From 57d39ab327e43e567f481de6b4d695d2ab5efd56 Mon Sep 17 00:00:00 2001
From: Nikki Pham <nikkipham94@gmail.com>
Date: Fri, 17 Mar 2023 13:35:49 +1100
Subject: [PATCH] safeguarded the new workout

---
 controllers/user_controller.js |   9 ++++++---
 latest.dump                    | Bin 0 -> 12610 bytes
 views/user_workouts.ejs        |  13 ++++++++-----
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/controllers/user_controller.js b/controllers/user_controller.js
index 164ec7c..43992d4 100644
--- a/controllers/user_controller.js
+++ b/controllers/user_controller.js
@@ -44,7 +44,9 @@ router.get("/users/workouts", ensureLoggedIn, (req, res) => {
 router.get("/users/:userid/workouts",  ensureLoggedIn, (req, res) => {
     const sql = "SELECT *, TO_CHAR(workout_date, 'FMMonth DD, YYYY') FROM workouts WHERE user_id = $1 ORDER BY workout_date DESC;"
     // console.log(req.session.userId, "session userId");
-    db.query(sql, [req.session.userId], (err, dbRes) => {
+   const currentUserSessionId = req.session.userId
+   const workoutUserId = req.params.userid
+    db.query(sql, [workoutUserId], (err, dbRes) => {
         const workouts = dbRes.rows
         // console.log("workouts",workouts);
         const sql2 = "SELECT * FROM workout_exercise_junction JOIN exercises ON workout_exercise_junction.exercise_id = exercises.exercise_id;"
@@ -55,7 +57,7 @@ router.get("/users/:userid/workouts",  ensureLoggedIn, (req, res) => {
             const sql3 = "SELECT * FROM users where user_id = $1"
             db.query(sql3, [req.params.userid], (err, dbUsersRes) => {
                 const user = dbUsersRes.rows[0]
-                res.render("user_workouts", { workouts, exercisesInWorkouts, user })
+                res.render("user_workouts", { workouts, exercisesInWorkouts, user, currentUserSessionId })
 
             })
 
@@ -122,7 +124,8 @@ router.post("/users", (req, res) => {
                     const sql2 = "INSERT INTO users (email, username, full_name, password_digest, profile_photo) VALUES ($1, $2, $3, $4, $5) RETURNING user_id;" 
                     db.query(sql2, [email, username, req.body.full_name, digestedPassword, default_profile_picture_url], (err, insertRes) => {
                         req.session.userId = insertRes.rows[0].user_id
-                        res.redirect("/")
+
+                        res.redirect(`/users/${insertRes.rows[0].user_id}`)
                     })
                 })
             })  
diff --git a/latest.dump b/latest.dump
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..3402189415e5ccc48160dbf68783e0bef4e6555b 100644
GIT binary patch
literal 12610
zcmcIq3s@7!7G6Lr3UWoIBDK0I8nhuz0)#|V3`rm;Nst7TN{ta>h(Ll#Kzv*uwQ8+e
zwZ5*3Ra8)0wJH_gEk$ny6>Dp)ullIkYOk$&t<|>F%blIwO~O9XAh_ShlAWD7bIw2K
zpE+}8Q<LPXRG%QEjlYkN4+1V8c8kMqf!Hk=yZK_bY1j=`c?tZOV6{2ScBBpXDTv_-
zT|YQjwS*w-j$K#-K5_R4zZGhkMxLxrLYh3l4tj#uT7?eH&Nmw^4!zNmZOt)TOz04l
zldek?bK*Kc4OwqUTOeS9A>VF<Rs6sce#scM=>T48b#kpP4XC3<D34I12&@Xw$nG#$
zatyW{eYVvC3@-p$>Fo|1_-Dtovs#{CH#xg*3Tc{5nJU#Oaot>xP&YBuEkz;Ip@k-W
zw!vY@x0-l%qXQ~wHbrpkMuROoS6^sw<Z`$u2mC>B20S;83a74c*o7h?gj^ts5eN}C
zr@)3*F4ajBq*?{;JM%z^EKMQRDNynSihB?`Dp{vQbqZB#3ifsg>M#}*<{KPFK1#ZZ
z(*e*FjZB)N(5I$pGLq$rH1NWlT||^(wTu>hx|Ro=B~r{mlV$08yaE0yGF=OX33(Y)
zE=`k4RfHK8q&=u^G3Vu(3v&$xtR8j=)WR<unHULyj5t;VMHowrwrsQAXouwhniK*V
zEoep{1544uqVf6WY@V|L8qom-7x}C==b&bb!)P+vP_;&fs?$?axUh!BP+$b;l{h+p
z5k_7Ga-o^bQVDC}sNp@j)Xy~<3ca-ZBHjwzX?DjT-9a&_wp~yD0tV>q#z~O>TE)n8
zFv<iJ%Rqes3i1UF4XPMuxl~I+0w1+HX_^lAD*-G>Rs*prg<6LuWTJSHT7#;R)fv*1
zbOo$}JxfQso@G**Qh^EpkbIyO1k!7r=-9fZEH+#bY_<{#Vkt9MqLXp%^QdQFu^HQ`
zt7ep1AqQsTG#mw9NmF!yInD}HccTJ~k`ib`;dD_jqVD8z^C_?G7E$cJ3KYdJs$WTj
zNEh%1%ys(7R$HF62wNz?R7_{q4p5DWSqx1Hj$v<D=>=w1JLzUP;cUi2O37rS*_7)*
zZAL>rUS(pDCEH=PTHM6qFN*9&n_D5IEVgpeDa)WP-N9T~HG{n0;jO@(2C@Lb7Gs94
z^*BZ>3|<8qu`t-PtQSw?7@!&>jXf(yhuT}8778dnoy5pxFL3riXalf{nb4liqOqEx
zIu9#rF|~z!3JlkQ%J@a`ItgC@7e|a5v}Lj!G+`n$tW40C!YRt~h`n_#kvIt_6y@jZ
zDP_h2gE=2Aqj;S{gWV1$njC$O*<`dk+~3%&6U_NWePOQEVRbFM*yK!SG1QapOfDdr
z!P{$iD{!YF$cOPd>`YI<!9vvqpg9XwY0Y0eJF!5Uk)1SM=oorU$S8^@Dj5lhv5nR%
zgw?rbl1n1Ks3w61%p9bNq0tW3;9>VxV49F(-xZ)3eo_2HEXIQ~=K@Lur+RX^q6VpR
zffy$Cu?ip<Ny>9u=_sspiwc`AuB2$!dJNadNT3OwU1VjaG_qs5x3~al2IDT{t-zgz
zWHd4W6tgPegcLx)!o)Jro`s2Ci+%A79R{>yWT@9V(#OJE<_aVf&rW7!Zu17h!>T$N
z*viakuZ^WKowX&8^wpNn00J=urwhOk{G$4;C>CzO2(4(#?LR>)4}`Z9{3eZZk(5Gj
z%Hm4a&jI^;6uYqp!##iotVFldeaU5JGkE<i-U{4l_=u2hpqRwRxz}K2@e)wmGmGsM
zAupb@JfM>&&Qdj^qv|z7V<?_CoROiPAoajUEJxyzk5oh0*k|XF9@yfzRuE0Gcx^|Z
zCA=_S5{mfI&J>UY2?0gq;$(Nv<sj|A8@VD;nx3M=!-*N705=xT+-TG(nY6t(ir0{7
zQqomwcX?oAuR{rWs0Ad0iVgV@oWI-Ta|R8v8BN*wAlAilM{<e^)aLBHLvJIxZ-F<7
z$aDz#pMrHME7p=2Bn)WJu$@8i?F=38cPQ4n1I{F;3G}#7kEk=qaN9*wpiibKLqN|U
zqv;?JdbAGyLIIAukWc)lZe`cA;V%JRkG+F&ElR|-bjU3fE8QW-n>GQNkmC_$*vx&;
zLjiU$rAq=>552V#mO=u<DDpqWm)EgjDHe;7en4w-$|C0vXGn><MGka~KcE=wjxoE)
zCb+xF_lP~KIH#&a^h+5N9YsZAOjyM=b$NH~T4$^T5`2sVV&XqF?p(t<R<V4TmLycS
zqofVy9Qw#irI^hyGWMpXx}<qC4%F3<f_eg_`=+R~_uNVtM-$k_kpC%skYJGmmhC1E
z4Y5N#frx&Nf}PjlD<pQJ1cgCK@P>%MTbU-6Vdac)^2nUSMX>;N0GgPlQGr7~aM}n~
zKkOh2$HYxudr-)53`E#~r|o@*b3rZa8p3RYhupPiYxF>-yERP9K?J@8a8WE#%>_B=
zLU6|u(p>kMf=f=zEjF9TaQa5^pwS2t&uDhjyq;%6b0~)5({lu|0N|=)Lk5mA$=n?m
zg(*8OO3BoL0`~-6%dN%JN4{%GYvUNL{rlXCX9O}S2$0lwdM!Eap%LUSFu4K{$Q%y#
zKsGYxwAgH7@9nF_&cU!Nmf39ThSIZ@BY+@xhb9yT`%0JUI5}O$!2M#YIj;cUvG^V$
z?HYmE1uyT9+ORJqoLNB-dBf=dQNmJ&lX>rAaV{Dy=AsT;k+I21{qxLA)MK?2MjO32
zf?zgO<&B{XbCrAe%S8o(*0Gj$(x76rmN~!6Y+$@M2GS!>E*jNJCQ(zmYDSZqm-u2f
zb+k98lH_zwHqI%?`2$aofNxC%t>whjq?U#e15c?1W{VS>VKFVFYCX55B@)W0L8gdI
zB#5JsP@pu4zAKSn*B9m)r@+sIWEwU2qDh*p*1?<>f`txvQ12m~fTyD5a@5t@xuD>(
z(bTkLl{76A9ihlX-9soWUqFp0-2+;evM_#R?SP&w0E&Yc5JrODL|?AYy~<eul*A%j
zAe3QBg4qG5d*dGzu!Cv=LfAlM5Y7ZILp9i6Q=qY0U=arxXEd)%l!`W6f6tFQ?SOkL
z8}1Um80iG`$D=uXzGQV+SF(@pu&^l;nl715@x#gq00(&h5H_bl<`UWhkf?`_o7q4T
zOZW)(O`p>V$$*ZWTAfiHNh#Ovnib5M9*kz~hzVfU$_!3RDog-B{&{qu4Tfh0o_~O7
zXG<Gc2PifgemqEM;@snVn0&MT-gLVMw3((}5(j)%80JL>Y*6CTTYwxT=kJ5St@|Y~
zW0#b^nKq{C3L5y=%O8#NE107iyCJmex-P!FB?pdfZO|vRty*&Ke`Vdn6Qlf7{q+6i
zC$bB9D@sSVoAb4%=So%W)PXl=?RpdtHz(+Si-%shvGP`&F}1s?*P6P0G0(UID+5B~
zIK^$XV`Ya;M~lDhyP<Ez@%!z9uZ42L_6lw~QeU&p@j3cI@z@@N>-ubLKo(`+T)KXO
z>DLOSvLr(Fpxd2oKLsuconE23cSsr5**5C0cT%!Mmb@c1p>Iu@dv|BAH3vTLy6M@b
zfZGY{pX@waaWkl4-iC>Xy9^eXMtwCfw=DSW4uu2vPw4WpW>~w%OJ{$(QJ6Jn<M5h%
zZP1n@amRjMG4s*>cQelO{SQ~~=n%Pk;Qd|v`EC1N2ud%v?!Na|8Ry=*8~4@Y)?Pjs
z|G8!Mdvm|399!LKM!~Ot28}NnU|ku1^ZqpDHeuMV^TQhUai_LV9>Q<jbv^r+{tpA|
z!fc<Ota#)*;MVCY$3`iC2pL*&4b{}17}obG^5?W;X=U7feHNcs9T(gsVDZ8Q$v%<~
z4<4QV-QA5PvNHp%;u$e}XH2+s?5*O`jAw#3gqg!f>pIrGpF3q<*?~P%e{TFE>5=c$
z8o6=Jolf^=RUJA~Gf}>8?eZO|Uo5B_vv5-V<1Z(FaZ$f}#U=O&ILOPu{KhEYdnKi+
zGpB;9QU5k)qsA=q^B4To@7aam8S_hT96Ypn>C$EV6J77#<-Y!)>h8t<)+u$5Y=e)d
zJ9wq@)WwaJ^Ebt2e7WGFNU?HKhAdpO@3XEeOS;Ya2XAi({`H>^o=?~g{mD2|W!=p0
zI{4VfwY^U+4wa4H*!gngmhH-TWo^~r#ZMBdeNK#v3mtyr!t3=Jzw}<sIoiGc-08vF
z{1dvDos245vFO_=Su^^?R|@<8JNo-_q3B8Wwk1dJ%zaSVuz2UfZ{pi(z8Q4n_{Hmw
zrSDG@9=O^l8nAv!@5}pU3abwd&FZu1c2VT*j!4L=b6akxhL6rF>NQz<xu$>Y>2RMd
zi=qO<Mm`j`eb6bhDjPlZuQ}Ga8L=@RE3;<Zzj$xURnzV16<246{BY#fxy`jYt>lZq
z*FG{Vnx3}2XJvrx)qb`60~&VqeYkyC@+UKXQC$-oo+u+{_h>|lN6ymsee`4Ge$g8{
zA9t-)JPj!?xU#+4lvO(-aM`bG=d4;SIA<FhSR7R_?xVMrJHFS-<O?!))}woi+HIR>
z;~v<1Q}W6X+w6uVzg_-*P;zkITZjAYxU-*=8C|*m=}Q5J#(a9Z%5b~nE6ZW&{OaF}
zYy-z$-x@yscV5HSTaO3_%r;+quWj$&zs&8XYiKh+Xws9uJtr2on;Y7*KWBj>uVzrD
zu_5_hg5OWezuWiYpWz`Z1I~Y@O;2z1saXAaDR2oaZwFH&xPOGy*L7?o_4ljZ|LW-v
z>%U6kEuYyVZ)jIE=j{Z3;hSBiRxE8-msp#h6KV}pZCE*_*7Qkg*xc$e-wy@Lra2zh
zl=nD)EAh?TktZ6%Csvq0?Nt}w{%Pl<L^m)MQ34*od~;?`P|dJFzq67*-fftjVY)N?
z)H}y(uayTJTTu2N-!3yX;o+V4{8+cAciw|((u3Eom$!edV4G-nhZUC|MxC~-T5MQ2
zrXj3xkz<|hOrOccaX(}|4z}2<KB+tydFdvnzGJ%O*?&*o+CD4mgQOnyryQ@O|K_($
JDDDOI_&?xtnA!jU

literal 0
HcmV?d00001

diff --git a/views/user_workouts.ejs b/views/user_workouts.ejs
index 03c6d06..2894380 100644
--- a/views/user_workouts.ejs
+++ b/views/user_workouts.ejs
@@ -3,11 +3,14 @@
 </head>
 <body>
     <h2><span><%= user.username%></span>'s Workouts</h2>
-    <section class="nav">
-        <h3><a href="/workouts/new">Start New Workout</a></h3>
-        <!-- add search function to look for old workout -->
-        <h3>Find a Workout</h3> 
-    </section>
+
+    <% if (Number(currentUserSessionId) === user.user_id) { %>
+        <section class="nav">
+            <h3><a href="/workouts/new">Start New Workout</a></h3>
+            <!-- add search function to look for old workout -->
+            <h3>Find a Workout</h3> 
+        </section>
+    <% } %>
     
     <section class="log">
         <h4>Workout Log</h4>