X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FChallenge.js;h=dea0ac3908d1a3baaecaeb77cf2e6662585cb558;hb=0234201fb338fc239d6f613c677fa932c7c3697c;hp=243da709d697f3dac38e7b4f06bfbb8040b95bfd;hpb=7ba4a5bc5b64e19a1e7f26aa232d5c50770d07ad;p=vchess.git

diff --git a/server/models/Challenge.js b/server/models/Challenge.js
index 243da709..dea0ac39 100644
--- a/server/models/Challenge.js
+++ b/server/models/Challenge.js
@@ -13,38 +13,34 @@ const UserModel = require("./User");
  *   cadence: string (3m+2s, 7d ...)
  */
 
-const ChallengeModel =
-{
-  checkChallenge: function(c)
-  {
+const ChallengeModel = {
+  checkChallenge: function(c) {
     return (
       c.vid.toString().match(/^[0-9]+$/) &&
       c.cadence.match(/^[0-9dhms +]+$/) &&
       c.randomness.toString().match(/^[0-2]$/) &&
       c.fen.match(/^[a-zA-Z0-9, /-]*$/) &&
-      (!c.to || UserModel.checkNameEmail({name: c.to}))
+      (!c.to || UserModel.checkNameEmail({ name: c.to }))
     );
   },
 
-  create: function(c, cb)
-  {
+  create: function(c, cb) {
     db.serialize(function() {
       const query =
         "INSERT INTO Challenges " +
-          "(added, uid, " + (!!c.to ? "target, " : "") +
+          "(added, uid, " + (c.to ? "target, " : "") +
           "vid, randomness, fen, cadence) " +
         "VALUES " +
-          "(" + Date.now() + "," + c.uid + "," + (!!c.to ? c.to + "," : "") +
+          "(" + Date.now() + "," + c.uid + "," + (c.to ? c.to + "," : "") +
           c.vid + "," + c.randomness + ",'" + c.fen + "','" + c.cadence + "')";
       db.run(query, function(err) {
-        cb(err, {cid: this.lastID});
+        cb(err, { id: this.lastID });
       });
     });
   },
 
   // All challenges related to user with ID uid
-  getByUser: function(uid, cb)
-  {
+  getByUser: function(uid, cb) {
     db.serialize(function() {
       const query =
         "SELECT * " +
@@ -52,14 +48,13 @@ const ChallengeModel =
         "WHERE target IS NULL" +
           " OR uid = " + uid +
           " OR target = " + uid;
-      db.all(query, (err,challenges) => {
+      db.all(query, (err, challenges) => {
         cb(err, challenges);
       });
     });
   },
 
-  remove: function(id)
-  {
+  remove: function(id) {
     db.serialize(function() {
       const query =
         "DELETE FROM Challenges " +
@@ -68,13 +63,14 @@ const ChallengeModel =
     });
   },
 
-  safeRemove: function(id, uid)
-  {
+  safeRemove: function(id, uid) {
     db.serialize(function() {
       const query =
         "SELECT 1 " +
         "FROM Challenges " +
-        "WHERE id = " + id + " AND uid = " + uid;
+        "WHERE id = " + id + " " +
+          // Condition: I'm the sender or the target
+          "AND (uid = " + uid + " OR target = " + uid + ")";
       db.get(query, (err,chall) => {
         if (!err && chall)
           ChallengeModel.remove(id);