matt/stratos
1
0
Fork 0
mirror of https://github.com/matt-fidd/stratos.git synced 2026-01-02 10:19:29 +00:00
Code Issues Projects Releases Wiki Activity

Added protection against non-teacher deletions, edits etc...

Browse Source
This commit is contained in:
matt
2022-04-22 04:04:35 +00:00
parent c519e1e699
commit b46e7cf7c1
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
routes/singleClass.js
View File

@@ -58,6 +58,9 @@ router.get('/:id', async (req, res) => {
});
router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
await c.delete();
@@ -94,6 +97,9 @@ router.get('/:id/:memberType(members|teachers)', (req, res) => {
});
router.get('/:id/:userType(members|teachers)/add', (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const userType =
req.params.userType === 'teachers' ?
@@ -133,6 +139,9 @@ router.get('/:id/:userType(members|teachers)/add', (req, res) => {
});
router.post('/:id/:userType(members|teachers)/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const userType = req.params.userType;
const rejectURL = `/admin/class/${c.id}/${userType}/add`;
@@ -178,6 +187,9 @@ router.post('/:id/:userType(members|teachers)/add', async (req, res) => {
});
router.post('/:id/members/add2', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const rejectURL = `/admin/class/${c.id}/students/add`;
@@ -216,6 +228,9 @@ router.post('/:id/members/add2', async (req, res) => {
router.get('/:id/:userType(members|teachers)/:userId/remove',
async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const u = await new User(req.db, req.params.userId);
@@ -241,6 +256,9 @@ router.get('/:id/:userType(members|teachers)/:userId/remove',
router.post('/:id/:userType(members|teachers)/:userId/remove',
async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class;
const u = await new User(req.db, req.params.userId);
const userType = req.params.userType;