diff --git a/database/scores/games.js b/database/scores/games.js index 4c5b22e..aa33213 100644 --- a/database/scores/games.js +++ b/database/scores/games.js @@ -5,7 +5,7 @@ const database = require('./../database'); class Game { - constructor(id, date, team1ID, team2ID, team1Score, team2Score, divisionID, seasonID, submitterID) { + constructor(id, date, team1ID, team2ID, team1Score, team2Score, divisionID, seasonID, submitterID, submitterName) { this.id = id; this.date = date; this.team1ID = team1ID; @@ -15,17 +15,26 @@ class Game { this.divisionID = divisionID; this.seasonID = seasonID; this.submitterID = submitterID; + this.submitterName = submitterName; } } -async function add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID) { - const query = `INSERT INTO scores.games(division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score, submitter_id) - VALUES($1, $2, $3, $4, $5, $6, $7, $8) - RETURNING game_id;`; +async function add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, submitterID, submitterName = undefined) { + let id; + if(submitterName) { + const query = `INSERT INTO scores.games(division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score, submitter_name) + VALUES($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING game_id;`; + id = (await database.executeQuery(query, [divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, submitterName]))[0][0]; + } else { + const query = `INSERT INTO scores.games(division_id, season_id, game_date, team1_id, team2_id, team1_score, team2_score, submitter_id) + VALUES($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING game_id;`; + id = (await database.executeQuery(query, [divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, submitterID]))[0][0]; + } - const id = (await database.executeQuery(query, [divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID]))[0][0]; return new Game(id, date, team1ID, team2ID, team1Score, team2Score); } diff --git a/routes/manage.js b/routes/manage.js index d03bb2d..bad5f4c 100644 --- a/routes/manage.js +++ b/routes/manage.js @@ -29,7 +29,7 @@ router.get('/game', function(req, res, next) { } else { res.redirect('/auth/login'); - }; + } } else { next(); } @@ -40,7 +40,19 @@ router.get('/game', function(req, res, next) { res.render('manage/addgame', { title, userLoggedIn: !!req.user, message: req.flash('error') }); }); -router.post('/game', checkLoginStatus.user, async function(req, res, next) { +router.post('/game', function(req, res, next) { + if(!(process.env.PUBLIC_SUBMIT_PAGE && process.env.PUBLIC_SUBMIT_PAGE.toLowerCase() == 'true')) { + if (req.user) { + next(); + } + else { + res.redirect('/auth/login'); + } + } else { + next(); + } +}, + async function(req, res, next) { const id = req.body['game']; const remove = req.body['remove']; @@ -54,14 +66,20 @@ router.post('/game', checkLoginStatus.user, async function(req, res, next) { const team1Score = req.body['team1-score']; const team2ID = req.body['team2']; const team2Score = req.body['team2-score']; - const userID = req.user[0]; - - const loggedInUserID = req.user[0]; - const loggedInUserIsAdmin = req.user[2]; + const submitterName = req.body['name']; + + let submitterID; + let loggedInUserID; + let loggedInUserIsAdmin; + if(req.user) { + submitterID = req.user[0]; + loggedInUserID = req.user[0]; + loggedInUserIsAdmin = req.user[2]; + } const game = id ? await games.getFromID(id) : null; - if(!loggedInUserIsAdmin && game && loggedInUserID != game.submitterID) { + if((!loggedInUserIsAdmin && game && loggedInUserID != game.submitterID) || (!req.user && game)) { res.status(403).send("ACCESS DENIED"); } else if(remove) { @@ -73,7 +91,7 @@ router.post('/game', checkLoginStatus.user, async function(req, res, next) { res.redirect('/manage#games'); } else { - await games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID); + await games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, submitterID, submitterName); res.redirect('/'); } } catch(err) {