Only allow non-admin users to edit their own games
sudoer777
parent
bd5b393a27
commit
79123c14bd
|
|
@ -5,7 +5,7 @@ const database = require('./../database');
|
||||||
|
|
||||||
|
|
||||||
class Game {
|
class Game {
|
||||||
constructor(id, date, team1ID, team2ID, team1Score, team2Score, divisionID, seasonID) {
|
constructor(id, date, team1ID, team2ID, team1Score, team2Score, divisionID, seasonID, submitterID) {
|
||||||
this.id = id;
|
this.id = id;
|
||||||
this.date = date;
|
this.date = date;
|
||||||
this.team1ID = team1ID;
|
this.team1ID = team1ID;
|
||||||
|
|
@ -14,6 +14,7 @@ class Game {
|
||||||
this.team2Score = team2Score;
|
this.team2Score = team2Score;
|
||||||
this.divisionID = divisionID;
|
this.divisionID = divisionID;
|
||||||
this.seasonID = seasonID;
|
this.seasonID = seasonID;
|
||||||
|
this.submitterID = submitterID;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -100,11 +101,11 @@ async function edit(gameID, divisionID, seasonID, date, team1ID, team2ID, team1S
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getFromID(gameID) {
|
async function getFromID(gameID) {
|
||||||
const query = `SELECT game_id, division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score
|
const query = `SELECT game_id, division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score, submitter_id
|
||||||
FROM scores.games
|
FROM scores.games
|
||||||
WHERE game_id = $1;`;
|
WHERE game_id = $1;`;
|
||||||
const row = (await database.executeQuery(query, [gameID]))[0];
|
const row = (await database.executeQuery(query, [gameID]))[0];
|
||||||
return new Game(row[0], row[3].toISOString().slice(0,10), row[4], row[5], row[6], row[7], row[1], row[2]);
|
return new Game(row[0], row[3].toISOString().slice(0,10), row[4], row[5], row[6], row[7], row[1], row[2], row[8]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,13 +55,22 @@ router.post('/game', userLoggedIn, function(req, res, next) {
|
||||||
const id = req.body['game'];
|
const id = req.body['game'];
|
||||||
const remove = req.body['remove'];
|
const remove = req.body['remove'];
|
||||||
|
|
||||||
if(remove) games.remove(id)
|
const loggedInUserID = req.user[0];
|
||||||
|
const loggedInUserIsAdmin = req.user[2];
|
||||||
|
|
||||||
|
games.getFromID(id)
|
||||||
|
.then(game => {
|
||||||
|
if(!loggedInUserIsAdmin && loggedInUserID != game.submitterID) {
|
||||||
|
res.status(403).send("ACCESS DENIED");
|
||||||
|
}
|
||||||
|
else if(remove) games.remove(id)
|
||||||
.then(res.redirect("/manage"));
|
.then(res.redirect("/manage"));
|
||||||
else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score)
|
else if(id) games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score)
|
||||||
.then(res.redirect('/manage'));
|
.then(res.redirect('/manage'));
|
||||||
else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID)
|
else games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID)
|
||||||
.then(res.redirect("/manage"));
|
.then(res.redirect("/manage"));
|
||||||
});
|
});
|
||||||
|
});
|
||||||
|
|
||||||
router.get('/season', adminLoggedIn, function(req, res, next) {
|
router.get('/season', adminLoggedIn, function(req, res, next) {
|
||||||
res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear() });
|
res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear() });
|
||||||
|
|
|
||||||
Reference in New Issue