Skip to content

Commit 03cdfaa

Browse files
jhmullenjhmullen
authored
Merge pull request #288 from Datawheel/develop
Develop
2 parents 7f796a6 + bff9feb commit 03cdfaa

File tree

160 files changed

+1421
-825
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

160 files changed

+1421
-825
lines changed

api/builderRoute.js

Lines changed: 16 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,119 +1,117 @@
11
const multer = require("multer");
22
const path = require("path");
33
const sharp = require("sharp");
4+
const {isAuthenticated, isRole} = require("../tools/api.js");
45

56
module.exports = function(app) {
67

78
const {db} = app.settings;
89

9-
app.get("/api/builder/islands", (req, res) => {
10+
app.get("/api/builder/islands", isRole(1), (req, res) => {
1011

1112
db.islands.findAll({where: req.query}).then(u => {
1213
res.json(u).end();
1314
});
1415

1516
});
1617

17-
app.post("/api/builder/islands/save", (req, res) => {
18+
app.post("/api/builder/islands/save", isRole(1), (req, res) => {
1819

1920
db.islands.update(req.body, {where: {id: req.body.id}}).then(u => {
2021
res.json(u).end();
2122
});
2223

2324
});
2425

25-
app.post("/api/builder/islands/new", (req, res) => {
26+
app.post("/api/builder/islands/new", isRole(1), (req, res) => {
2627

2728
db.islands.create(req.body).then(u => {
2829
res.json(u).end();
2930
});
3031

3132
});
3233

33-
app.delete("/api/builder/islands/delete", (req, res) => {
34+
app.delete("/api/builder/islands/delete", isRole(1), (req, res) => {
3435

3536
db.islands.destroy({where: {id: req.query.id}}).then(u => {
3637
res.json(u).end();
3738
});
3839

3940
});
4041

41-
app.get("/api/builder/levels", (req, res) => {
42+
app.get("/api/builder/levels", isRole(1), (req, res) => {
4243

4344
db.levels.findAll({where: {lid: req.query.lid}}).then(u => {
4445
res.json(u).end();
4546
});
4647

4748
});
4849

49-
app.post("/api/builder/levels/save", (req, res) => {
50+
app.post("/api/builder/levels/save", isRole(1), (req, res) => {
5051

5152
db.levels.update(req.body, {where: {id: req.body.id}}).then(u => {
5253
res.json(u).end();
5354
});
5455

5556
});
5657

57-
app.post("/api/builder/levels/new", (req, res) => {
58+
app.post("/api/builder/levels/new", isRole(1), (req, res) => {
5859

5960
db.levels.create(req.body).then(u => {
6061
res.json(u).end();
6162
});
6263

6364
});
6465

65-
app.get("/api/builder/levels/all", (req, res) => {
66+
app.get("/api/builder/levels/all", isRole(1), (req, res) => {
6667

6768
db.levels.findAll({where: req.query}).then(u => {
6869
res.json(u).end();
6970
});
7071

7172
});
7273

73-
app.delete("/api/builder/levels/delete", (req, res) => {
74+
app.delete("/api/builder/levels/delete", isRole(1), (req, res) => {
7475

7576
db.levels.destroy({where: {id: req.query.id}}).then(u => {
7677
res.json(u).end();
7778
});
7879

7980
});
8081

81-
app.get("/api/builder/slides", (req, res) => {
82+
app.get("/api/builder/slides", isRole(1), (req, res) => {
8283

8384
db.slides.findAll({where: {mlid: req.query.mlid}}).then(u => {
8485
res.json(u).end();
8586
});
8687

8788
});
8889

89-
app.get("/api/builder/slides/all", (req, res) => {
90+
app.get("/api/builder/slides/all", isRole(1), (req, res) => {
9091

9192
db.slides.findAll({where: req.query}).then(u => {
9293
res.json(u).end();
9394
});
9495

9596
});
9697

97-
app.post("/api/builder/slides/save", (req, res) => {
98+
app.post("/api/builder/slides/save", isRole(1), (req, res) => {
9899

99100
db.slides.update(req.body, {where: {id: req.body.id}}).then(u => {
100101
res.json(u).end();
101102
});
102103

103104
});
104105

105-
app.post("/api/builder/slides/new", (req, res) => {
106+
app.post("/api/builder/slides/new", isRole(1), (req, res) => {
106107

107108
db.slides.create(req.body).then(u => {
108109
res.json(u).end();
109110
});
110111

111112
});
112113

113-
app.delete("/api/builder/slides/delete", (req, res) => {
114-
115-
/*const q = "delete from slides where slides.id = '" + req.query.id + "'";
116-
db.query(q, {type: db.QueryTypes.DELETE}).then(u => res.json(u).end());*/
114+
app.delete("/api/builder/slides/delete", isRole(1), (req, res) => {
117115

118116
db.slides.destroy({where: {id: req.query.id}}).then(u => {
119117
res.json(u).end();
@@ -140,7 +138,7 @@ module.exports = function(app) {
140138

141139
const imgUpload = upload.single("file");
142140

143-
app.post("/api/slideImgUpload/", (req, res) => {
141+
app.post("/api/slideImgUpload/", isRole(1), (req, res) => {
144142
imgUpload(req, res, err => {
145143
if (err) return res.json({error: err});
146144

api/codeBlocksRoute.js

Lines changed: 28 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -1,108 +1,75 @@
1+
const {isAuthenticated, isRole} = require("../tools/api.js");
2+
13
module.exports = function(app) {
24

35
const {db} = app.settings;
46

5-
app.get("/api/codeBlocks", (req, res) => {
6-
7+
// Used by Island.jsx to get each codeblock by island
8+
app.get("/api/codeBlocks", isAuthenticated, (req, res) => {
79
db.codeblocks.findAll({where: {uid: req.user.id}}).then(u => res.json(u).end());
8-
910
});
1011

12+
// Used by Home.jsx to get hand-picked featured blocks
1113
app.get("/api/codeBlocks/featured", (req, res) => {
12-
1314
const q = "SELECT codeblocks.id, codeblocks.snippetname, codeblocks.studentcontent, codeblocks.status, userprofiles.sharing, (select count(*) FROM likes where likes.likeid = codeblocks.id) AS likes, (select count(*) from reports where reports.status = 'new' AND reports.report_id = codeblocks.id AND reports.type = 'codeblock') as reports, codeblocks.previewblob, codeblocks.lid, codeblocks.uid, users.username FROM codeblocks, users, userprofiles WHERE userprofiles.uid = codeblocks.uid AND users.id = codeblocks.uid AND (codeblocks.id = 863 OR codeblocks.id = 834 OR codeblocks.id = 921 OR codeblocks.id = 30)";
1415
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
15-
16-
});
17-
18-
app.get("/api/codeBlocks/bylid", (req, res) => {
19-
20-
db.codeblocks.findAll({where: {uid: req.user.id, lid: req.query.lid}}).then(u => res.json(u).end());
21-
22-
});
23-
24-
app.get("/api/codeBlocks/byid", (req, res) => {
25-
26-
db.codeblocks.findAll({where: {uid: req.user.id, id: req.query.id}}).then(u => res.json(u).end());
27-
2816
});
2917

30-
app.get("/api/codeBlocks/byuser", (req, res) => {
31-
18+
// Used by UserCodeBlocks.jsx to get codeblock list for profile page
19+
app.get("/api/codeBlocks/byuser", isAuthenticated, (req, res) => {
3220
const id = req.query.uid;
3321
const q = "SELECT codeblocks.id, codeblocks.snippetname, codeblocks.studentcontent, codeblocks.status, userprofiles.sharing, (select count(*) FROM likes where likes.likeid = codeblocks.id) AS likes, (select count(*) from reports where reports.status = 'new' AND reports.report_id = codeblocks.id AND reports.type = 'codeblock') as reports, codeblocks.previewblob, codeblocks.lid, codeblocks.uid, users.username FROM codeblocks, users, userprofiles WHERE codeblocks.uid = userprofiles.uid AND users.id = codeblocks.uid AND users.id = '" + id + "'";
3422
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
35-
3623
});
3724

25+
// Used by Share.jsx to publicly share code
3826
app.get("/api/codeBlocks/byUsernameAndFilename", (req, res) => {
39-
4027
const q = "select codeblocks.id, codeblocks.snippetname, codeblocks.studentcontent, codeblocks.status, userprofiles.sharing, (select count(*) from reports where reports.status = 'new' AND reports.report_id = codeblocks.id AND reports.type = 'codeblock') as reports, codeblocks.likes, codeblocks.previewblob, codeblocks.lid, codeblocks.uid from codeblocks, users, userprofiles where codeblocks.uid = users.id AND users.id = userprofiles.uid AND codeblocks.snippetname = '" + req.query.filename + "' AND users.username = '" + req.query.username + "'";
4128
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
42-
4329
});
4430

45-
// todo: maybe change these into a single "upsert"
46-
47-
app.post("/api/codeBlocks/update", (req, res) => {
31+
// Used by Codeblock.jsx to save new Codeblocks
32+
app.post("/api/codeBlocks/new", isAuthenticated, (req, res) => {
33+
db.codeblocks.create({studentcontent: req.body.studentcontent, snippetname: req.body.name, uid: req.body.uid, lid: req.body.iid})
34+
.then(u => res.json(u).end());
35+
});
4836

37+
// Used by CodeBlock.jsx to update the CodeBlock Test
38+
app.post("/api/codeBlocks/update", isAuthenticated, (req, res) => {
4939
db.codeblocks.update({studentcontent: req.body.studentcontent, snippetname: req.body.name}, {where: {uid: req.body.uid, lid: req.body.iid}})
5040
.then(u => res.json(u).end());
51-
5241
});
5342

54-
app.post("/api/codeBlocks/setstatus", (req, res) => {
43+
// Used by ReportBox and ReportViewer to ban codeblocks, Admin Only
44+
app.post("/api/codeBlocks/setstatus", isRole(2), (req, res) => {
5545
const {status, id} = req.body;
56-
57-
/*
58-
if (status === "banned") {
59-
const studentcontent = "";
60-
db.codeblocks.update({status, studentcontent}, {where: {id}}).then(u => res.json(u).end());
61-
}
62-
else {
63-
db.codeblocks.update({status}, {where: {id}}).then(u => res.json(u).end());
64-
}
65-
*/
66-
67-
db.codeblocks.update({status}, {where: {id}}).then(u => res.json(u).end());
68-
69-
});
70-
71-
app.post("/api/codeBlocks/new", (req, res) => {
72-
73-
db.codeblocks.create({studentcontent: req.body.studentcontent, snippetname: req.body.name, uid: req.body.uid, lid: req.body.iid})
74-
.then(u => res.json(u).end());
75-
46+
db.codeblocks.update({status}, {where: {id}}).then(u => {
47+
db.reports.update({status}, {where: {type: "codeblock", report_id: id}}).then(() => res.json(u).end());
48+
});
7649
});
7750

78-
app.get("/api/codeBlocks/allbylid", (req, res) => {
79-
51+
// Used by Level.jsx to fetch ALL codeblocks for this level (so students can browse)
52+
app.get("/api/codeBlocks/allbylid", isAuthenticated, (req, res) => {
8053
const q = "SELECT codeblocks.id, codeblocks.snippetname, codeblocks.studentcontent, codeblocks.status, userprofiles.sharing, (select count(*) FROM likes where likes.likeid = codeblocks.id) AS likes, (select count(*) from reports where reports.status = 'new' AND reports.report_id = codeblocks.id AND reports.type = 'codeblock') as reports, codeblocks.previewblob, codeblocks.lid, codeblocks.uid, users.username FROM codeblocks, users, userprofiles WHERE userprofiles.uid = codeblocks.uid AND users.id = codeblocks.uid AND codeblocks.lid = '" + req.query.lid + "'";
8154
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
82-
83-
// db.codeblocks.findAll({where: {uid: {$not: req.user.id}, lid: req.query.lid}}).then(u => res.json(u).end());
84-
8555
});
8656

87-
app.get("/api/codeBlocks/all", (req, res) => {
88-
57+
// Used by CodeBlockList.jsx to get ALL codeblocks (for the sidebar in Studio)
58+
app.get("/api/codeBlocks/all", isAuthenticated, (req, res) => {
8959
const q = "SELECT codeblocks.id, codeblocks.snippetname, codeblocks.studentcontent, codeblocks.status, userprofiles.sharing, (select count(*) FROM likes where likes.likeid = codeblocks.id) AS likes, (select count(*) from reports where reports.status = 'new' AND reports.report_id = codeblocks.id AND reports.type = 'codeblock') as reports, codeblocks.previewblob, codeblocks.lid, codeblocks.uid, users.username FROM codeblocks, users, userprofiles WHERE userprofiles.uid = codeblocks.uid AND users.id = codeblocks.uid";
9060
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
91-
9261
});
9362

94-
app.get("/api/codeBlocks/allgeos", (req, res) => {
95-
63+
// Not currently used
64+
app.get("/api/codeBlocks/allgeos", isAuthenticated, (req, res) => {
9665
const q = "SELECT * FROM geos WHERE sumlevel = 'MUNICIPALITY' AND substring(id, 1, 3) = '4mg' ORDER BY name";
9766
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
98-
9967
});
10068

101-
app.get("/api/codeBlocks/allschools", (req, res) => {
102-
69+
// Not currently used
70+
app.get("/api/codeBlocks/allschools", isAuthenticated, (req, res) => {
10371
const q = "SELECT DISTINCT name FROM schools ORDER BY name";
10472
db.query(q, {type: db.QueryTypes.SELECT}).then(u => res.json(u).end());
105-
10673
});
10774

10875
};

api/islandsRoute.js

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,52 +1,48 @@
1+
const {isAuthenticated, isRole} = require("../tools/api.js");
12
const translate = require("../tools/translate.js");
23

34
module.exports = function(app) {
45

56
const {db} = app.settings;
67

8+
// Used in App, Home, Level, UserCodeBlocks and CodeBlockList to retrieve all islands
79
app.get("/api/islands", (req, res) => {
8-
910
db.islands.findAll({where: req.query}).then(u => {
1011
u = translate(req.headers.host, "pt", u);
1112
res.json(u).end();
1213
});
13-
1414
});
1515

16-
app.get("/api/levels", (req, res) => {
17-
16+
// Used in Level and Slide to get specific level by lid
17+
app.get("/api/levels", isAuthenticated, (req, res) => {
1818
db.levels.findAll({where: {lid: req.query.lid}}).then(u => {
1919
u = translate(req.headers.host, "pt", u);
2020
res.json(u).end();
2121
});
22-
2322
});
2423

25-
app.get("/api/levels/all", (req, res) => {
26-
27-
db.levels.findAll({where: req.query}).then(u => {
24+
// Used by Slide to get all slides for a given mlid (level id)
25+
app.get("/api/slides", isAuthenticated, (req, res) => {
26+
db.slides.findAll({where: {mlid: req.query.mlid}}).then(u => {
2827
u = translate(req.headers.host, "pt", u);
2928
res.json(u).end();
3029
});
31-
3230
});
3331

34-
app.get("/api/slides", (req, res) => {
35-
36-
db.slides.findAll({where: {mlid: req.query.mlid}}).then(u => {
32+
// Deprecated by builderRoute
33+
app.get("/api/levels/all", isRole(1), (req, res) => {
34+
db.levels.findAll({where: req.query}).then(u => {
3735
u = translate(req.headers.host, "pt", u);
3836
res.json(u).end();
3937
});
40-
4138
});
4239

43-
app.get("/api/slides/all", (req, res) => {
44-
40+
// Deprecated by builderRoute
41+
app.get("/api/slides/all", isRole(1), (req, res) => {
4542
db.slides.findAll({where: req.query}).then(u => {
4643
u = translate(req.headers.host, "pt", u);
4744
res.json(u).end();
4845
});
49-
5046
});
5147

5248
};

api/likesRoute.js

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,22 @@
1+
const {isAuthenticated, isRole} = require("../tools/api.js");
2+
13
module.exports = function(app) {
24

35
const {db} = app.settings;
46

5-
app.get("/api/likes/byid", (req, res) => {
6-
7+
/*
8+
app.get("/api/likes/byid", isAuthenticated, (req, res) => {
79
db.likes.findAll({where: {likeid: req.query.id}}).then(u => res.json(u).end());
8-
910
});
11+
*/
1012

11-
app.get("/api/likes", (req, res) => {
12-
13+
// Used by Level, CodeBlockList, and UserCodeblocks to get like counts
14+
app.get("/api/likes", isAuthenticated, (req, res) => {
1315
db.likes.findAll({where: {uid: req.user.id}}).then(u => res.json(u).end());
14-
1516
});
1617

17-
app.post("/api/likes/save", (req, res) => {
18+
// Used by CodeBlockCard to actually process the like
19+
app.post("/api/likes/save", isAuthenticated, (req, res) => {
1820
const uid = req.user.id;
1921
const {liked, likeid} = req.body;
2022

0 commit comments

Comments
 (0)