+ const ids = req.query["ids"];
+ if (ids.match(/^([0-9]+,?)+$/)) //NOTE: slightly too permissive
+ {
+ UserModel.getByIds(ids, (err,users) => {
+ res.json({users:users});
+ });
+ }
+});
+
+router.put('/update', access.logged, access.ajax, (req,res) => {
+ const name = req.body.name;
+ const email = req.body.email;
+ if (UserModel.checkNameEmail({name: name, email: email}));
+ {
+ const user = {
+ id: req.userId,
+ name: name,
+ email: email,
+ notify: !!req.body.notify,
+ };
+ UserModel.updateSettings(user);
+ res.json({});
+ }
+});
+
+// Special route to update newsRead timestamp:
+router.put('/newsread', access.logged, access.ajax, (req,res) => {
+ UserModel.setNewsRead(req.userId);
+ res.json({});