projects
/
vchess.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix pronlems edit by admins
[vchess.git]
/
server
/
routes
/
news.js
diff --git
a/server/routes/news.js
b/server/routes/news.js
index
e1efbdd
..
e78020e
100644
(file)
--- a/
server/routes/news.js
+++ b/
server/routes/news.js
@@
-1,23
+1,22
@@
let router = require("express").Router();
const access = require("../utils/access");
let router = require("express").Router();
const access = require("../utils/access");
+const params = require("../config/parameters");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
-const devs = [1]; //hard-coded list of developers IDs, allowed to post news
router.post("/news", access.logged, access.ajax, (req,res) => {
router.post("/news", access.logged, access.ajax, (req,res) => {
- if (devs.includes(req.userId))
- {
+ if (params.devs.includes(req.userId)) {
const content = sanitizeHtml(req.body.news.content);
const content = sanitizeHtml(req.body.news.content);
- NewsModel.create(content, req.userId, (err,ret) => {
- res.json(err ||
{ id: ret.nid }
);
+ NewsModel.create(content, req.userId, (err,
ret) => {
+ res.json(err ||
ret
);
});
}
});
router.get("/news", access.ajax, (req,res) => {
const cursor = req.query["cursor"];
});
}
});
router.get("/news", access.ajax, (req,res) => {
const cursor = req.query["cursor"];
- if (cursor.match(/^[0-9]+$/)) {
- NewsModel.getNext(cursor, (err,newsList) => {
+ if (
!!cursor && !!
cursor.match(/^[0-9]+$/)) {
+ NewsModel.getNext(cursor, (err,
newsList) => {
res.json(err || { newsList: newsList });
});
}
res.json(err || { newsList: newsList });
});
}
@@
-25,14
+24,17
@@
router.get("/news", access.ajax, (req,res) => {
router.get("/newsts", access.ajax, (req,res) => {
// Special query for footer: just return timestamp of last news
router.get("/newsts", access.ajax, (req,res) => {
// Special query for footer: just return timestamp of last news
- NewsModel.getTimestamp((err,ts) => {
- res.json(err || { timestamp:
ts.added
});
+ NewsModel.getTimestamp((err,
ts) => {
+ res.json(err || { timestamp:
!!ts ? ts.added : 0
});
});
});
router.put("/news", access.logged, access.ajax, (req,res) => {
let news = req.body.news;
});
});
router.put("/news", access.logged, access.ajax, (req,res) => {
let news = req.body.news;
- if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
+ if (
+ params.devs.includes(req.userId) &&
+ news.id.toString().match(/^[0-9]+$/)
+ ) {
news.content = sanitizeHtml(news.content);
NewsModel.update(news);
res.json({});
news.content = sanitizeHtml(news.content);
NewsModel.update(news);
res.json({});
@@
-41,7
+43,10
@@
router.put("/news", access.logged, access.ajax, (req,res) => {
router.delete("/news", access.logged, access.ajax, (req,res) => {
const nid = req.query.id;
router.delete("/news", access.logged, access.ajax, (req,res) => {
const nid = req.query.id;
- if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
+ if (
+ params.devs.includes(req.userId) &&
+ nid.toString().match(/^[0-9]+$/)
+ ) {
NewsModel.remove(nid);
res.json({});
}
NewsModel.remove(nid);
res.json({});
}