score-tracker/routes/manage.js

var express = require('express');
var router = express.Router();
var genders = require('../database/scores/genders');
var games = require('../database/scores/games');
var seasons = require('../database/scores/seasons');
var sports = require('../database/scores/sports');
var divisions = require('../database/scores/divisions');
var genders = require('../database/scores/genders');
var teams = require('../database/scores/teams');
var accounts = require('../database/accounts/accounts');

function userLoggedIn(req, res, next) {
  if (req.user) {
    next();
  }
  else {
    res.redirect('/auth/login');
  }
}

function adminLoggedIn(req, res, next) {
  if (req.user && req.user[2]) {
    next();
  }
  else {
    req.flash('error', 'An admin account is required to access this page.');
    res.redirect('/auth/login');
  }
}


router.get('/' ,userLoggedIn, function(req, res, next) {
  if(req.user[2]) res.render('manage', { title: 'Score Management', userLoggedIn: !!req.user });
  else res.render('manage/manage-nonadmin', { title: "My Games", userLoggedIn: !!req.user });
});

router.get('/game', userLoggedIn, function(req, res, next) {
  let title = req.query.game ? 'Edit Game' : 'Submit Score'
  
  res.render('manage/addgame', { title, userLoggedIn: !!req.user });
});

router.post('/game', userLoggedIn, function(req, res, next) {
  const seasonID = req.body['year'];
  const sportID = req.body['sport'];
  const gender = (req.body['gender'] == "female") ? genders.FEMALE : genders.MALE;
  const divisionID = req.body['division'];
  const date = req.body['date'];
  const team1ID = req.body['team1'];
  const team1Score = req.body['team1-score'];
  const team2ID = req.body['team2'];
  const team2Score = req.body['team2-score'];
  const userID = req.user[0];

  const id = req.body['game'];
  const remove = req.body['remove'];

  const loggedInUserID = req.user[0];
  const loggedInUserIsAdmin = req.user[2];

  games.getFromID(id)
    .then(game => {
      if(!loggedInUserIsAdmin && loggedInUserID != game.submitterID) {
        res.status(403).send("ACCESS DENIED");
      }
      else if(remove) games.remove(id)
              .then(res.redirect("/manage"));
      else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score)
              .then(res.redirect('/manage'));
      else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID)
              .then(res.redirect("/"));
    });
});

router.get('/season', adminLoggedIn, function(req, res, next) {
  res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear(), userLoggedIn: !!req.user });
});

router.post('/season', adminLoggedIn, function(req, res, next) {
  const year = req.body['year'];

  const seasonID = req.body['season'];
  const remove = req.body['remove'];

  if(remove) seasons.remove(seasonID).then(res.redirect('/manage'));
  else seasons.add(year).then(res.redirect("/manage"));
});

router.get('/sport', adminLoggedIn, function(req, res, next) {
  res.render('manage/addsport', { title: 'Add Sport', userLoggedIn: !!req.user });
});

router.post('/sport', adminLoggedIn, function(req, res, next) {
  const name = req.body['name'];
  const id = req.body['sport'];
  const remove = req.body['remove'];

  if(remove) sports.remove(id).then(res.redirect('/manage'));
  else if(id) sports.rename(id, name).then(res.redirect('/manage'));
  else sports.add(name).then(res.redirect('/manage'));
});

router.get('/division', adminLoggedIn, function(req, res, next) {
  let title = req.query.division ? 'Edit Division' : 'Add Division'

  res.render('manage/adddivision', { title, userLoggedIn: !!req.user });
});

router.post('/division', adminLoggedIn, function(req, res, next) {
  const name = req.body['name'];
  const sport = req.body['sport'];
  const genderName = req.body['gender'];

  const id = req.body['division'];
  const remove = req.body['remove'];


  if(remove) divisions.remove(id).then(res.redirect('/manage'));
  else if(id) divisions.rename(id, name).then(res.redirect('/manage'));
  else {
    if(genderName == "both") {
      divisions.add(name, genders.FEMALE, sport)
        .then(divisions.add(name, genders.MALE, sport)
          .then(res.redirect("/manage")));
    }
    else {
      const gender = (genderName == "female") ? genders.FEMALE : genders.MALE;
      divisions.add(name, gender, sport)
        .then(res.redirect("/manage"));
    }
  }
});

router.get('/team', adminLoggedIn, function(req, res, next) {
  let title = req.query.team ? 'Edit Team' : 'Add Team'

  res.render('manage/addteam', { title, userLoggedIn: !!req.user });
});

router.post('/team', adminLoggedIn, function(req, res, next) {
  const name = req.body['name'];
  const sport = req.body['sport'];

  const id = req.body['team'];
  const remove = req.body['remove'];

  if(remove) teams.remove(id).then(res.redirect('/manage'));
  else if(id) teams.rename(id, name).then(res.redirect('/manage'));
  else teams.add(name, sport).then(res.redirect("/manage"));
});

router.get('/account', userLoggedIn, (req, res, next) => {
  const userIsAdmin = req.user[2];
  const accountID = req.user[0];
  
  if(userIsAdmin) {
    let title = req.query.account ? 'Manage User' : 'Create User'

    res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') });  
  }
  else {
    let title = 'Manage Account';

    res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') });  
  }
});

router.post('/account', userLoggedIn, async function(req, res, next) {
  const email = req.body.email;
  const password = req.body.password;

  const accountID = req.body.account;
  const remove = req.body.remove;

  const loggedInAccountIsAdmin = req.user[2];
  const loggedInAccountID = req.user[0];

  if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) {
    res.status(403).send("ACCESS DENIED");
  }
  else {
    try {
      const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;

      if(remove) await accounts.remove(accountID);
      else if(accountID) await accounts.edit(accountID, email, password, isAdmin);
      else await accounts.create(req.body.email, req.body.password, !!req.body.admin);

      res.redirect('/manage');  
    }
    catch (err) {
      console.error("ERROR: " + err.message);
      req.flash("error", "An error has occurred.");
      res.redirect('/manage/account');
    }
  }
});

module.exports = router;
Create files for /manage page 2021-11-22 06:17:43 +00:00			`var express = require('express');`
			`var router = express.Router();`
Move game submit page from /submit to /manage/addgame 2021-11-23 00:48:51 +00:00			`var genders = require('../database/scores/genders');`
			`var games = require('../database/scores/games');`
Create page to add season 2021-11-23 01:04:36 +00:00			`var seasons = require('../database/scores/seasons');`
Add page for adding sports 2021-11-23 01:47:40 +00:00			`var sports = require('../database/scores/sports');`
Add page to add divisions 2021-11-23 02:11:16 +00:00			`var divisions = require('../database/scores/divisions');`
			`var genders = require('../database/scores/genders');`
Add page to add teams 2021-11-23 02:17:23 +00:00			`var teams = require('../database/scores/teams');`
Add functionality to edit accounts 2021-11-25 19:40:19 +00:00			`var accounts = require('../database/accounts/accounts');`
Move game submit page from /submit to /manage/addgame 2021-11-23 00:48:51 +00:00
Require admin for certain pages 2021-11-25 04:40:33 +00:00			`function userLoggedIn(req, res, next) {`
			`if (req.user) {`
			`next();`
			`}`
			`else {`
			`res.redirect('/auth/login');`
			`}`
			`}`

			`function adminLoggedIn(req, res, next) {`
			`if (req.user && req.user[2]) {`
			`next();`
			`}`
			`else {`
Add ability to create user from admin panel 2021-11-25 05:29:29 +00:00			`req.flash('error', 'An admin account is required to access this page.');`
			`res.redirect('/auth/login');`
Require admin for certain pages 2021-11-25 04:40:33 +00:00			`}`
			`}`

Create files for /manage page 2021-11-22 06:17:43 +00:00
Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.get('/' ,userLoggedIn, function(req, res, next) {`
Add login/logout buttons 2021-11-26 19:37:09 +00:00			`if(req.user[2]) res.render('manage', { title: 'Score Management', userLoggedIn: !!req.user });`
			`else res.render('manage/manage-nonadmin', { title: "My Games", userLoggedIn: !!req.user });`
Create files for /manage page 2021-11-22 06:17:43 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.get('/game', userLoggedIn, function(req, res, next) {`
Add ability to edit games 2021-11-23 07:49:11 +00:00			`let title = req.query.game ? 'Edit Game' : 'Submit Score'`

Add login/logout buttons 2021-11-26 19:37:09 +00:00			`res.render('manage/addgame', { title, userLoggedIn: !!req.user });`
Move game submit page from /submit to /manage/addgame 2021-11-23 00:48:51 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.post('/game', userLoggedIn, function(req, res, next) {`
Move game submit page from /submit to /manage/addgame 2021-11-23 00:48:51 +00:00			`const seasonID = req.body['year'];`
			`const sportID = req.body['sport'];`
			`const gender = (req.body['gender'] == "female") ? genders.FEMALE : genders.MALE;`
			`const divisionID = req.body['division'];`
			`const date = req.body['date'];`
			`const team1ID = req.body['team1'];`
			`const team1Score = req.body['team1-score'];`
			`const team2ID = req.body['team2'];`
			`const team2Score = req.body['team2-score'];`
Add panel for non-admins to edit their own games 2021-11-26 02:21:21 +00:00			`const userID = req.user[0];`
Move game submit page from /submit to /manage/addgame 2021-11-23 00:48:51 +00:00
Add ability to edit games 2021-11-23 07:49:11 +00:00			`const id = req.body['game'];`
Fix bug regarding deleting games 2021-11-25 19:55:54 +00:00			`const remove = req.body['remove'];`
Add ability to edit games 2021-11-23 07:49:11 +00:00
Only allow non-admin users to edit their own games 2021-11-26 02:33:53 +00:00			`const loggedInUserID = req.user[0];`
			`const loggedInUserIsAdmin = req.user[2];`

			`games.getFromID(id)`
			`.then(game => {`
			`if(!loggedInUserIsAdmin && loggedInUserID != game.submitterID) {`
			`res.status(403).send("ACCESS DENIED");`
			`}`
			`else if(remove) games.remove(id)`
			`.then(res.redirect("/manage"));`
			`else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score)`
			`.then(res.redirect('/manage'));`
			`else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID)`
Set redirect to root when game is added 2021-11-26 20:19:20 +00:00			`.then(res.redirect("/"));`
Only allow non-admin users to edit their own games 2021-11-26 02:33:53 +00:00			`});`
Move game submit page from /submit to /manage/addgame 2021-11-23 00:48:51 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.get('/season', adminLoggedIn, function(req, res, next) {`
Add login/logout buttons 2021-11-26 19:37:09 +00:00			`res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear(), userLoggedIn: !!req.user });`
Create page to add season 2021-11-23 01:04:36 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.post('/season', adminLoggedIn, function(req, res, next) {`
Create page to add season 2021-11-23 01:04:36 +00:00			`const year = req.body['year'];`

Add ability to delete seasons 2021-11-23 21:48:19 +00:00			`const seasonID = req.body['season'];`
			`const remove = req.body['remove'];`

			`if(remove) seasons.remove(seasonID).then(res.redirect('/manage'));`
			`else seasons.add(year).then(res.redirect("/manage"));`
Create page to add season 2021-11-23 01:04:36 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.get('/sport', adminLoggedIn, function(req, res, next) {`
Add login/logout buttons 2021-11-26 19:37:09 +00:00			`res.render('manage/addsport', { title: 'Add Sport', userLoggedIn: !!req.user });`
Add page for adding sports 2021-11-23 01:47:40 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.post('/sport', adminLoggedIn, function(req, res, next) {`
Add page for adding sports 2021-11-23 01:47:40 +00:00			`const name = req.body['name'];`
Add ability to edit sports in manage page 2021-11-23 05:03:02 +00:00			`const id = req.body['sport'];`
Add ability to remove sports 2021-11-23 05:10:47 +00:00			`const remove = req.body['remove'];`
Add page for adding sports 2021-11-23 01:47:40 +00:00
Add ability to remove sports 2021-11-23 05:10:47 +00:00			`if(remove) sports.remove(id).then(res.redirect('/manage'));`
			`else if(id) sports.rename(id, name).then(res.redirect('/manage'));`
Add ability to edit sports in manage page 2021-11-23 05:03:02 +00:00			`else sports.add(name).then(res.redirect('/manage'));`
Add page for adding sports 2021-11-23 01:47:40 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.get('/division', adminLoggedIn, function(req, res, next) {`
Add ability to edit divisions 2021-11-23 06:23:57 +00:00			`let title = req.query.division ? 'Edit Division' : 'Add Division'`

Add login/logout buttons 2021-11-26 19:37:09 +00:00			`res.render('manage/adddivision', { title, userLoggedIn: !!req.user });`
Add page to add divisions 2021-11-23 02:11:16 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.post('/division', adminLoggedIn, function(req, res, next) {`
Add page to add divisions 2021-11-23 02:11:16 +00:00			`const name = req.body['name'];`
			`const sport = req.body['sport'];`
			`const genderName = req.body['gender'];`

Add ability to edit divisions 2021-11-23 06:23:57 +00:00			`const id = req.body['division'];`
			`const remove = req.body['remove'];`


			`if(remove) divisions.remove(id).then(res.redirect('/manage'));`
			`else if(id) divisions.rename(id, name).then(res.redirect('/manage'));`
Add page to add divisions 2021-11-23 02:11:16 +00:00			`else {`
Add ability to edit divisions 2021-11-23 06:23:57 +00:00			`if(genderName == "both") {`
			`divisions.add(name, genders.FEMALE, sport)`
			`.then(divisions.add(name, genders.MALE, sport)`
			`.then(res.redirect("/manage")));`
			`}`
			`else {`
			`const gender = (genderName == "female") ? genders.FEMALE : genders.MALE;`
			`divisions.add(name, gender, sport)`
			`.then(res.redirect("/manage"));`
			`}`
Add page to add divisions 2021-11-23 02:11:16 +00:00			`}`
			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.get('/team', adminLoggedIn, function(req, res, next) {`
Add ability to edit teams 2021-11-23 06:45:24 +00:00			`let title = req.query.team ? 'Edit Team' : 'Add Team'`

Add login/logout buttons 2021-11-26 19:37:09 +00:00			`res.render('manage/addteam', { title, userLoggedIn: !!req.user });`
Add page to add teams 2021-11-23 02:17:23 +00:00			`});`

Require admin for certain pages 2021-11-25 04:40:33 +00:00			`router.post('/team', adminLoggedIn, function(req, res, next) {`
Add page to add teams 2021-11-23 02:17:23 +00:00			`const name = req.body['name'];`
			`const sport = req.body['sport'];`

Add ability to edit teams 2021-11-23 06:45:24 +00:00			`const id = req.body['team'];`
			`const remove = req.body['remove'];`

			`if(remove) teams.remove(id).then(res.redirect('/manage'));`
			`else if(id) teams.rename(id, name).then(res.redirect('/manage'));`
			`else teams.add(name, sport).then(res.redirect("/manage"));`
Add page to add teams 2021-11-23 02:17:23 +00:00			`});`

Add ability for non-admin users to manage their account 2021-11-26 19:08:45 +00:00			`router.get('/account', userLoggedIn, (req, res, next) => {`
			`const userIsAdmin = req.user[2];`
			`const accountID = req.user[0];`

			`if(userIsAdmin) {`
			`let title = req.query.account ? 'Manage User' : 'Create User'`

Improve error handling for account management 2021-11-26 22:41:36 +00:00			`res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') });`
Add ability for non-admin users to manage their account 2021-11-26 19:08:45 +00:00			`}`
			`else {`
			`let title = 'Manage Account';`
Create client layout for managing users 2021-11-25 19:17:53 +00:00
Improve error handling for account management 2021-11-26 22:41:36 +00:00			`res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') });`
Add ability for non-admin users to manage their account 2021-11-26 19:08:45 +00:00			`}`
Add ability to create user from admin panel 2021-11-25 05:29:29 +00:00			`});`

Improve error handling for account management 2021-11-26 22:41:36 +00:00			`router.post('/account', userLoggedIn, async function(req, res, next) {`
Add functionality to edit accounts 2021-11-25 19:40:19 +00:00			`const email = req.body.email;`
			`const password = req.body.password;`

			`const accountID = req.body.account;`
Add functions to remove account 2021-11-25 19:49:31 +00:00			`const remove = req.body.remove;`
Add functionality to edit accounts 2021-11-25 19:40:19 +00:00
Add ability for non-admin users to manage their account 2021-11-26 19:08:45 +00:00			`const loggedInAccountIsAdmin = req.user[2];`
			`const loggedInAccountID = req.user[0];`

			`if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) {`
			`res.status(403).send("ACCESS DENIED");`
			`}`
			`else {`
Improve error handling for account management 2021-11-26 22:41:36 +00:00			`try {`
			`const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;`

			`if(remove) await accounts.remove(accountID);`
			`else if(accountID) await accounts.edit(accountID, email, password, isAdmin);`
			`else await accounts.create(req.body.email, req.body.password, !!req.body.admin);`
Add ability for non-admin users to manage their account 2021-11-26 19:08:45 +00:00
Improve error handling for account management 2021-11-26 22:41:36 +00:00			`res.redirect('/manage');`
			`}`
			`catch (err) {`
			`console.error("ERROR: " + err.message);`
			`req.flash("error", "An error has occurred.");`
			`res.redirect('/manage/account');`
			`}`
Add ability for non-admin users to manage their account 2021-11-26 19:08:45 +00:00			`}`
Add functionality to edit accounts 2021-11-25 19:40:19 +00:00			`});`

Create files for /manage page 2021-11-22 06:17:43 +00:00			`module.exports = router;`