bin loading restricted for private bins but unrestricted for public bins
This commit is contained in:
Brian Sakal
+9
-4
@@ -41,11 +41,16 @@ router.post('/load-notes', (req, res)=>{
|
|||||||
|
|
||||||
const load_bin_stmt =
|
const load_bin_stmt =
|
||||||
"SELECT b.id, b.name FROM bin AS b"
|
"SELECT b.id, b.name FROM bin AS b"
|
||||||
|
+" FULL JOIN bin_user AS bu" // we want the bin regardless of whether it has an associated user, hence LEFT JOIN
|
||||||
|
+" ON bu.bin_id = b.id"
|
||||||
|
+" INNER JOIN session AS s"
|
||||||
|
+" ON (bu.bin_id IS NULL) OR (s.id = $2 AND s.user_id = bu.user_id)"
|
||||||
+" WHERE b.id = $1";
|
+" WHERE b.id = $1";
|
||||||
// {bin_id}
|
|
||||||
router.post('/load-bin', (req, res)=>{
|
router.post('/load-bin', (req, res)=>{
|
||||||
const bin_id = req.body.bin_id;
|
const {bin_id, session_id} = req.body;
|
||||||
db.query(load_bin_stmt, [bin_id])
|
// if a bin has no associated user, it's considered public and can be accessed even when not logged-in.
|
||||||
|
// if a bin has an associated user, it can only be accessed by that user
|
||||||
|
db.query(load_bin_stmt, [bin_id, session_id])
|
||||||
.then(result => {
|
.then(result => {
|
||||||
const bin = result.rows[0];
|
const bin = result.rows[0];
|
||||||
// if a bin with given id was found:
|
// if a bin with given id was found:
|
||||||
@@ -53,7 +58,7 @@ router.post('/load-bin', (req, res)=>{
|
|||||||
res.json({success:true, bin:{id:bin.id, name:bin.name}});
|
res.json({success:true, bin:{id:bin.id, name:bin.name}});
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
res.json({success:false, bin:{id:bin_id, name:bin_id}});
|
res.json({success:true, bin:{id:bin_id, name:bin_id}});
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
// {status: 'ok', bin:{id:bin.id}, notes: bin.notes}
|
// {status: 'ok', bin:{id:bin.id}, notes: bin.notes}
|
||||||
|
|||||||
Reference in New Issue
Block a user