Skip to content

Commit

Permalink
Safety checks (URL and query) on admin sites (#172)
Browse files Browse the repository at this point in the history
pridany check na URL a ze query vratila nieco relevantne na admin stranky
  • Loading branch information
rtrembecky authored Nov 11, 2023
1 parent 51a4b34 commit 825173b
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 19 deletions.
27 changes: 16 additions & 11 deletions src/components/ProblemAdministration/ProblemAdministration.tsx
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import {FormatAlignJustify, Grading} from '@mui/icons-material'
import {Typography} from '@mui/material'
import {useMutation, useQuery} from '@tanstack/react-query'
import axios from 'axios'
import {useRouter} from 'next/router'
Expand All @@ -21,7 +22,11 @@ export const ProblemAdministration: FC = () => {

const problemId = params && params[0]

const {data: problemData, refetch: refetchProblem} = useQuery({
const {
data: problemData,
refetch: refetchProblem,
isLoading: problemIsLoading,
} = useQuery({
queryKey: ['competition', 'problem-administration', problemId],
queryFn: () => axios.get<ProblemWithSolutions>(`/api/competition/problem-administration/${problemId}`),
// router.query.params su v prvom renderi undefined, tak pustime query az so spravnym problemId
Expand All @@ -48,10 +53,6 @@ export const ProblemAdministration: FC = () => {
onSuccess: () => refetchProblem(),
})

const handleSavePoints = async () => {
problemId && uploadPoints(problemId)
}

const updatePoints = (index: number, newPointsInput: string) => {
const newPoints = Number.parseInt(newPointsInput)
// nevalidny input spravi NaN
Expand Down Expand Up @@ -89,23 +90,27 @@ export const ProblemAdministration: FC = () => {
},
})

if (permissionsIsLoading) return <Loading />
if (permissionsIsLoading || problemIsLoading) return <Loading />
if (!hasPermissions) return <span>Nemáš oprávnenie na zobrazenie tejto stránky.</span>
if (problemId === undefined || !problem)
return <Typography>Nevalidné číslo úlohy (problemId) v URL alebo ju proste nevieme fetchnúť z BE.</Typography>

const handleSavePoints = () => uploadPoints(problemId)

return (
<div className={styles.container}>
<h2>Opravovanie {problem?.order}. úlohy</h2>
<h2>Opravovanie {problem.order}. úlohy</h2>

<div className={styles.rightButton}>
<Link href={`/strom/admin/opravovanie/${problem?.series.semester}`}>Späť na semester</Link>
<Link href={`/strom/admin/opravovanie/${problem.series.semester}`}>Späť na semester</Link>
</div>

<Latex>{problem?.text ?? 'Načítavam...'}</Latex>
<Latex>{problem.text ?? 'Načítavam...'}</Latex>

<div className={styles.row}>
Vzorové riešenie:
{problem?.solution_pdf ? (
<a href={problem?.solution_pdf} target="_blank" rel="noreferrer" className={styles.icon}>
{problem.solution_pdf ? (
<a href={problem.solution_pdf} target="_blank" rel="noreferrer" className={styles.icon}>
<FormatAlignJustify />
</a>
) : (
Expand Down
4 changes: 2 additions & 2 deletions src/components/PublicationUploader/PublicationUploader.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import {FileUploader} from '../FileUploader/FileUploader'
interface PublicationUploaderProps {
semesterId: string
order: number
semesterData: SemesterWithProblems | undefined
semesterData: SemesterWithProblems
}

export const PublicationUploader: FC<PublicationUploaderProps> = ({semesterId, order, semesterData}) => {
Expand All @@ -24,7 +24,7 @@ export const PublicationUploader: FC<PublicationUploaderProps> = ({semesterId, o
formData.append('order', order.toString())
}

const publication = semesterData?.publication_set.find((publication) => publication.order === order)
const publication = semesterData.publication_set.find((publication) => publication.order === order)

return (
<Stack direction="row" gap={2} alignItems="center">
Expand Down
14 changes: 8 additions & 6 deletions src/components/SemesterAdministration/SemesterAdministration.tsx
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import {Stack} from '@mui/material'
import {Stack, Typography} from '@mui/material'
import {useQuery} from '@tanstack/react-query'
import axios from 'axios'
import {useRouter} from 'next/router'
Expand Down Expand Up @@ -31,7 +31,7 @@ export const SemesterAdministration: FC = () => {

const {hasPermissions, permissionsIsLoading} = useHasPermissions()

const {data: semesterData} = useQuery({
const {data: semesterData, isLoading: semesterIsLoading} = useQuery({
queryKey: ['competition', 'semester', semesterId],
queryFn: () => axios.get<SemesterWithProblems>(`/api/competition/semester/${semesterId}`),
// router.query.params su v prvom renderi undefined, tak pustime query az so spravnym semesterId
Expand Down Expand Up @@ -74,16 +74,18 @@ export const SemesterAdministration: FC = () => {
)
}

if (permissionsIsLoading) return <Loading />
if (permissionsIsLoading || semesterIsLoading) return <Loading />
if (!hasPermissions) return <span>Nemáš oprávnenie na zobrazenie tejto stránky.</span>
if (semesterId === undefined || !semester)
return <Typography>Nevalidný semester (semesterId) v URL alebo ho proste nevieme fetchnúť z BE.</Typography>

return (
<>
<h2>
{semester?.year}. ročník ({semester?.school_year}) - {semester?.season_code === 0 ? 'zima' : 'leto'}
{semester.year}. ročník ({semester.school_year}) - {semester.season_code === 0 ? 'zima' : 'leto'}
</h2>
Administrácia semestra pre opravovateľov.
{semester?.series_set.map((series) => (
{semester.series_set.map((series) => (
<div key={series.id}>
<h3>{series.order}. séria</h3>
<table>
Expand Down Expand Up @@ -130,7 +132,7 @@ export const SemesterAdministration: FC = () => {
<Stack mt={1} gap={1}>
<h3>Nahrávanie časopisov</h3>
{[1, 2, 3].map((order) => (
<PublicationUploader key={order} semesterId={semesterId ?? ''} order={order} semesterData={semester} />
<PublicationUploader key={order} semesterId={semesterId} order={order} semesterData={semester} />
))}
</Stack>
</>
Expand Down

0 comments on commit 825173b

Please sign in to comment.