From d935eec6d32a8706f4190e241b284c19ca8fc073 Mon Sep 17 00:00:00 2001
From: LarsVomMars
Date: Fri, 29 Jan 2021 15:17:13 +0100
Subject: Admin fixibus

---
 profile/index.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/profile/index.js b/profile/index.js
index cc0972a..80603c1 100644
--- a/profile/index.js
+++ b/profile/index.js
@@ -120,9 +120,10 @@ app.put("/api/comment", async (req, res) => {
     const { pid, cid, comment } = req.body;
     if (!pid || !comment || !cid) return res.json({ success: false });
     try {
-        await db.query("UPDATE profile_comments SET comment = ? WHERE user_id = ? AND profile_id = ? AND id = ?", [
+        await db.query("UPDATE profile_comments SET comment = ? WHERE (user_id = ? OR ?) AND profile_id = ? AND id = ?", [
             comment,
             req.session.uid,
+            req.session.isAdmin,
             pid,
             cid,
         ]);
@@ -137,8 +138,9 @@ app.delete("/api/comment", async (req, res) => {
     const { pid, cid } = req.body;
     if (!pid || !cid) return res.json({ success: false });
     try {
-        await db.query("DELETE FROM profile_comments WHERE user_id = ? AND profile_id = ? AND id = ?", [
+        await db.query("DELETE FROM profile_comments WHERE (user_id = ? OR ?) AND profile_id = ? AND id = ?", [
             req.session.uid,
+            req.session.isAdmin,
             pid,
             cid,
         ]);
-- 
cgit v1.2.3