From 87a51c5b6e2d271ef01acd5c7ae77db8ed5a1f62 Mon Sep 17 00:00:00 2001
From: klaas <klaas@boergmann.it>
Date: Thu, 4 Jul 2024 23:07:09 +0200
Subject: [PATCH] =?UTF-8?q?Anwesenheit=20und=20Spiel=20speichern=20und=20T?=
 =?UTF-8?q?eilnehmerliste=20=20nur=20f=C3=BCr=20Admins?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.js                    |  4 ++--
 views/partials/header.ejs |  3 +++
 views/trainings.ejs       | 10 ++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/app.js b/app.js
index 43dc356..d3f1903 100644
--- a/app.js
+++ b/app.js
@@ -653,7 +653,7 @@ app.get('/riege', requireAuth, async (req, res) => {
   }
 });
 
-app.get('/teilnehmer', requireAuth, async (req, res) => {
+app.get('/teilnehmer', requireAuth, requireAdmin, async (req, res) => {
   try {
     const teilnehmendeResult = await pool.query('SELECT * FROM teilnehmende ORDER BY helfer DESC, vorname ASC');
 
@@ -670,7 +670,7 @@ app.get('/teilnehmer', requireAuth, async (req, res) => {
   }
 });
 
-app.get('/mitglied/:id', requireAuth, async (req, res) => {
+app.get('/mitglied/:id', requireAuth, requireAdmin, async (req, res) => {
   const { id } = req.params;
   try {
     var riege = 0;
diff --git a/views/partials/header.ejs b/views/partials/header.ejs
index 911fedf..69c8a99 100644
--- a/views/partials/header.ejs
+++ b/views/partials/header.ejs
@@ -24,9 +24,12 @@
             <li class="nav-item">
               <a class="nav-link" href="/riege">Riegen</a>
             </li>
+            <% if (session && session.role === 'admin') { %>
             <li class="nav-item">
               <a class="nav-link" href="/teilnehmer">Teilnehmende</a>
             </li>
+            <% } %>
+
             <li class="nav-item">
               <a class="nav-link" href="/profile">Profil</a>
             </li>
diff --git a/views/trainings.ejs b/views/trainings.ejs
index f27ff72..78bd045 100644
--- a/views/trainings.ejs
+++ b/views/trainings.ejs
@@ -52,7 +52,9 @@
               <option value="<%= candidate.id %>"><%= candidate.name %> (<%= Math.floor(candidate.weeks_since_last) %> Wochen)</option>
             <% }) %>
           </select>
+          <% if (session && session.role === 'admin') { %>
           <button type="submit">Speichern</button>
+          <% } %>
         </form></p>
       <% } %>
       
@@ -70,7 +72,9 @@
               <% }) %>
           </datalist>
           <input list="spiele" id="spielName" name="spielName">
+          <% if (session && session.role === 'admin') { %>
             <button type="submit">Speichern</button>
+            <% } %>
           </form></p>
         <% } %>
   </div>
@@ -90,7 +94,9 @@
               <option value="<%= candidate.id %>"><%= candidate.name %> (<%= Math.floor(candidate.weeks_since_last) %> Wochen)</option>
             <% }) %>
           </select>
+          <% if (session && session.role === 'admin') { %>
           <button type="submit">Speichern</button>
+          <% } %>
         </form></p>
       <% } %>
 
@@ -110,7 +116,9 @@
             <% }) %>
         </datalist>
         <input list="spiele" id="spielName" name="spielName">
+        <% if (session && session.role === 'admin') { %>
             <button type="submit">Speichern</button>
+            <% } %>
           </form>
 
         <% } %>
@@ -157,7 +165,9 @@
     </table>
     <input type="hidden" name="trainingId" value="<%= training.id %>">
     <input type="hidden" name="riege" value="<%= riegennummer %>">
+    <% if (session && session.role === 'admin') { %>
       <button type="submit">Speichern</button>
+      <% } %>
     </form>
     </div>
   <% }) %>