|
|
|
@ -41,11 +41,16 @@ router.post('/load-notes', (req, res)=>{
|
|
|
|
|
|
|
|
|
|
|
|
const load_bin_stmt =
|
|
|
|
const load_bin_stmt =
|
|
|
|
"SELECT b.id, b.name FROM bin AS b"
|
|
|
|
"SELECT b.id, b.name FROM bin AS b"
|
|
|
|
|
|
|
|
+" FULL JOIN bin_user AS bu" // we want the bin regardless of whether it has an associated user, hence LEFT JOIN
|
|
|
|
|
|
|
|
+" ON bu.bin_id = b.id"
|
|
|
|
|
|
|
|
+" INNER JOIN session AS s"
|
|
|
|
|
|
|
|
+" ON (bu.bin_id IS NULL) OR (s.id = $2 AND s.user_id = bu.user_id)"
|
|
|
|
+" WHERE b.id = $1";
|
|
|
|
+" WHERE b.id = $1";
|
|
|
|
// {bin_id}
|
|
|
|
|
|
|
|
router.post('/load-bin', (req, res)=>{
|
|
|
|
router.post('/load-bin', (req, res)=>{
|
|
|
|
const bin_id = req.body.bin_id;
|
|
|
|
const {bin_id, session_id} = req.body;
|
|
|
|
db.query(load_bin_stmt, [bin_id])
|
|
|
|
// if a bin has no associated user, it's considered public and can be accessed even when not logged-in.
|
|
|
|
|
|
|
|
// if a bin has an associated user, it can only be accessed by that user
|
|
|
|
|
|
|
|
db.query(load_bin_stmt, [bin_id, session_id])
|
|
|
|
.then(result => {
|
|
|
|
.then(result => {
|
|
|
|
const bin = result.rows[0];
|
|
|
|
const bin = result.rows[0];
|
|
|
|
// if a bin with given id was found:
|
|
|
|
// if a bin with given id was found:
|
|
|
|
@ -53,7 +58,7 @@ router.post('/load-bin', (req, res)=>{
|
|
|
|
res.json({success:true, bin:{id:bin.id, name:bin.name}});
|
|
|
|
res.json({success:true, bin:{id:bin.id, name:bin.name}});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else{
|
|
|
|
else{
|
|
|
|
res.json({success:false, bin:{id:bin_id, name:bin_id}});
|
|
|
|
res.json({success:true, bin:{id:bin_id, name:bin_id}});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
// {status: 'ok', bin:{id:bin.id}, notes: bin.notes}
|
|
|
|
// {status: 'ok', bin:{id:bin.id}, notes: bin.notes}
|
|
|
|
|
Brian Sakal
4 years ago