)) { return res.json({ error: "insufficient permission" }) }
+    Collaborator.find({ project_id: req.project._id }, function(err, collaborators){
+      var user_ids = _.pluck(collaborators, "user_id").filter(function(id){ return !! id })
+      User.find({ _id: user_ids }, "username displayName photo", function(err, users){
+        if (! user_ids) {
+          return res.json(collaborators)          
+        }
+        var userIndex = _.indexBy(users, '_id')
+        collaborators = collaborators.map(function(collaborator){
+          var obj = collaborator.toObject()
+          obj.user = userIndex[ obj.user_id ]
+          return obj
+        })
+        collaborators.unshift( { user: req.user.toObject(), owner: true } )
+        res.json(collaborators)
+      })
+    })
+  },
+
+	create: function(req, res){
+    if (! req.project) {
+      return res.json({ error: "can't find project" })
+    }
+		var data = util.cleanQuery(req.body)
+    data.email = util.trim( util.sanitize( data.email ) )
+		data.project_id = req.project._id
+		delete data.user_id
+
+    Collaborator.makeNonce(function(nonce){
+      data.nonce = nonce
+
+      new Collaborator(data).save(function(err, collaborator){
+        if (err || ! collaborator) { return res.json({ error: err }) }
+        console.log(collaborator)
+        res.json(collaborator)
+				auth.mail.collaborator(req.project, req.user, collaborator, function(){})
+      })
+    })
+	},
+	
+	destroy: function(req, res){
+    if (! req.project) {
+      return res.json({ error: "can't find project" })
+    }
+    if (String(req.project.user_id) !== String(req.user._id)) {
+      return res.json({ error: "insufficient permission" })
+    }
+    Collaborator.remove({ _id: req.body._id }, function(err){
+      res.json({ status: "OK" })
+    })
+	}
+}
+
+module.exports = collaborator
diff --git a/server/lib/api/index.js b/server/lib/api/index.js
index bfe3632..ad86daa 100644
--- a/server/lib/api/index.js
+++ b/server/lib/api/index.js
@@ -6,6 +6,7 @@ var api = {
 	media: require('./media'),
 	profile: require('./profile'),
 	projects: require('./projects'),
+	collaborator: require('./collaborator'),
 }
 
 module.exports = api
diff --git a/server/lib/api/media.js b/server/lib/api/media.js
index 16f9d41..1eb08c1 100644
--- a/server/lib/api/media.js
+++ b/server/lib/api/media.js
@@ -8,8 +8,13 @@ var _ = require('lodash'),
 	Media = require('../schemas/Media');
 
 var media = {
+
 	user: function(req, res){
-		Media.find({ user_id: req.user._id }, function(err, media){
+	  var query = { user_id: req.user._id }
+	  if (req.query.tag) {
+	    query.tag = req.query.tag
+	  }
+		Media.find(query, function(err, media){
 			res.json(media || [])
 		})
 	},
@@ -18,10 +23,14 @@ var media = {
 		var data = util.cleanQuery(req.body)
 		data.user_id = req.user._id
 		data.created_at = new Date ()
+		
+		if (data.tag) {
+		  data.tag = util.sanitize(data.tag)
+		}
 
 		new Media(data).save(function(err, rec){
 			if (err || ! rec) { return res.json({ error: err }) }
-			return res.json(rec) 
+			return res.json(rec)
 		})
 	},
 	
diff --git a/server/lib/api/projects.js b/server/lib/api/projects.js
index bd3cb81..2a5beff 100644
--- a/server/lib/api/projects.js
+++ b/server/lib/api/projects.js
@@ -39,6 +39,7 @@ var projects = {
 		data.rooms = JSON.parse(data.rooms)
 		data.walls = JSON.parse(data.walls)
 		data.media = JSON.parse(data.media)
+		data.colors = JSON.parse(data.colors)
 		data.startPosition = JSON.parse(data.startPosition)
 
 		upload.put("projects", req.files.thumbnail, {
@@ -91,8 +92,10 @@ var projects = {
 			Project.findOne({ _id: _id }, function(err, doc){
 				if (err || ! doc) { return res.json({ error: err }) }
 				_.extend(doc, data)
+				
 				doc.rooms = JSON.parse(data.rooms)
 				doc.walls = JSON.parse(data.walls)
+				doc.colors = JSON.parse(data.colors)
 				doc.media = JSON.parse(data.media)
 				doc.startPosition = JSON.parse(data.startPosition)