matt/stratos
1
0
Fork 0
mirror of https://github.com/matt-fidd/stratos.git synced 2026-01-01 20:39:28 +00:00
Code Issues Projects Releases Wiki Activity

Added protection against non-teacher deletions, edits etc...

Browse Source
This commit is contained in:
matt
2022-04-22 04:04:35 +00:00
parent c519e1e699
commit b46e7cf7c1
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
routes/singleClass.js
View File

@@ -58,6 +58,9 @@ router.get('/:id', async (req, res) => {
}); });
router.post('/:id/delete', async (req, res) => { router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class; const c = req.class;
await c.delete(); await c.delete();
@@ -94,6 +97,9 @@ router.get('/:id/:memberType(members|teachers)', (req, res) => {
}); });
router.get('/:id/:userType(members|teachers)/add', (req, res) => { router.get('/:id/:userType(members|teachers)/add', (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class; const c = req.class;
const userType = const userType =
req.params.userType === 'teachers' ? req.params.userType === 'teachers' ?
@@ -133,6 +139,9 @@ router.get('/:id/:userType(members|teachers)/add', (req, res) => {
}); });
router.post('/:id/:userType(members|teachers)/add', async (req, res) => { router.post('/:id/:userType(members|teachers)/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class; const c = req.class;
const userType = req.params.userType; const userType = req.params.userType;
const rejectURL = `/admin/class/${c.id}/${userType}/add`; const rejectURL = `/admin/class/${c.id}/${userType}/add`;
@@ -178,6 +187,9 @@ router.post('/:id/:userType(members|teachers)/add', async (req, res) => {
}); });
router.post('/:id/members/add2', async (req, res) => { router.post('/:id/members/add2', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class; const c = req.class;
const rejectURL = `/admin/class/${c.id}/students/add`; const rejectURL = `/admin/class/${c.id}/students/add`;
@@ -216,6 +228,9 @@ router.post('/:id/members/add2', async (req, res) => {
router.get('/:id/:userType(members|teachers)/:userId/remove', router.get('/:id/:userType(members|teachers)/:userId/remove',
async (req, res) => { async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class; const c = req.class;
const u = await new User(req.db, req.params.userId); const u = await new User(req.db, req.params.userId);
@@ -241,6 +256,9 @@ router.get('/:id/:userType(members|teachers)/:userId/remove',
router.post('/:id/:userType(members|teachers)/:userId/remove', router.post('/:id/:userType(members|teachers)/:userId/remove',
async (req, res) => { async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/classes');
const c = req.class; const c = req.class;
const u = await new User(req.db, req.params.userId); const u = await new User(req.db, req.params.userId);
const userType = req.params.userType; const userType = req.params.userType;

18
routes/singleTest.js
View File

@@ -57,6 +57,9 @@ router.get('/:id', async (req, res) => {
}); });
router.post('/:id/delete', async (req, res) => { router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test; const t = req.test;
await t.delete(); await t.delete();
@@ -65,6 +68,9 @@ router.post('/:id/delete', async (req, res) => {
router.get('/:id/results', async (req, res) => { router.get('/:id/results', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test; const t = req.test;
const linkRoot = `/admin/test/${t.id}/results`; const linkRoot = `/admin/test/${t.id}/results`;
@@ -85,6 +91,9 @@ router.get('/:id/results', async (req, res) => {
}); });
router.post('/:id/results/:resultId/edit', async (req, res) => { router.post('/:id/results/:resultId/edit', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test; const t = req.test;
const tr = await new TestResult(req.db, req.params.resultId); const tr = await new TestResult(req.db, req.params.resultId);
@@ -108,6 +117,9 @@ router.post('/:id/results/:resultId/edit', async (req, res) => {
}); });
router.post('/:id/results/:resultId/delete', async (req, res) => { router.post('/:id/results/:resultId/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test; const t = req.test;
const tr = await new TestResult(req.db, req.params.resultId); const tr = await new TestResult(req.db, req.params.resultId);
const returnURL = `/admin/test/${t.id}/results`; const returnURL = `/admin/test/${t.id}/results`;
@@ -118,6 +130,9 @@ router.post('/:id/results/:resultId/delete', async (req, res) => {
}); });
router.get('/:id/results/add', async (req, res) => { router.get('/:id/results/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test; const t = req.test;
const linkRoot = `/admin/test/${t.id}/results`; const linkRoot = `/admin/test/${t.id}/results`;
@@ -139,6 +154,9 @@ router.get('/:id/results/add', async (req, res) => {
}); });
router.post('/:id/results/add', async (req, res) => { router.post('/:id/results/add', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/tests');
const t = req.test; const t = req.test;
const returnURL = `/admin/test/${t.id}/results`; const returnURL = `/admin/test/${t.id}/results`;

9
routes/singleTestTemplate.js
View File

@@ -6,6 +6,9 @@ const router = express.Router();
const validator = require('../lib/validator'); const validator = require('../lib/validator');
router.get('/:id', async (req, res) => { router.get('/:id', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/test-templates');
const tt = req.tt; const tt = req.tt;
const linkRoot = `/admin/test-template/${tt.id}`; const linkRoot = `/admin/test-template/${tt.id}`;
@@ -23,6 +26,9 @@ router.get('/:id', async (req, res) => {
}); });
router.post('/:id/edit', async (req, res) => { router.post('/:id/edit', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/test-templates');
const tt = req.tt; const tt = req.tt;
const returnURL = `/admin/test-template/${tt.id}`; const returnURL = `/admin/test-template/${tt.id}`;
@@ -48,6 +54,9 @@ router.post('/:id/edit', async (req, res) => {
}); });
router.post('/:id/delete', async (req, res) => { router.post('/:id/delete', async (req, res) => {
if (req.session.userType !== 'account')
return res.redirect('/admin/test-templates');
const tt = req.tt; const tt = req.tt;
await tt.delete(); await tt.delete();

2
views/test.hbs
View File

@@ -69,9 +69,11 @@
</div> </div>
</section> </section>
{{#eq userType 'account'}}
<script> <script>
document.querySelector('.deleteForm').addEventListener('submit', (e) => { document.querySelector('.deleteForm').addEventListener('submit', (e) => {
if (!confirm('Delete test?')) if (!confirm('Delete test?'))
e.preventDefault(); e.preventDefault();
}); });
</script> </script>
{{/eq}}