diff --git a/src/routes/voteOnSponsorTime.js b/src/routes/voteOnSponsorTime.js index 2918d3f..dd61ea9 100644 --- a/src/routes/voteOnSponsorTime.js +++ b/src/routes/voteOnSponsorTime.js @@ -93,6 +93,16 @@ module.exports = async function voteOnSponsorTime(req, res) { return categoryVote(UUID, userID, isVIP, category, hashedIP, res); } + if (type == 1 && !isVIP) { + // Check if upvoting hidden segment + let voteInfo = db.prepare("SELECT votes FROM sponsorTimes WHERE UUID = ?").get(UUID); + + if (voteInfo && voteInfo.votes <= -2) { + res.status(403).send("Not allowed to upvote segment with too many downvotes unless you are VIP.") + return; + } + } + let voteTypes = { normal: 0, incorrect: 1 diff --git a/test/cases/voteOnSponsorTime.js b/test/cases/voteOnSponsorTime.js index 167347c..641ae56 100644 --- a/test/cases/voteOnSponsorTime.js +++ b/test/cases/voteOnSponsorTime.js @@ -127,4 +127,35 @@ describe('voteOnSponsorTime', () => { }); }); + it('Non-VIP should not be able to upvote "dead" submission', (done) => { + request.get(utils.getbaseURL() + + "/api/voteOnSponsorTime?userID=randomID2&UUID=vote-uuid-5&type=1", null, + (err, res, body) => { + if (err) done(err); + else if (res.statusCode === 403) { + done(); + } else { + done("Status code was " + res.statusCode + " instead of 403"); + } + }); + }); + + it('VIP should be able to upvote "dead" submission', (done) => { + request.get(utils.getbaseURL() + + "/api/voteOnSponsorTime?userID=VIPUser&UUID=vote-uuid-5&type=1", null, + (err, res, body) => { + if (err) done(err); + else if (res.statusCode === 200) { + let row = db.prepare("SELECT votes FROM sponsorTimes WHERE UUID = ?").get("vote-uuid-5"); + if (row.votes > -3) { + done() + } else { + done("Vote did not succeed. Votes raised from -3 to " + row.votes); + } + } else { + done("Status code was " + res.statusCode); + } + }); + }); + }); \ No newline at end of file