Remove Super-Admin role, bugfix if user enters buggy SQL injection on search field

2024-11-27 19:29:03 +01:00
parent ba700eb050
commit fd2a2dd345
5 changed files with 13 additions and 21 deletions
--- a/backend/data/accountRoles.json
+++ b/backend/data/accountRoles.json
@@ -4,29 +4,19 @@
      "id": 0,
      "name": "Unregistered",
      "privilegeBuy": false,
-      "privilegeAdminPanel": false,
-      "privilegeFileAccess": false
+      "privilegeAdminPanel": false
    },
    {
      "id": 1,
      "name": "User",
      "privilegeBuy": true,
-      "privilegeAdminPanel": false,
-      "privilegeFileAccess": false
+      "privilegeAdminPanel": false
    },
    {
      "id": 2,
      "name": "Admin",
      "privilegeBuy": true,
-      "privilegeAdminPanel": true,
-      "privilegeFileAccess": false
-    },
-    {
-      "id": 3,
-      "name": "Super-Admin",
-      "privilegeBuy": true,
-      "privilegeAdminPanel": true,
-      "privilegeFileAccess": true
+      "privilegeAdminPanel": true
    }
  ]
 }
--- a/backend/data/accounts.json
+++ b/backend/data/accounts.json
@@ -19,7 +19,7 @@
          "iban": "DE92500105175721645777"
        }
      ],
-      "accountRoleId": 2
+      "accountRoleId": 1
    },
    {
      "username": "katjaStoiber",
@@ -94,7 +94,7 @@
          "iban": "DE41500105172184936679"
        }
      ],
-      "accountRoleId": 3
+      "accountRoleId": 2
    },
    {
      "username": "guitarhero",
--- a/backend/routes/band.routes.ts
+++ b/backend/routes/band.routes.ts
@@ -137,10 +137,13 @@ band.get("/search", async (req: Request, res: Response) => {

  // On stacked prompts, execute last prompt
  if (prompts.length > 1) {
+    try {
      const [results, metadata] =
        await sequelize.query(prompts[prompts.length - 2])
-
        res.status(200).json(results)
+    } catch (e) {
+      res.status(400).send()
+    }
  } else {
      Band.findAll({
        where: {
--- a/src/stores/account.store.ts
+++ b/src/stores/account.store.ts
@@ -91,7 +91,7 @@ export const useAccountStore = defineStore("accountStore", {
                this.privilegeBuy = true
                this.adminPanelVisible = response.data.accountRole.privilegeAdminPanel

-                if (response.data.accountRoleId == 3) {
+                if (response.data.accountRoleId == 2) {
                  exerciseStore.solveExercise(2, 5)
                }
              })
--- a/src/stores/basket.store.ts
+++ b/src/stores/basket.store.ts
@@ -119,7 +119,6 @@ export const useBasketStore = defineStore('basketStore', {
            for (let item of this.itemsInBasket) {
              if (!item.concert.offered) {
                exerciseStore.solveExercise(1, 2)
-                feedbackStore.addSnackbar(BannerStateEnum.EXERCISESOLVED12)
              }
            }