X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=server%2Fmodels%2FProblem.js;h=9978d76f108c97c25ca1ef6adc9bc372c6ed86c2;hp=2d29520fdce33002634d1b1cdc2a7a9bd9963f83;hb=a9e7935190d8fc112e674add05e86b8d0152e8df;hpb=5f918a278904266a2a66a3c8e2a3655f37c2d2a7

diff --git a/server/models/Problem.js b/server/models/Problem.js
index 2d29520f..9978d76f 100644
--- a/server/models/Problem.js
+++ b/server/models/Problem.js
@@ -63,8 +63,10 @@ const ProblemModel = {
     });
   },
 
-  safeUpdate: function(prob, uid) {
+  safeUpdate: function(prob, uid, devs) {
     db.serialize(function() {
+      let whereClause = "WHERE id = " + prob.id;
+      if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
       const query =
         "UPDATE Problems " +
         "SET " +
@@ -72,16 +74,18 @@ const ProblemModel = {
           "fen = '" + prob.fen + "'," +
           "instruction = ?," +
           "solution = ? " +
-        "WHERE id = " + prob.id + " AND uid = " + uid;
+        whereClause;
       db.run(query, [prob.instruction, prob.solution]);
     });
   },
 
-  safeRemove: function(id, uid) {
+  safeRemove: function(id, uid, devs) {
     db.serialize(function() {
+      let whereClause = "WHERE id = " + prob.id;
+      if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
       const query =
         "DELETE FROM Problems " +
-        "WHERE id = " + id + " AND uid = " + uid;
+        whereClause;
       db.run(query);
     });
   },