From 6a593ae27101f1adb65e7b8c8018281e601a015c Mon Sep 17 00:00:00 2001 From: walamana Date: Thu, 23 Aug 2018 15:59:43 +0200 Subject: [PATCH] Validating group ids in ministranten route and retrived the latest group id if query param "group" is set to -1 Signed-off-by: walamana --- app.js | 65 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/app.js b/app.js index 4b97dba..d6e04f6 100644 --- a/app.js +++ b/app.js @@ -208,36 +208,51 @@ app.get("/groups", (req, res) => { app.get("/ministranten", (req, res) =>{ tokenIsValid(req.cookies.user, req.cookies.loginToken).then(valid => { - con.query("SELECT `ministranten`.`USERNAME`, `ministranten`.`VORNAME`, `ministranten`.`NACHNAME`, `anwesenheit`.`ANWESENHEIT`, `anwesenheit`.`gottesdienst_ID` FROM `ministranten` LEFT JOIN `anwesenheit` ON `anwesenheit`.`USERNAME` = `ministranten`.`USERNAME`, `gottesdienst` WHERE `gottesdienst`.`ID` = `anwesenheit`.`gottesdienst_ID` AND `gottesdienst`.`gruppe_ID` = " + req.query.group + " ORDER BY `ministranten`.`NACHNAME`, `ministranten`.`VORNAME`, `anwesenheit`.`gottesdienst_ID` DESC LIMIT 30", (err, results) => { - if (err) throw err; - var minis = []; - - var curMini; - for(var i = 0; i < results.length; i++){ - - var result = results[i]; - if(result["USERNAME"] == "admin"){ - continue; - } - if(!curMini || curMini.username != result["USERNAME"]){ - if(curMini != undefined || curMini != null){ - minis.push(curMini); - } - curMini = { - firstname: result["VORNAME"], - lastname: valid ? result["NACHNAME"] : result["NACHNAME"].substring(0, 1) + ".", - username: result["USERNAME"], - registered: {} + con.query("SELECT * FROM `gruppe` ORDER BY `gruppe`.`START` DESC", (err, groupResults) => { + var groupID = req.query.group; + if(groupID == -1){ + groupID = groupResults[0]["ID"]; + }else{ + var valid = false; + for(let id of groupResults){ + if(id.ID == groupID){ + valid = true; } } - curMini.registered[result["gottesdienst_ID"]] = result["ANWESENHEIT"]; + if(!valid){ + res.send("{error: 'Invalid group id'}"); + } } - minis.push(curMini); - - res.send(JSON.stringify(minis)); + con.query("SELECT `ministranten`.`USERNAME`, `ministranten`.`VORNAME`, `ministranten`.`NACHNAME`, `anwesenheit`.`ANWESENHEIT`, `anwesenheit`.`gottesdienst_ID` FROM `ministranten` LEFT JOIN `anwesenheit` ON `anwesenheit`.`USERNAME` = `ministranten`.`USERNAME`, `gottesdienst` WHERE `gottesdienst`.`ID` = `anwesenheit`.`gottesdienst_ID` AND `gottesdienst`.`gruppe_ID` = " + groupID + " ORDER BY `ministranten`.`NACHNAME`, `ministranten`.`VORNAME`, `anwesenheit`.`gottesdienst_ID` DESC LIMIT 30", (err, results) => { + if (err) throw err; + var minis = []; + + var curMini; + for(var i = 0; i < results.length; i++){ + + var result = results[i]; + if(result["USERNAME"] == "admin"){ + continue; + } + if(!curMini || curMini.username != result["USERNAME"]){ + if(curMini != undefined || curMini != null){ + minis.push(curMini); + } + curMini = { + firstname: result["VORNAME"], + lastname: valid ? result["NACHNAME"] : result["NACHNAME"].substring(0, 1) + ".", + username: result["USERNAME"], + registered: {} + } + } + curMini.registered[result["gottesdienst_ID"]] = result["ANWESENHEIT"]; + } + minis.push(curMini); - + res.send(JSON.stringify(minis)); + }); }); + }) });