Validating group ids in ministranten route and retrived the latest group id if query param "group" is set to -1

Signed-off-by: walamana <joniogerg@gmail.com>
2018-08-23 15:59:43 +02:00 · 2018-08-23 15:59:43 +02:00 · 6a593ae271
commit 6a593ae271
parent b6e26097a4
1 changed files with 40 additions and 25 deletions
--- a/app.js
+++ b/app.js
@ -208,7 +208,22 @@ app.get("/groups", (req, res) => {

 app.get("/ministranten", (req, res) =>{
    tokenIsValid(req.cookies.user, req.cookies.loginToken).then(valid => {
-        con.query("SELECT `ministranten`.`USERNAME`, `ministranten`.`VORNAME`, `ministranten`.`NACHNAME`, `anwesenheit`.`ANWESENHEIT`, `anwesenheit`.`gottesdienst_ID` FROM `ministranten` LEFT JOIN `anwesenheit` ON `anwesenheit`.`USERNAME` = `ministranten`.`USERNAME`, `gottesdienst` WHERE `gottesdienst`.`ID` = `anwesenheit`.`gottesdienst_ID` AND `gottesdienst`.`gruppe_ID` = " + req.query.group + " ORDER BY `ministranten`.`NACHNAME`, `ministranten`.`VORNAME`, `anwesenheit`.`gottesdienst_ID` DESC LIMIT 30", (err, results) => {
+        con.query("SELECT * FROM `gruppe` ORDER BY `gruppe`.`START` DESC", (err, groupResults) => {
+            var groupID = req.query.group;
+            if(groupID == -1){
+                groupID = groupResults[0]["ID"];
+            }else{
+                var valid = false;
+                for(let id of groupResults){
+                    if(id.ID == groupID){
+                        valid = true;
+                    }
+                }
+                if(!valid){
+                    res.send("{error: 'Invalid group id'}");
+                }
+            }
+            con.query("SELECT `ministranten`.`USERNAME`, `ministranten`.`VORNAME`, `ministranten`.`NACHNAME`, `anwesenheit`.`ANWESENHEIT`, `anwesenheit`.`gottesdienst_ID` FROM `ministranten` LEFT JOIN `anwesenheit` ON `anwesenheit`.`USERNAME` = `ministranten`.`USERNAME`, `gottesdienst` WHERE `gottesdienst`.`ID` = `anwesenheit`.`gottesdienst_ID` AND `gottesdienst`.`gruppe_ID` = " + groupID + " ORDER BY `ministranten`.`NACHNAME`, `ministranten`.`VORNAME`, `anwesenheit`.`gottesdienst_ID` DESC LIMIT 30", (err, results) => {
                if (err) throw err;
                var minis = [];
                
@ -235,9 +250,9 @@ app.get("/ministranten", (req, res) =>{
                minis.push(curMini);
            
                res.send(JSON.stringify(minis));
-            
-
            });
+        });
+        
    })
        
 });