Increase access restriction to basic users

"Upload News" button is hidden from visitors who have not logged in. The upload function in article.js now receives the username and set it as the author of the article.
staplesc · Dec 2, 2019 · 0b74bc590f9b97dd71d659fc7004e29c3f358bfb · 0b74bc5
1 parent f5c6265
commit 0b74bc590f9b97dd71d659fc7004e29c3f358bfb
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 23 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,7 +4,6 @@ node_modules/
 coverage/
 screenshots/*
 docs/
-.vscode/
 
 data/
 coverage/

diff --git a/index.js b/index.js
@@ -37,16 +37,14 @@ const dbName = 'database.db'
 router.get('/', async ctx => {
 	try {
 		const article = await new Article(dbName)
-		let data = await article.getReleased()
+		const data = await article.search(ctx.query)
+		const numOfResults = data.length
 		if(ctx.session.authorised === true) {
+			const loggedIn = true
 			const user = await new User(dbName)
 			const userData = await user.getUser(ctx.session.user)
-			await ctx.render('homepage', {articles: data, user: userData})
-		} else await ctx.render('homepage', {articles: data})
-		await ctx.render('homepage', {articles: data})
-		data = await article.search(ctx.query)
-		const numOfResults = data.length
-		await ctx.render('homepage', {articles: data, query: ctx.query.q, num: numOfResults})
+			await ctx.render('homepage', {articles: data, user: userData, query: ctx.query.q, num: numOfResults, loggedIn: loggedIn})
+		} else await ctx.render('homepage', {articles: data, query: ctx.query.q, num: numOfResults})
 	} catch(err) {
 		console.error(err.message)
 		await ctx.render('error', {message: err.message})
@@ -58,7 +56,9 @@ router.get('/articles/:id', async ctx => {
 		const id = ctx.params.id
 		const article = await new Article(dbName)
 		const data = await article.get(id)
-		await ctx.render('articlepage', data)
+		const loggedIn = true
+		if(ctx.session.authorised) await ctx.render('articlepage', {article: data, loggedIn: loggedIn})
+		else await ctx.render('articlepage', data)
 	} catch(err) {
 		ctx.body = err.message
 		console.log(err)
@@ -200,7 +200,7 @@ router.post('/upload', koaBody, async ctx => {
 		const body = ctx.request.body
 		console.log(body)
 		const article = await new Article(dbName)
-		const id = await article.upload(body.title, body.summary, body.content, body.tag)
+		const id = await article.upload(body.title, body.summary, body.content, body.tag, ctx.session.user)
 		console.log(id)
 		const {path, type} = ctx.request.files.image
 		const image = await new Image(dbName)

diff --git a/modules/article.js b/modules/article.js
@@ -23,15 +23,15 @@ class Article {
 		})()
 	}
 
-	async upload(title, summary, content, tag) {
+	async upload(title, summary, content, tag, username) {
 		try{
 			if(title === null) throw new Error('Please enter a title for your article')
 			else if(summary === null) throw new Error('Please enter a summary for your article')
 			else if(content === null) throw new Error('Where is the content? Please Enter some text in the content box')
 			const date = await new Date()
 			const fullDate = `${date.getDate()}/${date.getMonth() + 1}/${date.getFullYear()}`
-			let sql = `INSERT INTO Articles(title, summary, content, written_date, tag, released)
-			 VALUES("${title}", "${summary}", "${content}", "${fullDate}", "${tag}", 0)`
+			let sql = `INSERT INTO Articles(title, summary, content, written_date, tag, released, author)
+			 VALUES("${title}", "${summary}", "${content}", "${fullDate}", "${tag}", 0, "${username}")`
 			await this.db.run(sql)
 			sql = 'SELECT last_insert_rowid() as id'
 			const result = await this.db.get(sql)

diff --git a/views/articlepage.handlebars b/views/articlepage.handlebars
@@ -11,7 +11,7 @@
 <body>
 	<nav class="hotbar">
 		<a href="/">HOME</a>
-		<a href="/upload">UPLOAD NEWS</a>
+		{{#if loggedIn}}<a href="/upload">UPLOAD NEWS</a>{{/if}}
 
 		<a href="/logout" class="right">Logout</a>
 		<a href="/login" class="right">Login</a>
@@ -20,17 +20,17 @@
 	</nav>
 
 	<section class="header">
-		<h1> {{title}} </h1>
+		<h1> {{article.title}} </h1>
 	</section> 
 
 	<article class="card">
-		<h5> {{written_date}} </h5>
-		<img src = "../{{image_url}}" style="height:200px;">
-		<b><p> {{summary}} </p></b>
+		<h5> {{article.written_date}} </h5>
+		<img src = "../{{article.image_url}}" style="height:200px;">
+		<b><p> {{article.summary}} </p></b>
 		<br></br>
-		<p> {{content}} </p>
-		<h5>by {{author}} </h5>
-		<h6>tag: {{tag}}</h6>
+		<p> {{article.content}} </p>
+		<h5>by {{article.author}} </h5>
+		<h6>tag: {{article.tag}}</h6>
 
 		<p>rating:
 		<span class="starRating">
@@ -48,7 +48,7 @@
 	</article>
 
 	<section>
-		<a href = "../edit/{{article_id}}/"><button type ="submit" class="edit-btn" name="edit"> Edit </button></a>
+		<a href = "../edit/{{article.article_id}}/"><button type ="submit" class="edit-btn" name="edit"> Edit </button></a>
 	</section>
 
 	<section class="footer">

diff --git a/views/homepage.handlebars b/views/homepage.handlebars
@@ -24,7 +24,7 @@
 			</section>
 		</section>
 
-		<a href="/upload">UPLOAD NEWS</a>
+		{{#if loggedIn}} <a href="/upload">UPLOAD NEWS</a> {{/if}}
 		<a href="/logout" class="right">Logout</a>
 		<a href="/login" class="right">Login</a>
 		<a href="/account" class="right">Account</a>