walamana/minis-data-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validating group ids in ministranten route and retrived the latest group id if query param "group" is set to -1

Browse Source 
Signed-off-by: walamana <joniogerg@gmail.com>
This commit is contained in:
walamana 2018-08-23 15:59:43 +02:00
parent b6e26097a4
commit 6a593ae271
1 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app.js
View File

@ -208,7 +208,22 @@ app.get("/groups", (req, res) => {
app.get("/ministranten", (req, res) =>{ app.get("/ministranten", (req, res) =>{
tokenIsValid(req.cookies.user, req.cookies.loginToken).then(valid => { tokenIsValid(req.cookies.user, req.cookies.loginToken).then(valid => {
con.query("SELECT `ministranten`.`USERNAME`, `ministranten`.`VORNAME`, `ministranten`.`NACHNAME`, `anwesenheit`.`ANWESENHEIT`, `anwesenheit`.`gottesdienst_ID` FROM `ministranten` LEFT JOIN `anwesenheit` ON `anwesenheit`.`USERNAME` = `ministranten`.`USERNAME`, `gottesdienst` WHERE `gottesdienst`.`ID` = `anwesenheit`.`gottesdienst_ID` AND `gottesdienst`.`gruppe_ID` = " + req.query.group + " ORDER BY `ministranten`.`NACHNAME`, `ministranten`.`VORNAME`, `anwesenheit`.`gottesdienst_ID` DESC LIMIT 30", (err, results) => { con.query("SELECT * FROM `gruppe` ORDER BY `gruppe`.`START` DESC", (err, groupResults) => {
var groupID = req.query.group;
if(groupID == -1){
groupID = groupResults[0]["ID"];
}else{
var valid = false;
for(let id of groupResults){
if(id.ID == groupID){
valid = true;
}
}
if(!valid){
res.send("{error: 'Invalid group id'}");
}
}
con.query("SELECT `ministranten`.`USERNAME`, `ministranten`.`VORNAME`, `ministranten`.`NACHNAME`, `anwesenheit`.`ANWESENHEIT`, `anwesenheit`.`gottesdienst_ID` FROM `ministranten` LEFT JOIN `anwesenheit` ON `anwesenheit`.`USERNAME` = `ministranten`.`USERNAME`, `gottesdienst` WHERE `gottesdienst`.`ID` = `anwesenheit`.`gottesdienst_ID` AND `gottesdienst`.`gruppe_ID` = " + groupID + " ORDER BY `ministranten`.`NACHNAME`, `ministranten`.`VORNAME`, `anwesenheit`.`gottesdienst_ID` DESC LIMIT 30", (err, results) => {
if (err) throw err; if (err) throw err;
var minis = []; var minis = [];
@ -235,9 +250,9 @@ app.get("/ministranten", (req, res) =>{
minis.push(curMini); minis.push(curMini);
res.send(JSON.stringify(minis)); res.send(JSON.stringify(minis));
}); });
});
}) })
}); });