diff options
| author | Marvin Borner | 2020-10-03 11:56:46 +0200 |
|---|---|---|
| committer | Marvin Borner | 2020-10-03 11:56:46 +0200 |
| commit | 148a9a5a63ed3e73d0a8709e7972fd1b1586c5b8 (patch) | |
| tree | d5650c856ea18f1f0a7306028844587d4697e7be | |
| parent | 970dfec33a2cd53ad72ba0da59c129f65d6032f6 (diff) | |
Added class-specific filter
| -rw-r--r-- | auth/index.js | 13 | ||||
| -rw-r--r-- | poll/index.js | 7 | ||||
| -rw-r--r-- | poll/public/script.js | 4 | ||||
| -rw-r--r-- | quotes/public/script.js | 6 |
4 files changed, 22 insertions, 8 deletions
diff --git a/auth/index.js b/auth/index.js index 0891fc5..7039cdb 100644 --- a/auth/index.js +++ b/auth/index.js @@ -19,7 +19,7 @@ app.use( if (!req.session.loggedIn || req.path.startsWith("/api")) next(); else res.redirect("/"); }, - express.static(__dirname + "/public") + express.static(__dirname + "/public"), ); app.post("/api/login", async (req, res) => { @@ -55,7 +55,16 @@ app.put("/api/password", checkUser, async (req, res) => { }); app.get("/api/list", checkUser, async (req, res) => { - const users = await db.query("SELECT id, name, middlename, surname FROM users"); + let users; + if (req.query.class === "all") { + users = await db.query("SELECT id, name, middlename, surname FROM users"); + } else { + users = await db.query( + "SELECT id, name, middlename, surname FROM users WHERE class_id = (SELECT class_id FROM users WHERE id = ?) ORDER BY name", + [req.session.uid], + ); + } + res.json(users); }); diff --git a/poll/index.js b/poll/index.js index ab9ee6f..74b5875 100644 --- a/poll/index.js +++ b/poll/index.js @@ -8,6 +8,11 @@ app.use("/", checkUser, express.static(__dirname + "/public")); app.post("/api/answer", checkUser, async (req, res) => { if (!req.body.answer || !req.body.question) return res.send("error"); try { + const user_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [req.session.uid]))[0].class_id; + const answer_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [parseInt(req.body.answer)]))[0] + .class_id; + if (user_class != answer_class) return res.send("error"); + await db.query("INSERT INTO ranking_answers (question_id, user_id, answer_id) VALUE (?,?,?)", [ parseInt(req.body.question), req.session.uid, @@ -25,7 +30,7 @@ app.get("/api/get", checkUser, async (req, res) => { const question = ( await db.query( "SELECT q.id, q.question, t.name FROM ranking_questions AS q INNER JOIN types AS t ON type_id = t.id WHERE q.id NOT IN (SELECT question_id FROM ranking_answers WHERE user_id = ?) AND t.name = 'pupil' LIMIT 1", - [req.session.uid] + [req.session.uid], ) )[0]; res.json(question); diff --git a/poll/public/script.js b/poll/public/script.js index a42777f..bfb686d 100644 --- a/poll/public/script.js +++ b/poll/public/script.js @@ -10,7 +10,7 @@ function appendOption(response) { "beforeend", `<option value="${elem["id"]}">${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${ elem["surname"] - }</option>` + }</option>`, ); }); } @@ -23,7 +23,7 @@ function appendQuote(response) { "beforeend", `<li>${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${elem["surname"]}: ${ elem["quote"] - }</li>` + }</li>`, ); }); } diff --git a/quotes/public/script.js b/quotes/public/script.js index 2c112e4..da1c38f 100644 --- a/quotes/public/script.js +++ b/quotes/public/script.js @@ -8,7 +8,7 @@ function appendOption(response) { "beforeend", `<option value="${elem["id"]}">${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${ elem["surname"] - }</option>` + }</option>`, ); }); } @@ -21,12 +21,12 @@ function appendQuote(response) { "beforeend", `<li>${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${elem["surname"]}: ${ elem["quote"] - }</li>` + }</li>`, ); }); } -fetch("/auth/api/list") +fetch("/auth/api/list?class=all") .then((response) => response.json()) .then((response) => appendOption(response)); |