From 0b74bc590f9b97dd71d659fc7004e29c3f358bfb Mon Sep 17 00:00:00 2001
From: jeea2 <jeea2@coventry.ac.uk>
Date: Mon, 2 Dec 2019 01:03:34 +0000
Subject: [PATCH] Increase access restriction to basic users

"Upload News" button is hidden from visitors who have not logged in. The
upload function in article.js now receives the username and set it as
the author of the article.
---
 .gitignore                   |  1 -
 index.js                     | 18 +++++++++---------
 modules/article.js           |  6 +++---
 views/articlepage.handlebars | 18 +++++++++---------
 views/homepage.handlebars    |  2 +-
 5 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/.gitignore b/.gitignore
index 568c08d..a146ffa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,6 @@ node_modules/
 coverage/
 screenshots/*
 docs/
-.vscode/
 
 data/
 coverage/
diff --git a/index.js b/index.js
index 203637e..9fdf5f5 100644
--- a/index.js
+++ b/index.js
@@ -37,16 +37,14 @@ const dbName = 'database.db'
 router.get('/', async ctx => {
 	try {
 		const article = await new Article(dbName)
-		let data = await article.getReleased()
+		const data = await article.search(ctx.query)
+		const numOfResults = data.length
 		if(ctx.session.authorised === true) {
+			const loggedIn = true
 			const user = await new User(dbName)
 			const userData = await user.getUser(ctx.session.user)
-			await ctx.render('homepage', {articles: data, user: userData})
-		} else await ctx.render('homepage', {articles: data})
-		await ctx.render('homepage', {articles: data})
-		data = await article.search(ctx.query)
-		const numOfResults = data.length
-		await ctx.render('homepage', {articles: data, query: ctx.query.q, num: numOfResults})
+			await ctx.render('homepage', {articles: data, user: userData, query: ctx.query.q, num: numOfResults, loggedIn: loggedIn})
+		} else await ctx.render('homepage', {articles: data, query: ctx.query.q, num: numOfResults})
 	} catch(err) {
 		console.error(err.message)
 		await ctx.render('error', {message: err.message})
@@ -58,7 +56,9 @@ router.get('/articles/:id', async ctx => {
 		const id = ctx.params.id
 		const article = await new Article(dbName)
 		const data = await article.get(id)
-		await ctx.render('articlepage', data)
+		const loggedIn = true
+		if(ctx.session.authorised) await ctx.render('articlepage', {article: data, loggedIn: loggedIn})
+		else await ctx.render('articlepage', data)
 	} catch(err) {
 		ctx.body = err.message
 		console.log(err)
@@ -200,7 +200,7 @@ router.post('/upload', koaBody, async ctx => {
 		const body = ctx.request.body
 		console.log(body)
 		const article = await new Article(dbName)
-		const id = await article.upload(body.title, body.summary, body.content, body.tag)
+		const id = await article.upload(body.title, body.summary, body.content, body.tag, ctx.session.user)
 		console.log(id)
 		const {path, type} = ctx.request.files.image
 		const image = await new Image(dbName)
diff --git a/modules/article.js b/modules/article.js
index 2de0767..a8ef2b4 100644
--- a/modules/article.js
+++ b/modules/article.js
@@ -23,15 +23,15 @@ class Article {
 		})()
 	}
 
-	async upload(title, summary, content, tag) {
+	async upload(title, summary, content, tag, username) {
 		try{
 			if(title === null) throw new Error('Please enter a title for your article')
 			else if(summary === null) throw new Error('Please enter a summary for your article')
 			else if(content === null) throw new Error('Where is the content? Please Enter some text in the content box')
 			const date = await new Date()
 			const fullDate = `${date.getDate()}/${date.getMonth() + 1}/${date.getFullYear()}`
-			let sql = `INSERT INTO Articles(title, summary, content, written_date, tag, released)
-			 VALUES("${title}", "${summary}", "${content}", "${fullDate}", "${tag}", 0)`
+			let sql = `INSERT INTO Articles(title, summary, content, written_date, tag, released, author)
+			 VALUES("${title}", "${summary}", "${content}", "${fullDate}", "${tag}", 0, "${username}")`
 			await this.db.run(sql)
 			sql = 'SELECT last_insert_rowid() as id'
 			const result = await this.db.get(sql)
diff --git a/views/articlepage.handlebars b/views/articlepage.handlebars
index 5075a00..437f82c 100644
--- a/views/articlepage.handlebars
+++ b/views/articlepage.handlebars
@@ -11,7 +11,7 @@
 <body>
 	<nav class="hotbar">
 		<a href="/">HOME</a>
-		<a href="/upload">UPLOAD NEWS</a>
+		{{#if loggedIn}}<a href="/upload">UPLOAD NEWS</a>{{/if}}
   
 		<a href="/logout" class="right">Logout</a>
 		<a href="/login" class="right">Login</a>
@@ -20,17 +20,17 @@
 	</nav>
 	
 	<section class="header">
-		<h1> {{title}} </h1>
+		<h1> {{article.title}} </h1>
 	</section> 
 
 	<article class="card">
-		<h5> {{written_date}} </h5>
-		<img src = "../{{image_url}}" style="height:200px;">
-		<b><p> {{summary}} </p></b>
+		<h5> {{article.written_date}} </h5>
+		<img src = "../{{article.image_url}}" style="height:200px;">
+		<b><p> {{article.summary}} </p></b>
 		<br></br>
-		<p> {{content}} </p>
-		<h5>by {{author}} </h5>
-		<h6>tag: {{tag}}</h6>
+		<p> {{article.content}} </p>
+		<h5>by {{article.author}} </h5>
+		<h6>tag: {{article.tag}}</h6>
 
 		<p>rating:
 		<span class="starRating">
@@ -48,7 +48,7 @@
 	</article>
 
 	<section>
-		<a href = "../edit/{{article_id}}/"><button type ="submit" class="edit-btn" name="edit"> Edit </button></a>
+		<a href = "../edit/{{article.article_id}}/"><button type ="submit" class="edit-btn" name="edit"> Edit </button></a>
 	</section>
 
 	<section class="footer">
diff --git a/views/homepage.handlebars b/views/homepage.handlebars
index 63d8092..6ddf0bf 100644
--- a/views/homepage.handlebars
+++ b/views/homepage.handlebars
@@ -24,7 +24,7 @@
 			</section>
 		</section>
 
-		<a href="/upload">UPLOAD NEWS</a>
+		{{#if loggedIn}} <a href="/upload">UPLOAD NEWS</a> {{/if}}
 		<a href="/logout" class="right">Logout</a>
 		<a href="/login" class="right">Login</a>
 		<a href="/account" class="right">Account</a>