var express = require('express'); var router = express.Router(); var genders = require('../database/scores/genders'); var games = require('../database/scores/games'); var seasons = require('../database/scores/seasons'); var sports = require('../database/scores/sports'); var divisions = require('../database/scores/divisions'); var genders = require('../database/scores/genders'); var teams = require('../database/scores/teams'); var accounts = require('../database/accounts/accounts'); var checkLoginStatus = require('./checkLoginStatus'); router.get('/' ,checkLoginStatus.user, function(req, res, next) { if(req.user[2]) res.render('manage', { title: 'Management Panel', userLoggedIn: !!req.user }); else res.render('manage/manage-nonadmin', { title: "My Games", userLoggedIn: !!req.user }); }); router.get('/game', checkLoginStatus.user, function(req, res, next) { let title = req.query.game ? 'Edit Game' : 'Submit Score' res.render('manage/addgame', { title, userLoggedIn: !!req.user, message: req.flash('error') }); }); router.post('/game', checkLoginStatus.user, async function(req, res, next) { const id = req.body['game']; const remove = req.body['remove']; try { const seasonID = req.body['year']; const sportID = req.body['sport']; const gender = (req.body['gender'] == "female") ? genders.FEMALE : genders.MALE; const divisionID = req.body['division']; const date = req.body['date']; const team1ID = req.body['team1']; const team1Score = req.body['team1-score']; const team2ID = req.body['team2']; const team2Score = req.body['team2-score']; const userID = req.user[0]; const loggedInUserID = req.user[0]; const loggedInUserIsAdmin = req.user[2]; const game = id ? await games.getFromID(id) : null; if(!loggedInUserIsAdmin && game && loggedInUserID != game.submitterID) { res.status(403).send("ACCESS DENIED"); } else if(remove) { await games.remove(id); res.redirect("/manage"); } else if(id) { await games.edit(id, divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score); res.redirect('/manage'); } else { await games.add(divisionID, seasonID, date, team1ID, team2ID, team1Score, team2Score, userID); res.redirect('/'); } } catch(err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); res.redirect('/manage/game' + (id ? `?game=${id}` : '')); } }); router.get('/season', checkLoginStatus.admin, function(req, res, next) { res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear(), userLoggedIn: !!req.user, message: req.flash('error') }); }); router.post('/season', checkLoginStatus.admin, async function(req, res, next) { const seasonID = req.body['season']; const remove = req.body['remove']; try { const year = req.body['year']; if(remove) await seasons.remove(seasonID); else await seasons.add(year); res.redirect('/manage'); } catch(err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); res.redirect('/manage/season' + (seasonID ? `?season=${seasonID}` : '')); } }); router.get('/sport', checkLoginStatus.admin, function(req, res, next) { let title = req.query.sport ? 'Edit Sport' : 'Add Sport'; res.render('manage/addsport', { title, userLoggedIn: !!req.user, message: req.flash('error') }); }); router.post('/sport', checkLoginStatus.admin, async function(req, res, next) { const id = req.body['sport']; const remove = req.body['remove']; try { const name = req.body['name']; if(remove) await sports.remove(id); else if(id) await sports.rename(id, name); else await sports.add(name); res.redirect('/manage'); } catch(err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); res.redirect('/manage/sport' + (id ? `?sport=${id}` : '')); } }); router.get('/division', checkLoginStatus.admin, function(req, res, next) { let title = req.query.division ? 'Edit Division' : 'Add Division' res.render('manage/adddivision', { title, userLoggedIn: !!req.user, message: req.flash('error') }); }); router.post('/division', checkLoginStatus.admin, async function(req, res, next) { const id = req.body['division']; const remove = req.body['remove']; try { const name = req.body['name']; const sport = req.body['sport']; const genderName = req.body['gender']; if(remove) await divisions.remove(id); else if(id) await divisions.rename(id, name); else { if(genderName == 'both') { await divisions.add(name, genders.FEMALE, sport); await divisions.add(name, genders.MALE, sport); } else { const gender = (genderName == "female") ? genders.FEMALE : genders.MALE; await divisions.add(name, gender, sport); } } res.redirect('/manage'); } catch(err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); res.redirect('/manage/division' + (id ? `?division=${id}` : '')); } }); router.get('/team', checkLoginStatus.admin, function(req, res, next) { let title = req.query.team ? 'Edit Team' : 'Add Team' res.render('manage/addteam', { title, userLoggedIn: !!req.user, message: req.flash('error') }); }); router.post('/team', checkLoginStatus.admin, async function(req, res, next) { const id = req.body['team']; const remove = req.body['remove']; try { const name = req.body['name']; const sport = req.body['sport']; if(remove) teams.remove(id).then(res.redirect('/manage')); else if(id) teams.rename(id, name).then(res.redirect('/manage')); else teams.add(name, sport).then(res.redirect("/manage")); } catch(err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); res.redirect('/manage/team' + (id ? `?team=${id}` : '')); } }); router.get('/account', checkLoginStatus.user, (req, res, next) => { const userIsAdmin = req.user[2]; const accountID = req.user[0]; if(userIsAdmin) { let title = req.query.account ? 'Manage User' : 'Create User' res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') }); } else { let title = 'Manage Account'; res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') }); } }); router.post('/account', checkLoginStatus.user, async function(req, res, next) { const email = req.body.email; const password = req.body.password; const accountID = req.body.account; const remove = req.body.remove; const loggedInAccountIsAdmin = req.user[2]; const loggedInAccountID = req.user[0]; if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) { res.status(403).send("ACCESS DENIED"); } else { try { const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false; if(remove) await accounts.remove(accountID); else if(accountID) await accounts.edit(accountID, email, password, isAdmin); else await accounts.create(req.body.email, req.body.password, !!req.body.admin); res.redirect('/manage'); } catch (err) { console.error("ERROR: " + err.message); req.flash("error", "An error has occurred."); let URL = '/manage/account'; if(loggedInAccountIsAdmin && accountID) URL += `?account=${accountID}`; res.redirect(URL); } } }); module.exports = router;