matt/stratos
1
0
Fork 0
mirror of https://github.com/matt-fidd/stratos.git synced 2026-01-01 13:59:25 +00:00
Code Issues Projects Releases Wiki Activity

Added protection against non-teacher deletions, edits etc...

Browse Source
This commit is contained in:
matt
2022-04-22 04:04:35 +00:00
parent c519e1e699
commit b46e7cf7c1
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
routes/singleClass.js
View File

@@ -58,6 +58,9 @@ router.get('/:id', async (req, res) => {
});
router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
await c.delete();
@@ -94,6 +97,9 @@ router.get('/:id/:memberType(members|teachers)', (req, res) => {
});
router.get('/:id/:userType(members|teachers)/add', (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const userType =
req.params.userType === 'teachers' ?
@@ -133,6 +139,9 @@ router.get('/:id/:userType(members|teachers)/add', (req, res) => {
});
router.post('/:id/:userType(members|teachers)/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const userType = req.params.userType;
const rejectURL = `/admin/class/${c.id}/${userType}/add`;
@@ -178,6 +187,9 @@ router.post('/:id/:userType(members|teachers)/add', async (req, res) => {
});
router.post('/:id/members/add2', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const rejectURL = `/admin/class/${c.id}/students/add`;
@@ -216,6 +228,9 @@ router.post('/:id/members/add2', async (req, res) => {
router.get('/:id/:userType(members|teachers)/:userId/remove',
async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const u = await new User(req.db, req.params.userId);
@@ -241,6 +256,9 @@ router.get('/:id/:userType(members|teachers)/:userId/remove',
router.post('/:id/:userType(members|teachers)/:userId/remove',
async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const u = await new User(req.db, req.params.userId);
const userType = req.params.userType;

18
routes/singleTest.js
View File

@@ -57,6 +57,9 @@ router.get('/:id', async (req, res) => {
});
router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test;
await t.delete();
@@ -65,6 +68,9 @@ router.post('/:id/delete', async (req, res) => {
router.get('/:id/results', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test;
const linkRoot = `/admin/test/${t.id}/results`;
@@ -85,6 +91,9 @@ router.get('/:id/results', async (req, res) => {
});
router.post('/:id/results/:resultId/edit', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test;
const tr = await new TestResult(req.db, req.params.resultId);
@@ -108,6 +117,9 @@ router.post('/:id/results/:resultId/edit', async (req, res) => {
});
router.post('/:id/results/:resultId/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test;
const tr = await new TestResult(req.db, req.params.resultId);
const returnURL = `/admin/test/${t.id}/results`;
@@ -118,6 +130,9 @@ router.post('/:id/results/:resultId/delete', async (req, res) => {
});
router.get('/:id/results/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test;
const linkRoot = `/admin/test/${t.id}/results`;
@@ -139,6 +154,9 @@ router.get('/:id/results/add', async (req, res) => {
});
router.post('/:id/results/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test;
const returnURL = `/admin/test/${t.id}/results`;

9
routes/singleTestTemplate.js
View File

@@ -6,6 +6,9 @@ const router = express.Router();
const validator = require('../lib/validator');
router.get('/:id', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/test-templates');
const tt = req.tt;
const linkRoot = `/admin/test-template/${tt.id}`;
@@ -23,6 +26,9 @@ router.get('/:id', async (req, res) => {
});
router.post('/:id/edit', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/test-templates');
const tt = req.tt;
const returnURL = `/admin/test-template/${tt.id}`;
@@ -48,6 +54,9 @@ router.post('/:id/edit', async (req, res) => {
});
router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/test-templates');
const tt = req.tt;
await tt.delete();

2
views/test.hbs
View File

@@ -69,9 +69,11 @@
</div>
</section>
{{#eq userType 'account'}}
<script>
document.querySelector('.deleteForm').addEventListener('submit', (e) => {
if (!confirm('Delete test?'))
e.preventDefault();
});
</script>
{{/eq}}