Allow admins to delete quotes

author: LarsVomMars 2020-10-24 21:14:59 +0200
committer: LarsVomMars 2020-10-24 21:14:59 +0200
commit: 823947e52bb9b2d1f2df413e837dd95b16d0b1d2 (patch)
tree: 76ec507de8841c7cee5e2274da4ea455237ff363 /quotes/index.js
parent: 629c97555ff8686e091ad9d9ab0706ad242d941f (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/quotes/index.js b/quotes/index.js
index 0e0717b..7a1a78b 100644
--- a/quotes/index.js
+++ b/quotes/index.js
@@ -22,8 +22,8 @@ app.post("/api/add", checkUser, async (req, res) => {
 
 app.get("/api/list", checkUser, async (req, res) => {
     const quotes = await db.query(
-        "SELECT q.id, a.name, a.middlename, a.surname, q.quote, c.name AS class, (q.user_id = ?) AS owner FROM quotes AS q INNER JOIN users AS a ON author_id = a.id INNER JOIN class AS c ON a.class_id = c.id ORDER BY a.name",
-        [req.session.uid],
+        "SELECT q.id, a.name, a.middlename, a.surname, q.quote, c.name AS class, (q.user_id = ? OR ?) AS owner FROM quotes AS q INNER JOIN users AS a ON author_id = a.id INNER JOIN class AS c ON a.class_id = c.id ORDER BY a.name",
+        [req.session.uid, req.session.isAdmin],
     );
     res.json(quotes);
 });
@@ -31,7 +31,7 @@ app.get("/api/list", checkUser, async (req, res) => {
 app.delete("/api/delete/:id", checkUser, async (req, res) => {
     if (!req.params.id) return res.send("error");
     try {
-        await db.query("DELETE FROM quotes WHERE id = ? AND user_id = ?", [req.params.id, req.session.uid]);
+        await db.query("DELETE FROM quotes WHERE id = ? AND (user_id = ? OR ?)", [req.params.id, req.session.uid, req.session.isAdmin]);
         res.send("ok");
     } catch (e) {
         console.error(e);
author	LarsVomMars	2020-10-24 21:14:59 +0200
committer	LarsVomMars	2020-10-24 21:14:59 +0200
commit	823947e52bb9b2d1f2df413e837dd95b16d0b1d2 (patch)
tree	76ec507de8841c7cee5e2274da4ea455237ff363 /quotes/index.js
parent	629c97555ff8686e091ad9d9ab0706ad242d941f (diff)