From 609bcf4e54d1c6614656a646f01d890b071a2866 Mon Sep 17 00:00:00 2001 From: JPW03 <03.jamie.w@googlemail.com> Date: Wed, 23 Aug 2023 11:54:07 +0100 Subject: [PATCH] Reworked page authorization to use locals/hooks --- .../tournament-page/TournamentTeams.svelte | 2 +- .../(main)/tournaments/[id]/+layout.server.ts | 25 ++++------- .../(main)/tournaments/[id]/+page.svelte | 10 ++--- .../tournaments/[id]/edit/+page.server.ts | 26 +++--------- .../[id]/staff-dashboard/+layout.server.ts | 8 +--- .../[id]/staff-dashboard/matches/+page.svelte | 2 +- .../[id]/teams/[team_id]/+layout.server.ts | 8 ++-- .../[id]/teams/[team_id]/+page.svelte | 41 +++++++++---------- .../[id]/teams/new/+page.server.ts | 13 +++--- 9 files changed, 50 insertions(+), 85 deletions(-) diff --git a/src/lib/components/tournament-page/TournamentTeams.svelte b/src/lib/components/tournament-page/TournamentTeams.svelte index dc1c7f1..eeb0f96 100644 --- a/src/lib/components/tournament-page/TournamentTeams.svelte +++ b/src/lib/components/tournament-page/TournamentTeams.svelte @@ -5,7 +5,7 @@ export let tournament: db.FullyPopulatedTournament; export let editPerms: boolean; - export let sessionUserTeam: db.TeamWithMembers | null; + export let sessionUserTeam: db.TeamWithMembers | undefined; let { team_size, Teams } = tournament; diff --git a/src/routes/(main)/tournaments/[id]/+layout.server.ts b/src/routes/(main)/tournaments/[id]/+layout.server.ts index a644fde..b9f8b9d 100644 --- a/src/routes/(main)/tournaments/[id]/+layout.server.ts +++ b/src/routes/(main)/tournaments/[id]/+layout.server.ts @@ -1,6 +1,6 @@ import type { LayoutServerLoad } from './$types'; import { StatusCodes } from '$lib/StatusCodes'; -import prisma from '../../../../lib/prisma'; +import prisma from '$lib/prisma'; import { error } from '@sveltejs/kit'; export const prerender = 'auto'; @@ -139,24 +139,15 @@ export const load: LayoutServerLoad = async ({ params, locals }) => { const tournament: db.FullyPopulatedTournament = tournamentRaw; - let editPerms = false; const user = locals.user; - let sessionUserTeam = null; - - if (!user) { - return { tournament, editPerms, sessionUserTeam }; - } - - // Get the session user's team - sessionUserTeam = tournament.Teams?.find((team) => - team.Members.find((member) => member.osuId === user.id) - ); - - const hosts = tournament.Hosts.map((x) => x.userId); - if (hosts.includes(user.id)) { - editPerms = true; + // Get the session user's team (only if logged in and playing in tournament) + let sessionUserTeam = undefined; + if (user && locals.perms.playing) { + sessionUserTeam = tournament.Teams?.find((team) => + team.Members.find((member) => member.osuId === user.id) + ); } - return { tournament, editPerms, sessionUserTeam }; + return { tournament, perms: locals.perms, sessionUserTeam }; } diff --git a/src/routes/(main)/tournaments/[id]/+page.svelte b/src/routes/(main)/tournaments/[id]/+page.svelte index 0d60a95..c790332 100644 --- a/src/routes/(main)/tournaments/[id]/+page.svelte +++ b/src/routes/(main)/tournaments/[id]/+page.svelte @@ -4,13 +4,11 @@ import Teams from '$lib/components/tournament-page/TournamentTeams.svelte'; import Matches from '$lib/components/tournament-page/TournamentMatches.svelte'; import Button from '$lib/components/common/LargeButton.svelte'; + import type { LayoutServerData } from './$types'; - export let data: { - tournament: db.FullyPopulatedTournament; - editPerms: boolean; - sessionUserTeam: db.TeamWithMembers | null; - }; - let { tournament, editPerms, sessionUserTeam } = data; + export let data: LayoutServerData; + let { tournament, perms, sessionUserTeam } = data; + let editPerms = perms.edit; let { name, acronym, id, color, team_size } = tournament; diff --git a/src/routes/(main)/tournaments/[id]/edit/+page.server.ts b/src/routes/(main)/tournaments/[id]/edit/+page.server.ts index ebe1c99..9c03ba6 100644 --- a/src/routes/(main)/tournaments/[id]/edit/+page.server.ts +++ b/src/routes/(main)/tournaments/[id]/edit/+page.server.ts @@ -5,15 +5,15 @@ import vine, { errors } from '@vinejs/vine'; import { parseFormData } from 'parse-nested-form-data'; import type { PageServerLoad } from './$types'; -export const load: PageServerLoad = async ({ parent }) => { - const { tournament, user } = await parent(); +export const load: PageServerLoad = async ({ parent, locals }) => { + const { user, perms } = locals; + const { tournament } = await parent(); if (!user) { throw error(StatusCodes.UNAUTHORIZED, 'You are not signed in.'); } - const hosts = tournament.Hosts.map((x) => x.userId); - if (!hosts.includes(user.id)) { + if (!perms.edit) { throw error(StatusCodes.UNAUTHORIZED, 'You do not have permission.'); } @@ -23,7 +23,7 @@ export const load: PageServerLoad = async ({ parent }) => { export const actions: Actions = { save: async ({ locals, request, params }) => { const tournamentId = parseInt(params.id ?? '-1'); - if (!hasEditPermission(tournamentId, locals.user.id)) throw error(StatusCodes.UNAUTHORIZED); + if (locals.perms.edit) throw error(StatusCodes.UNAUTHORIZED); const data = parseFormData(await request.formData()); @@ -69,20 +69,4 @@ export const actions: Actions = { } }; -const hasEditPermission = async (tournament: number, user: number) => { - // Check edit permissions - const permissionCheck = await prisma.tournament.findFirst({ - where: { - id: tournament, - Hosts: { - some: { - userId: user - } - } - } - }); - - return permissionCheck != null; -}; - export const prerender = false; diff --git a/src/routes/(main)/tournaments/[id]/staff-dashboard/+layout.server.ts b/src/routes/(main)/tournaments/[id]/staff-dashboard/+layout.server.ts index 4bf5e95..90284b0 100644 --- a/src/routes/(main)/tournaments/[id]/staff-dashboard/+layout.server.ts +++ b/src/routes/(main)/tournaments/[id]/staff-dashboard/+layout.server.ts @@ -2,12 +2,8 @@ import { error } from "@sveltejs/kit"; import type { LayoutServerLoad } from "./$types"; import { StatusCodes } from "$lib/StatusCodes"; -export const load: LayoutServerLoad = async ({ parent }) => { - const { tournament, editPerms, user } = await parent(); - - if (!editPerms) { +export const load: LayoutServerLoad = async ({ locals }) => { + if (!locals.perms?.edit) { throw error(StatusCodes.UNAUTHORIZED, 'You do not have permission to access this page.'); } - - return { tournament, user }; } \ No newline at end of file diff --git a/src/routes/(main)/tournaments/[id]/staff-dashboard/matches/+page.svelte b/src/routes/(main)/tournaments/[id]/staff-dashboard/matches/+page.svelte index a237947..56c9351 100644 --- a/src/routes/(main)/tournaments/[id]/staff-dashboard/matches/+page.svelte +++ b/src/routes/(main)/tournaments/[id]/staff-dashboard/matches/+page.svelte @@ -10,7 +10,7 @@ let { tournamentName, teams, rounds } = data; let selectedMatch: db.MatchWithTeams | undefined = undefined; - function onDrop(updatedTeams: db.TeamWithMembers[]) { + function onDrop(updatedTeams: db.TeamWithMembersAndMatches[]) { teams = updatedTeams; } diff --git a/src/routes/(main)/tournaments/[id]/teams/[team_id]/+layout.server.ts b/src/routes/(main)/tournaments/[id]/teams/[team_id]/+layout.server.ts index bb6b181..d9fa653 100644 --- a/src/routes/(main)/tournaments/[id]/teams/[team_id]/+layout.server.ts +++ b/src/routes/(main)/tournaments/[id]/teams/[team_id]/+layout.server.ts @@ -2,8 +2,8 @@ import { error } from '@sveltejs/kit'; import type { LayoutServerLoad } from './$types'; import { StatusCodes } from '$lib/StatusCodes'; -export const load: LayoutServerLoad = async ({ params, parent }) => { - const { tournament, user } = await parent(); +export const load: LayoutServerLoad = async ({ params, parent, locals }) => { + const { tournament } = await parent(); // Retrieve team from tournament and params const team = tournament.Teams.find((team) => team.id === parseInt(params.team_id)); @@ -17,8 +17,8 @@ export const load: LayoutServerLoad = async ({ params, parent }) => { // Team captains have a member_order of 0 const isTeamCaptain = team.Members.some( - (member) => member.osuId === user?.id && member.member_order === 0 + (member) => member.osuId === locals.user?.id && member.member_order === 0 ); - return { tournament, user, team, isTeamCaptain }; + return { team, isTeamCaptain }; }; diff --git a/src/routes/(main)/tournaments/[id]/teams/[team_id]/+page.svelte b/src/routes/(main)/tournaments/[id]/teams/[team_id]/+page.svelte index a2fac0f..14bc98b 100644 --- a/src/routes/(main)/tournaments/[id]/teams/[team_id]/+page.svelte +++ b/src/routes/(main)/tournaments/[id]/teams/[team_id]/+page.svelte @@ -4,21 +4,17 @@ import InvitePlayer from '$lib/components/tournament-page/team-page/InvitePlayer.svelte'; import TournamentPageTemplate from '$lib/components/tournament-page/TournamentPageTemplate.svelte'; import MatchList from '$lib/components/common/MatchList.svelte'; - import type { PageServerData, ActionData, LayoutServerData } from './$types'; + import type { PageServerData, ActionData, LayoutServerData, LayoutData } from './$types'; import EditPageSetting from '$lib/components/tournament-page/edit-page/EditPageSetting.svelte'; - export let data: PageServerData & LayoutServerData; + export let data: PageServerData & LayoutServerData & LayoutData; export let form: ActionData; - let { tournament, team, isTeamCaptain } = data; + let { tournament, team, isTeamCaptain, sessionUserTeam } = data; + let { team_size: maxTeamSize } = tournament; let { name, Members, color, InBracketMatches } = team; - let inTeam: boolean = false; - function updateInTeam(memberId: number) { - if (memberId == data.user?.id) { - inTeam = true; - } - return ''; - } + // Check if this team is the current user's team + let inTeam: boolean = (team.id == sessionUserTeam?.id); @@ -32,19 +28,18 @@

- {tournament.team_size == 1 ? 'Player: ' : 'Team: '} + {maxTeamSize == 1 ? 'Player: ' : 'Team: '} {team.name}

- {#if tournament.team_size != 1} + {#if maxTeamSize != 1}

Players

{/if}
{#each Members as member} - {updateInTeam(member.User.id)} {/each}
{#if inTeam && !isTeamCaptain} @@ -62,13 +57,15 @@

Team Settings

- + {#if maxTeamSize != 1} + + {/if} - {#if tournament.team_size != 1 && tournament.allow_registrations} + {#if maxTeamSize != 1 && tournament.allow_registrations}

Team Invites

- {#if team.Members.length < tournament.team_size} + {#if team.Members.length < maxTeamSize} {:else}

Your team is full. You can't invite anymore players.

diff --git a/src/routes/(main)/tournaments/[id]/teams/new/+page.server.ts b/src/routes/(main)/tournaments/[id]/teams/new/+page.server.ts index d6eb0d7..6d24f8c 100644 --- a/src/routes/(main)/tournaments/[id]/teams/new/+page.server.ts +++ b/src/routes/(main)/tournaments/[id]/teams/new/+page.server.ts @@ -5,23 +5,22 @@ import vine, { errors } from '@vinejs/vine'; import { parseFormData } from 'parse-nested-form-data'; import { StatusCodes } from '$lib/StatusCodes'; -export const load: PageServerLoad = async ({ parent }) => { - const { tournament, user, editPerms } = await parent(); +export const load: PageServerLoad = async ({ parent, locals }) => { + const { user, perms } = locals; + const { tournament } = await parent(); + // If user isn't logged in if (!user) { throw error(StatusCodes.UNAUTHORIZED, 'You must log in with osu! to register.'); } // Check if the user has staff permissions for this tournament - if (editPerms) { + if (perms.edit) { throw error(StatusCodes.BAD_REQUEST, 'You can\'t sign up for your own tournament.'); } // Check if this user is already in a team in this tournament - const isInTeam = tournament?.Teams?.find((team) => - team.Members.some((member) => member.osuId === user?.id) - ); - if (isInTeam) { + if (perms.playing) { throw error(StatusCodes.BAD_REQUEST, 'You are already registered in this tournament.'); }