diff --git a/questions.go b/questions.go index 9895922..9d20f4e 100644 --- a/questions.go +++ b/questions.go @@ -33,7 +33,7 @@ func declareAPIAuthQuestionsRoutes(router *gin.RouterGroup) { c.JSON(http.StatusOK, questions) } } else { - if !s.Shown && !u.IsAdmin { + if (!s.Shown || s.Direct != nil) && !u.IsAdmin { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "Not accessible"}) return } @@ -67,7 +67,7 @@ func declareAPIAuthQuestionsRoutes(router *gin.RouterGroup) { return } - if !(s.Shown || (s.Direct != nil && *s.Direct == q.Id)) { + if !s.Shown || (s.Direct != nil && *s.Direct != q.Id) { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "Not authorized"}) return } diff --git a/responses.go b/responses.go index 9e0e809..e203106 100644 --- a/responses.go +++ b/responses.go @@ -47,7 +47,7 @@ func declareAPIAuthResponsesRoutes(router *gin.RouterGroup) { } for _, response := range responses { - if !uauth.IsAdmin && !s.Shown && (s.Corrected || s.Direct == nil || *s.Direct != response.IdQuestion) { + if !uauth.IsAdmin && (!s.Shown || s.Corrected || (s.Direct != nil && *s.Direct != response.IdQuestion)) { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "Cette question n'est pas disponible"}) return } else if len(response.Answer) > 0 { diff --git a/surveys.go b/surveys.go index b27c8b5..1c907e8 100644 --- a/surveys.go +++ b/surveys.go @@ -22,12 +22,12 @@ func declareAPISurveysRoutes(router *gin.RouterGroup) { var response []*Survey var err error if u == nil { - response, err = getSurveys(fmt.Sprintf("WHERE (shown = TRUE OR direct IS NOT NULL) AND NOW() > start_availability AND promo = %d ORDER BY start_availability ASC", currentPromo)) + response, err = getSurveys(fmt.Sprintf("WHERE shown = TRUE AND NOW() > start_availability AND promo = %d ORDER BY start_availability ASC", currentPromo)) } else if u.IsAdmin { response, err = getSurveys("ORDER BY promo DESC, start_availability ASC") } else { var surveys []*Survey - surveys, err = getSurveys(fmt.Sprintf("WHERE (shown = TRUE OR direct IS NOT NULL) AND promo = %d ORDER BY start_availability ASC", u.Promo)) + surveys, err = getSurveys(fmt.Sprintf("WHERE shown = TRUE AND promo = %d ORDER BY start_availability ASC", u.Promo)) if err == nil { for _, s := range surveys { if s.Group == "" || strings.Contains(u.Groups, ","+s.Group+",") { diff --git a/ui/src/components/SurveyList.svelte b/ui/src/components/SurveyList.svelte index e681d97..9020db9 100644 --- a/ui/src/components/SurveyList.svelte +++ b/ui/src/components/SurveyList.svelte @@ -54,7 +54,7 @@ {:then surveys} {#each surveys as survey, sid (survey.kind + survey.id)} - {#if (survey.shown || survey.direct != null || ($user && $user.is_admin)) && (!$user || (!$user.was_admin || $user.promo == survey.promo) || $user.is_admin)} + {#if (survey.shown || survey.direct == null || ($user && $user.is_admin)) && (!$user || (!$user.was_admin || $user.promo == survey.promo) || $user.is_admin)} {#if $user && $user.is_admin && (sid == 0 || surveys[sid-1].promo != survey.promo)} diff --git a/works.go b/works.go index 9bce582..13d93a7 100644 --- a/works.go +++ b/works.go @@ -59,11 +59,11 @@ func declareAPIWorksRoutes(router *gin.RouterGroup) { var works []*OneWork var err error if u == nil { - works, err = allWorks(fmt.Sprintf("WHERE (shown = TRUE OR direct IS NOT NULL) AND NOW() > start_availability AND promo = %d ORDER BY start_availability ASC, end_availability ASC", currentPromo)) + works, err = allWorks(fmt.Sprintf("WHERE shown = TRUE AND NOW() > start_availability AND promo = %d ORDER BY start_availability ASC, end_availability ASC", currentPromo)) } else if u.IsAdmin { works, err = allWorks("ORDER BY promo DESC, start_availability ASC") } else { - works, err = allWorks(fmt.Sprintf("WHERE (shown = TRUE OR direct IS NOT NULL) AND promo = %d ORDER BY start_availability ASC, end_availability ASC", u.Promo)) + works, err = allWorks(fmt.Sprintf("WHERE shown = TRUE AND promo = %d ORDER BY start_availability ASC, end_availability ASC", u.Promo)) } if err != nil {