hardcoded superadmin

author: Marvin Borner 2021-01-29 19:13:56 +0100
committer: Marvin Borner 2021-01-29 19:13:56 +0100
commit: ad8fded3d0e65d4e1c774d5da83e12030c9bf47c (patch)
tree: f014ee3d343ab68f5306ecdb35f769b770bc5b87 /quotes/index.js
parent: 50e6849899afa53c542aa878cc86c395b518982f (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/quotes/index.js b/quotes/index.js
index 7a1a78b..179564f 100644
--- a/quotes/index.js
+++ b/quotes/index.js
@@ -23,7 +23,7 @@ app.post("/api/add", checkUser, async (req, res) => {
 app.get("/api/list", checkUser, async (req, res) => {
     const quotes = await db.query(
         "SELECT q.id, a.name, a.middlename, a.surname, q.quote, c.name AS class, (q.user_id = ? OR ?) AS owner FROM quotes AS q INNER JOIN users AS a ON author_id = a.id INNER JOIN class AS c ON a.class_id = c.id ORDER BY a.name",
-        [req.session.uid, req.session.isAdmin],
+        [req.session.uid, req.session.isSuperAdmin || false],
     );
     res.json(quotes);
 });
@@ -31,7 +31,11 @@ app.get("/api/list", checkUser, async (req, res) => {
 app.delete("/api/delete/:id", checkUser, async (req, res) => {
     if (!req.params.id) return res.send("error");
     try {
-        await db.query("DELETE FROM quotes WHERE id = ? AND (user_id = ? OR ?)", [req.params.id, req.session.uid, req.session.isAdmin]);
+        await db.query("DELETE FROM quotes WHERE id = ? AND (user_id = ? OR ?)", [
+            req.params.id,
+            req.session.uid,
+            req.session.isSuperAdmin || false,
+        ]);
         res.send("ok");
     } catch (e) {
         console.error(e);
author	Marvin Borner	2021-01-29 19:13:56 +0100
committer	Marvin Borner	2021-01-29 19:13:56 +0100
commit	ad8fded3d0e65d4e1c774d5da83e12030c9bf47c (patch)
tree	f014ee3d343ab68f5306ecdb35f769b770bc5b87 /quotes/index.js
parent	50e6849899afa53c542aa878cc86c395b518982f (diff)