Commit | Line | Data |
---|---|---|
604b951e BA |
1 | // AJAX methods to get, create, update or delete a problem |
2 | ||
3 | let router = require("express").Router(); | |
4 | const access = require("../utils/access"); | |
5 | const NewsModel = require("../models/News"); | |
6 | const sanitizeHtml = require('sanitize-html'); | |
7 | const devs = [1]; //hard-coded list of developers, allowed to post news | |
8 | ||
9 | router.get("/news", (req,res) => { | |
10 | const cursor = req.query["cursor"]; | |
11 | if (!cursor.match(/^[0-9]+$/)) | |
12 | return res.json({errmsg: "Bad cursor value"}); | |
13 | NewsModel.getNext(cursor, (err,newsList) => { | |
14 | res.json(err || {newsList:newsList}); | |
15 | }); | |
16 | }); | |
17 | ||
18 | router.post("/news", access.logged, access.ajax, (req,res) => { | |
19 | if (!devs.includes(req.userId)) | |
20 | return res.json({errmsg: "Not allowed to post"}); | |
21 | const content = sanitizeHtml(req.body.news.content); | |
22 | NewsModel.create(content, req.userId, (err,ret) => { | |
23 | return res.json(err || {nid:ret.nid}); | |
24 | }); | |
25 | }); | |
26 | ||
27 | router.put("/news", access.logged, access.ajax, (req,res) => { | |
28 | if (!devs.includes(req.userId)) | |
29 | return res.json({errmsg: "Not allowed to edit"}); | |
30 | let news = req.body.news; | |
31 | if (!news.id.toString().match(/^[0-9]+$/)) | |
32 | res.json({errmsg: "Bad news ID"}); | |
33 | news.content = sanitizeHtml(news.content); | |
34 | NewsModel.update(news, (err) => { | |
35 | res.json(err || {}); | |
36 | }); | |
37 | }); | |
38 | ||
39 | router.delete("/news", access.logged, access.ajax, (req,res) => { | |
40 | if (!devs.includes(req.userId)) | |
41 | return res.json({errmsg: "Not allowed to delete"}); | |
42 | const nid = req.query.id; | |
43 | if (!nid.toString().match(/^[0-9]+$/)) | |
44 | res.json({errmsg: "Bad news ID"}); | |
45 | NewsModel.remove(nid, err => { | |
46 | res.json(err || {}); | |
47 | }); | |
48 | }); | |
49 | ||
50 | module.exports = router; |