From 8f3caccce2a88dd5db6521ab28ccd88f16217c74 Mon Sep 17 00:00:00 2001 From: "Jill \"oatmealine\" Monoids" Date: Mon, 2 Jan 2023 17:21:39 +0300 Subject: [PATCH] see your own unlisted levels --- src/endpoints/levels/getLevels.cr | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/src/endpoints/levels/getLevels.cr b/src/endpoints/levels/getLevels.cr index 143faa6..0f3b00b 100644 --- a/src/endpoints/levels/getLevels.cr +++ b/src/endpoints/levels/getLevels.cr @@ -10,8 +10,10 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String { params = URI::Params.parse(body) LOG.debug { params.inspect } + can_see_unlisted = false + # where [...] - queryParams = ["unlisted = 0"] # don't leave the default empty!! + queryParams = [] of String # order by [...] order = "levels.created_at desc" @@ -22,7 +24,8 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String { if searchQuery != "" && params["type"] != "5" if searchQuery.to_i? # we do this to get rid of the initial "unlisted = 0" bit - queryParams = ["levels.id = #{searchQuery.to_i}"] + can_see_unlisted = true + queryParams << "levels.id = #{searchQuery.to_i}" else # no sql injections to see here; clean_char only leaves A-Za-z0-9 intact # todo: make this configurable w/ fuzzy search @@ -115,7 +118,21 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String { order = "likes desc" queryParams << "levels.created_at > \"#{(Time.utc - 7.days).to_s(Format::TIME_FORMAT)}\"" when "5" # made by user - queryParams << "levels.user_id = #{searchQuery.to_i}" # (you can't sql inject with numbers) + if params["local"] == "1" + user_id, account_id = Accounts.auth(params) + if !(user_id && account_id) + return "-1" + end + + if user_id == searchQuery.to_i + can_see_unlisted = true + queryParams << "levels.user_id = #{searchQuery.to_i}" + else + return "-1" + end + else + queryParams << "levels.user_id = #{searchQuery.to_i}" # (you can't sql inject with numbers) + end when "6", "17" # featured (gdw is 17) # todo: order by feature date queryParams << "featured = 1" @@ -143,6 +160,10 @@ CrystalGauntlet.endpoints["/getGJLevels21.php"] = ->(body : String): String { # todo end + if !can_see_unlisted + queryParams << "unlisted = 0" + end + where_str = "where (#{queryParams.join(") and (")})" # todo: switch join users to left join to avoid losing levels to the shadow realm after a user vanishes query_base = "from levels join users on levels.user_id = users.id left join map_pack_links on map_pack_links.level_id = levels.id #{where_str} order by #{order}"