From 64c0da67164d71dbb5087c289155c8f122fea043 Mon Sep 17 00:00:00 2001
From: matt <matt@fiddaman.net>
Date: Fri, 22 Apr 2022 02:42:23 +0000
Subject: [PATCH] Lock down reports page to teachers only

---
 routes/report.js            | 7 +++++++
 views/partials/adminNav.hbs | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/routes/report.js b/routes/report.js
index dc53c50..8d040dc 100644
--- a/routes/report.js
+++ b/routes/report.js
@@ -7,6 +7,13 @@ const User = require('../lib/User');
 
 const validator = require('../lib/validator');
 
+router.all(/\/reports.*/, (req, res, next) => {
+	if (!req.session.userType === 'account')
+		return res.redirect('/admin');
+
+	next();
+});
+
 router.get('/reports', async (req, res) => {
 	const u = await new User(req.db, req.session.userId);
 	const classes = await u.getClasses();
diff --git a/views/partials/adminNav.hbs b/views/partials/adminNav.hbs
index 1f53a36..a43d711 100644
--- a/views/partials/adminNav.hbs
+++ b/views/partials/adminNav.hbs
@@ -5,8 +5,8 @@
 		{{> adminNavItem content='Tests' icon='book-open' to='tests' current=current }}
 		{{#eq userType 'account'}}
 		{{> adminNavItem content='Test Templates' icon='trowel-bricks' to='test-templates' current=current }}
-		{{/eq}}
 		{{> adminNavItem content='Reports' icon='chart-column' to='reports' current=current }}
+		{{/eq}}
 	</div>
 	<div class='adminNav__profile'>
 		<div class='details'>