Fix pronlems edit by admins

[vchess.git] / server / models / Problem.js

diff --git a/server/models/Problem.js b/server/models/Problem.js
index 0e90025..9978d76 100644 (file)
--- a/server/models/Problem.js
+++ b/server/models/Problem.js
@@ -1,4 +1,4 @@
-var db = require("../utils/database");
+const db = require("../utils/database");
 
 /*
  * Structure:
@@ -11,21 +11,16 @@ var db = require("../utils/database");
  *   solution: text
  */
 
-const ProblemModel =
-{
-  checkProblem: function(p)
-  {
-    if (!p.id.toString().match(/^[0-9]+$/))
-      return "Wrong problem ID";
-    if (!p.vid.toString().match(/^[0-9]+$/))
-      return "Wrong variant ID";
-    if (!p.fen.match(/^[a-zA-Z0-9, /-]*$/))
-      return "Bad FEN string";
-    return "";
+const ProblemModel = {
+  checkProblem: function(p) {
+    return (
+      p.id.toString().match(/^[0-9]+$/) &&
+      p.vid.toString().match(/^[0-9]+$/) &&
+      p.fen.match(/^[a-zA-Z0-9, /-]*$/)
+    );
   },
 
-  create: function(p, cb)
-  {
+  create: function(p, cb) {
     db.serialize(function() {
       const query =
         "INSERT INTO Problems " +
@@ -33,76 +28,67 @@ const ProblemModel =
           "VALUES " +
         "(" + Date.now() + "," + p.uid + "," + p.vid + ",'" + p.fen  + "',?,?)";
       db.run(query, [p.instruction,p.solution], function(err) {
-        return cb(err, {pid: this.lastID});
+        cb(err, { id: this.lastID });
       });
     });
   },
 
-  getAll: function(cb)
-  {
+  getNext: function(uid, onlyMine, cursor, cb) {
+    let condition = "";
+    if (onlyMine) condition = "AND uid = " + uid + " ";
+    else if (!!uid) condition = "AND uid <> " + uid + " ";
     db.serialize(function() {
       const query =
         "SELECT * " +
-        "FROM Problems";
-      db.all(query, (err,problems) => {
-        return cb(err, problems);
+        "FROM Problems " +
+        "WHERE added < " + cursor + " " +
+        condition +
+        "ORDER BY added DESC " +
+        "LIMIT 20"; //TODO: 20 is arbitrary
+      db.all(query, (err, problems) => {
+        cb(err, problems);
       });
     });
   },
 
-  getOne: function(id, cb)
-  {
+  getOne: function(id, cb) {
     db.serialize(function() {
       const query =
         "SELECT * " +
         "FROM Problems " +
         "WHERE id = " + id;
-      db.get(query, (err,problem) => {
-        return cb(err, problem);
+      db.get(query, (err, problem) => {
+        cb(err, problem);
       });
     });
   },
 
-  update: function(prob, cb)
-  {
+  safeUpdate: function(prob, uid, devs) {
     db.serialize(function() {
-      let query =
+      let whereClause = "WHERE id = " + prob.id;
+      if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
+      const query =
         "UPDATE Problems " +
         "SET " +
           "vid = " + prob.vid + "," +
           "fen = '" + prob.fen + "'," +
           "instruction = ?," +
           "solution = ? " +
-        "WHERE id = " + prob.id;
-      db.run(query, [prob.instruction,prob.solution], cb);
+        whereClause;
+      db.run(query, [prob.instruction, prob.solution]);
     });
   },
 
-  remove: function(id)
-  {
+  safeRemove: function(id, uid, devs) {
     db.serialize(function() {
+      let whereClause = "WHERE id = " + prob.id;
+      if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
       const query =
         "DELETE FROM Problems " +
-        "WHERE id = " + id;
+        whereClause;
       db.run(query);
     });
   },
-
-  safeRemove: function(id, uid, cb)
-  {
-    db.serialize(function() {
-      const query =
-        "SELECT 1 " +
-        "FROM Problems " +
-        "WHERE id = " + id + " AND uid = " + uid;
-      db.get(query, (err,prob) => {
-        if (!prob)
-          return cb({errmsg: "Not your problem"});
-        ProblemModel.remove(id);
-        cb(null);
-      });
-    });
-  },
 }
 
 module.exports = ProblemModel;