aboutsummaryrefslogtreecommitdiff
path: root/poll/index.js
diff options
context:
space:
mode:
Diffstat (limited to 'poll/index.js')
-rw-r--r--poll/index.js48
1 files changed, 33 insertions, 15 deletions
diff --git a/poll/index.js b/poll/index.js
index 809ab44..84af052 100644
--- a/poll/index.js
+++ b/poll/index.js
@@ -6,35 +6,53 @@ const { checkUser } = require("../auth");
app.use("/", checkUser, express.static(__dirname + "/public"));
app.post("/api/answer", checkUser, async (req, res) => {
- if (!req.body.answer || !req.body.question) return res.send("error");
+ if (!req.body.answer || !req.body.question || !req.query.type) return res.send("error");
if (req.body.answer == req.session.uid) return res.send("error");
try {
- const user_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [req.session.uid]))[0].class_id;
- const answer_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [parseInt(req.body.answer)]))[0]
- .class_id;
- if (user_class != answer_class) return res.send("error");
+ if (req.query.type == "pupil") {
+ const user_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [req.session.uid]))[0]
+ .class_id;
+ const answer_class = (
+ await db.query("SELECT class_id FROM users WHERE id = ?", [parseInt(req.body.answer)])
+ )[0].class_id;
+ if (user_class != answer_class) return res.send("error");
+ } else if (req.query.type == "teacher") {
+ const answer_type = (
+ await db.query(
+ "SELECT t.name FROM users AS u INNER JOIN types AS t ON u.type_id = t.id WHERE u.id = ?",
+ [parseInt(req.body.answer)],
+ )
+ )[0].name;
+ if (answer_type != "teacher") return res.send("error");
+ } else {
+ return res.send("error");
+ }
await db.query("INSERT INTO ranking_answers (question_id, user_id, answer_id) VALUE (?,?,?)", [
parseInt(req.body.question),
req.session.uid,
parseInt(req.body.answer),
]);
- res.redirect("/poll");
+ res.redirect("/poll?type=" + req.query.type);
} catch (e) {
console.error(e);
- res.json("error");
+ res.send("error");
}
});
app.get("/api/get", checkUser, async (req, res) => {
- // TODO: Add teacher questions
- const question = (
- await db.query(
- "SELECT q.id, q.question, t.name FROM ranking_questions AS q INNER JOIN types AS t ON type_id = t.id WHERE q.id NOT IN (SELECT question_id FROM ranking_answers WHERE user_id = ?) AND t.name = 'pupil' LIMIT 1",
- [req.session.uid],
- )
- )[0];
- res.json(question);
+ try {
+ const question = (
+ await db.query(
+ "SELECT q.id, q.question, t.name FROM ranking_questions AS q INNER JOIN types AS t ON type_id = t.id WHERE q.id NOT IN (SELECT question_id FROM ranking_answers WHERE user_id = ?) AND t.name = ? LIMIT 1",
+ [req.session.uid, req.query.type],
+ )
+ )[0];
+ res.json(question);
+ } catch (e) {
+ console.error(e);
+ res.send("error");
+ }
});
module.exports = app;