serverUrl: "http://localhost:3000",
// "include" if the server is at a different address
- credentials: "same-origin"
+ credentials: "same-origin",
+
+ // IDs of users allowed to post news and edit any problem
+ devs: []
};
export default Parameters;
.row
.col-sm-12.col-md-10.col-md-offset-1.col-lg-8.col-lg-offset-2
button#writeNewsBtn(
- v-if="devs.includes(st.user.id)"
+ v-if="devTeam"
@click="showModalNews"
)
| {{ st.tr["Write news"] }}
:class="{margintop:idx>0}"
)
span.ndt {{ formatDatetime(n.added) }}
- .dev-buttons(v-if="devs.includes(st.user.id)")
+ .dev-buttons(v-if="devTeam")
button(@click="editNews(n)") {{ st.tr["Edit"] }}
button(@click="deleteNews(n)") {{ st.tr["Delete"] }}
button(@click="gotoPrevNext(n, 1)") {{ st.tr["Previous_n"] }}
<script>
import { store } from "@/store";
import { ajax } from "@/utils/ajax";
+import params from "@/parameters";
import { getDate, getTime } from "@/utils/datetime";
import { processModalClick } from "@/utils/modalClick";
export default {
name: "my-news",
data: function() {
return {
- devs: [1], //for now the only dev is me
st: store.state,
+ devTeam: params.devs.include(store.state.user.id),
// timestamp of oldest showed news:
cursor: Number.MAX_SAFE_INTEGER,
// hasMore == TRUE: a priori there could be more news to load
import { store } from "@/store";
import { ajax } from "@/utils/ajax";
import { checkProblem } from "@/data/problemCheck";
+import params from "@/parameters";
import { getDiagram } from "@/utils/printDiagram";
import { processModalClick } from "@/utils/modalClick";
import { ArrayFun } from "@/utils/array";
onlyMine: false,
showOne: false,
infoMsg: "",
- admins: [1], //hard-coded for now. TODO
game: {
players: [{ name: "Problem" }, { name: "Problem" }],
mode: "analyze"
);
},
canIedit: function(puid) {
- return this.admins.concat([puid]).includes(this.st.user.id);
+ return params.devs.concat([puid]).includes(this.st.user.id);
},
editProblem: function(prob) {
// prob.diag might correspond to some other problem or be empty:
noreply: "some_noreply_email",
contact: "some_contact_email",
},
+
+ // IDs of users allowed to post news and edit any problem
+ devs: []
};
});
},
- safeUpdate: function(prob, uid) {
+ safeUpdate: function(prob, uid, devs) {
db.serialize(function() {
+ let whereClause = "WHERE id = " + prob.id;
+ if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
const query =
"UPDATE Problems " +
"SET " +
"fen = '" + prob.fen + "'," +
"instruction = ?," +
"solution = ? " +
- "WHERE id = " + prob.id + " AND uid = " + uid;
+ whereClause;
db.run(query, [prob.instruction, prob.solution]);
});
},
- safeRemove: function(id, uid) {
+ safeRemove: function(id, uid, devs) {
db.serialize(function() {
+ let whereClause = "WHERE id = " + prob.id;
+ if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
const query =
"DELETE FROM Problems " +
- "WHERE id = " + id + " AND uid = " + uid;
+ whereClause;
db.run(query);
});
},
let router = require("express").Router();
const access = require("../utils/access");
+const params = require("../config/parameters");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
-const devs = [1]; //hard-coded list of developers IDs, allowed to post news
router.post("/news", access.logged, access.ajax, (req,res) => {
- if (devs.includes(req.userId)) {
+ if (params.devs.includes(req.userId)) {
const content = sanitizeHtml(req.body.news.content);
NewsModel.create(content, req.userId, (err, ret) => {
res.json(err || ret);
router.put("/news", access.logged, access.ajax, (req,res) => {
let news = req.body.news;
- if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
+ if (
+ params.devs.includes(req.userId) &&
+ news.id.toString().match(/^[0-9]+$/)
+ ) {
news.content = sanitizeHtml(news.content);
NewsModel.update(news);
res.json({});
router.delete("/news", access.logged, access.ajax, (req,res) => {
const nid = req.query.id;
- if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
+ if (
+ params.devs.includes(req.userId) &&
+ nid.toString().match(/^[0-9]+$/)
+ ) {
NewsModel.remove(nid);
res.json({});
}
let router = require("express").Router();
const access = require("../utils/access");
+const params = require("../config/parameters");
const ProblemModel = require("../models/Problem");
const sanitizeHtml = require('sanitize-html');
if (ProblemModel.checkProblem(obj)) {
obj.instruction = sanitizeHtml(obj.instruction);
obj.solution = sanitizeHtml(obj.solution);
- ProblemModel.safeUpdate(obj, req.userId);
+ ProblemModel.safeUpdate(obj, req.userId, params.devs);
}
res.json({});
});
router.delete("/problems", access.logged, access.ajax, (req,res) => {
const pid = req.query.id;
if (pid.toString().match(/^[0-9]+$/))
- ProblemModel.safeRemove(pid, req.userId);
+ ProblemModel.safeRemove(pid, req.userId, params.devs);
res.json({});
});
projects / vchess.git / commitdiff