projects
/
vchess.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5f918a2
)
Fix pronlems edit by admins
author
Benjamin Auder
<benjamin.auder@somewhere>
Mon, 30 Mar 2020 13:28:55 +0000
(15:28 +0200)
committer
Benjamin Auder
<benjamin.auder@somewhere>
Mon, 30 Mar 2020 13:28:55 +0000
(15:28 +0200)
client/src/parameters.js.dist
patch
|
blob
|
blame
|
history
client/src/views/News.vue
patch
|
blob
|
blame
|
history
client/src/views/Problems.vue
patch
|
blob
|
blame
|
history
server/config/parameters.js.dist
patch
|
blob
|
blame
|
history
server/models/Problem.js
patch
|
blob
|
blame
|
history
server/routes/news.js
patch
|
blob
|
blame
|
history
server/routes/problems.js
patch
|
blob
|
blame
|
history
diff --git
a/client/src/parameters.js.dist
b/client/src/parameters.js.dist
index
2e47407
..
b7f0899
100644
(file)
--- a/
client/src/parameters.js.dist
+++ b/
client/src/parameters.js.dist
@@
-7,7
+7,10
@@
const Parameters =
serverUrl: "http://localhost:3000",
// "include" if the server is at a different address
serverUrl: "http://localhost:3000",
// "include" if the server is at a different address
- credentials: "same-origin"
+ credentials: "same-origin",
+
+ // IDs of users allowed to post news and edit any problem
+ devs: []
};
export default Parameters;
};
export default Parameters;
diff --git
a/client/src/views/News.vue
b/client/src/views/News.vue
index
97f0eb8
..
37bd3ca
100644
(file)
--- a/
client/src/views/News.vue
+++ b/
client/src/views/News.vue
@@
-17,7
+17,7
@@
main
.row
.col-sm-12.col-md-10.col-md-offset-1.col-lg-8.col-lg-offset-2
button#writeNewsBtn(
.row
.col-sm-12.col-md-10.col-md-offset-1.col-lg-8.col-lg-offset-2
button#writeNewsBtn(
- v-if="dev
s.includes(st.user.id)
"
+ v-if="dev
Team
"
@click="showModalNews"
)
| {{ st.tr["Write news"] }}
@click="showModalNews"
)
| {{ st.tr["Write news"] }}
@@
-27,7
+27,7
@@
main
:class="{margintop:idx>0}"
)
span.ndt {{ formatDatetime(n.added) }}
:class="{margintop:idx>0}"
)
span.ndt {{ formatDatetime(n.added) }}
- .dev-buttons(v-if="dev
s.includes(st.user.id)
")
+ .dev-buttons(v-if="dev
Team
")
button(@click="editNews(n)") {{ st.tr["Edit"] }}
button(@click="deleteNews(n)") {{ st.tr["Delete"] }}
button(@click="gotoPrevNext(n, 1)") {{ st.tr["Previous_n"] }}
button(@click="editNews(n)") {{ st.tr["Edit"] }}
button(@click="deleteNews(n)") {{ st.tr["Delete"] }}
button(@click="gotoPrevNext(n, 1)") {{ st.tr["Previous_n"] }}
@@
-43,14
+43,15
@@
main
<script>
import { store } from "@/store";
import { ajax } from "@/utils/ajax";
<script>
import { store } from "@/store";
import { ajax } from "@/utils/ajax";
+import params from "@/parameters";
import { getDate, getTime } from "@/utils/datetime";
import { processModalClick } from "@/utils/modalClick";
export default {
name: "my-news",
data: function() {
return {
import { getDate, getTime } from "@/utils/datetime";
import { processModalClick } from "@/utils/modalClick";
export default {
name: "my-news",
data: function() {
return {
- devs: [1], //for now the only dev is me
st: store.state,
st: store.state,
+ devTeam: params.devs.include(store.state.user.id),
// timestamp of oldest showed news:
cursor: Number.MAX_SAFE_INTEGER,
// hasMore == TRUE: a priori there could be more news to load
// timestamp of oldest showed news:
cursor: Number.MAX_SAFE_INTEGER,
// hasMore == TRUE: a priori there could be more news to load
diff --git
a/client/src/views/Problems.vue
b/client/src/views/Problems.vue
index
a62949c
..
bcfb3a3
100644
(file)
--- a/
client/src/views/Problems.vue
+++ b/
client/src/views/Problems.vue
@@
-115,6
+115,7
@@
main
import { store } from "@/store";
import { ajax } from "@/utils/ajax";
import { checkProblem } from "@/data/problemCheck";
import { store } from "@/store";
import { ajax } from "@/utils/ajax";
import { checkProblem } from "@/data/problemCheck";
+import params from "@/parameters";
import { getDiagram } from "@/utils/printDiagram";
import { processModalClick } from "@/utils/modalClick";
import { ArrayFun } from "@/utils/array";
import { getDiagram } from "@/utils/printDiagram";
import { processModalClick } from "@/utils/modalClick";
import { ArrayFun } from "@/utils/array";
@@
-154,7
+155,6
@@
export default {
onlyMine: false,
showOne: false,
infoMsg: "",
onlyMine: false,
showOne: false,
infoMsg: "",
- admins: [1], //hard-coded for now. TODO
game: {
players: [{ name: "Problem" }, { name: "Problem" }],
mode: "analyze"
game: {
players: [{ name: "Problem" }, { name: "Problem" }],
mode: "analyze"
@@
-409,7
+409,7
@@
export default {
);
},
canIedit: function(puid) {
);
},
canIedit: function(puid) {
- return
this.admin
s.concat([puid]).includes(this.st.user.id);
+ return
params.dev
s.concat([puid]).includes(this.st.user.id);
},
editProblem: function(prob) {
// prob.diag might correspond to some other problem or be empty:
},
editProblem: function(prob) {
// prob.diag might correspond to some other problem or be empty:
diff --git
a/server/config/parameters.js.dist
b/server/config/parameters.js.dist
index
c190841
..
c0640cd
100644
(file)
--- a/
server/config/parameters.js.dist
+++ b/
server/config/parameters.js.dist
@@
-30,4
+30,7
@@
module.exports = {
noreply: "some_noreply_email",
contact: "some_contact_email",
},
noreply: "some_noreply_email",
contact: "some_contact_email",
},
+
+ // IDs of users allowed to post news and edit any problem
+ devs: []
};
};
diff --git
a/server/models/Problem.js
b/server/models/Problem.js
index
2d29520
..
9978d76
100644
(file)
--- a/
server/models/Problem.js
+++ b/
server/models/Problem.js
@@
-63,8
+63,10
@@
const ProblemModel = {
});
},
});
},
- safeUpdate: function(prob, uid) {
+ safeUpdate: function(prob, uid
, devs
) {
db.serialize(function() {
db.serialize(function() {
+ let whereClause = "WHERE id = " + prob.id;
+ if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
const query =
"UPDATE Problems " +
"SET " +
const query =
"UPDATE Problems " +
"SET " +
@@
-72,16
+74,18
@@
const ProblemModel = {
"fen = '" + prob.fen + "'," +
"instruction = ?," +
"solution = ? " +
"fen = '" + prob.fen + "'," +
"instruction = ?," +
"solution = ? " +
-
"WHERE id = " + prob.id + " AND uid = " + uid
;
+
whereClause
;
db.run(query, [prob.instruction, prob.solution]);
});
},
db.run(query, [prob.instruction, prob.solution]);
});
},
- safeRemove: function(id, uid) {
+ safeRemove: function(id, uid
, devs
) {
db.serialize(function() {
db.serialize(function() {
+ let whereClause = "WHERE id = " + prob.id;
+ if (!devs.includes(uid)) whereClause += " AND uid = " + uid;
const query =
"DELETE FROM Problems " +
const query =
"DELETE FROM Problems " +
-
"WHERE id = " + id + " AND uid = " + uid
;
+
whereClause
;
db.run(query);
});
},
db.run(query);
});
},
diff --git
a/server/routes/news.js
b/server/routes/news.js
index
af7f6ac
..
e78020e
100644
(file)
--- a/
server/routes/news.js
+++ b/
server/routes/news.js
@@
-1,11
+1,11
@@
let router = require("express").Router();
const access = require("../utils/access");
let router = require("express").Router();
const access = require("../utils/access");
+const params = require("../config/parameters");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
-const devs = [1]; //hard-coded list of developers IDs, allowed to post news
router.post("/news", access.logged, access.ajax, (req,res) => {
router.post("/news", access.logged, access.ajax, (req,res) => {
- if (devs.includes(req.userId)) {
+ if (
params.
devs.includes(req.userId)) {
const content = sanitizeHtml(req.body.news.content);
NewsModel.create(content, req.userId, (err, ret) => {
res.json(err || ret);
const content = sanitizeHtml(req.body.news.content);
NewsModel.create(content, req.userId, (err, ret) => {
res.json(err || ret);
@@
-31,7
+31,10
@@
router.get("/newsts", access.ajax, (req,res) => {
router.put("/news", access.logged, access.ajax, (req,res) => {
let news = req.body.news;
router.put("/news", access.logged, access.ajax, (req,res) => {
let news = req.body.news;
- if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
+ if (
+ params.devs.includes(req.userId) &&
+ news.id.toString().match(/^[0-9]+$/)
+ ) {
news.content = sanitizeHtml(news.content);
NewsModel.update(news);
res.json({});
news.content = sanitizeHtml(news.content);
NewsModel.update(news);
res.json({});
@@
-40,7
+43,10
@@
router.put("/news", access.logged, access.ajax, (req,res) => {
router.delete("/news", access.logged, access.ajax, (req,res) => {
const nid = req.query.id;
router.delete("/news", access.logged, access.ajax, (req,res) => {
const nid = req.query.id;
- if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
+ if (
+ params.devs.includes(req.userId) &&
+ nid.toString().match(/^[0-9]+$/)
+ ) {
NewsModel.remove(nid);
res.json({});
}
NewsModel.remove(nid);
res.json({});
}
diff --git
a/server/routes/problems.js
b/server/routes/problems.js
index
2db81bb
..
746be9a
100644
(file)
--- a/
server/routes/problems.js
+++ b/
server/routes/problems.js
@@
-1,5
+1,6
@@
let router = require("express").Router();
const access = require("../utils/access");
let router = require("express").Router();
const access = require("../utils/access");
+const params = require("../config/parameters");
const ProblemModel = require("../models/Problem");
const sanitizeHtml = require('sanitize-html');
const ProblemModel = require("../models/Problem");
const sanitizeHtml = require('sanitize-html');
@@
-41,7
+42,7
@@
router.put("/problems", access.logged, access.ajax, (req,res) => {
if (ProblemModel.checkProblem(obj)) {
obj.instruction = sanitizeHtml(obj.instruction);
obj.solution = sanitizeHtml(obj.solution);
if (ProblemModel.checkProblem(obj)) {
obj.instruction = sanitizeHtml(obj.instruction);
obj.solution = sanitizeHtml(obj.solution);
- ProblemModel.safeUpdate(obj, req.userId);
+ ProblemModel.safeUpdate(obj, req.userId
, params.devs
);
}
res.json({});
});
}
res.json({});
});
@@
-49,7
+50,7
@@
router.put("/problems", access.logged, access.ajax, (req,res) => {
router.delete("/problems", access.logged, access.ajax, (req,res) => {
const pid = req.query.id;
if (pid.toString().match(/^[0-9]+$/))
router.delete("/problems", access.logged, access.ajax, (req,res) => {
const pid = req.query.id;
if (pid.toString().match(/^[0-9]+$/))
- ProblemModel.safeRemove(pid, req.userId);
+ ProblemModel.safeRemove(pid, req.userId
, params.devs
);
res.json({});
});
res.json({});
});