Admin fixibus

author: LarsVomMars 2021-01-29 15:17:13 +0100
committer: LarsVomMars 2021-01-29 15:17:13 +0100
commit: d935eec6d32a8706f4190e241b284c19ca8fc073 (patch)
tree: 00c113a8a3e71d820da17cd81decb37a32de1a17
parent: ce7c01ed413c5aaec36bbab0da601118855d1c16 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/profile/index.js b/profile/index.js
index cc0972a..80603c1 100644
--- a/profile/index.js
+++ b/profile/index.js
@@ -120,9 +120,10 @@ app.put("/api/comment", async (req, res) => {
     const { pid, cid, comment } = req.body;
     if (!pid || !comment || !cid) return res.json({ success: false });
     try {
-        await db.query("UPDATE profile_comments SET comment = ? WHERE user_id = ? AND profile_id = ? AND id = ?", [
+        await db.query("UPDATE profile_comments SET comment = ? WHERE (user_id = ? OR ?) AND profile_id = ? AND id = ?", [
             comment,
             req.session.uid,
+            req.session.isAdmin,
             pid,
             cid,
         ]);
@@ -137,8 +138,9 @@ app.delete("/api/comment", async (req, res) => {
     const { pid, cid } = req.body;
     if (!pid || !cid) return res.json({ success: false });
     try {
-        await db.query("DELETE FROM profile_comments WHERE user_id = ? AND profile_id = ? AND id = ?", [
+        await db.query("DELETE FROM profile_comments WHERE (user_id = ? OR ?) AND profile_id = ? AND id = ?", [
             req.session.uid,
+            req.session.isAdmin,
             pid,
             cid,
         ]);
author	LarsVomMars	2021-01-29 15:17:13 +0100
committer	LarsVomMars	2021-01-29 15:17:13 +0100
commit	d935eec6d32a8706f4190e241b284c19ca8fc073 (patch)
tree	00c113a8a3e71d820da17cd81decb37a32de1a17
parent	ce7c01ed413c5aaec36bbab0da601118855d1c16 (diff)