From 8e3812c9e4bf8951372834d701dde236176dcd70 Mon Sep 17 00:00:00 2001
From: b1ek <me@blek.codes>
Date: Tue, 28 Feb 2023 16:27:41 +1000
Subject: [PATCH] remove access level (have something else in mind)

---
 routes/admin.js | 30 ++++++++----------------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/routes/admin.js b/routes/admin.js
index 10c1e7f..80df6cf 100644
--- a/routes/admin.js
+++ b/routes/admin.js
@@ -73,6 +73,10 @@ async function gb_api(req, res) {
     }
 }
 
+async function article_new(req, res) {
+    res.send(await Helpers.ViewLoader.load('articles/new.pug'))
+}
+
 module.exports = (router) => {
 
     // login
@@ -80,30 +84,12 @@ module.exports = (router) => {
     router.get('/admin/login', handler(login));
     router.post('/admin/login', handler(apiLogin));
 
-    // level 4 access routes
-    /** @type {express.Router} */
-    const l4_router = new express.Router();
-    l4_router.use(handler(async (req, res, next) => {
-        const user = await db.User.bySession(req.session);
-        if (!user) {
-            res.status(401).send('Forbidden');
-            return;
-        }
-        
-        if (user.accessLevel < 4) {
-            res.status(401).send('Forbidden');
-            return;
-        }
-
-
-        req.user = user;
-        return next();
-    }));
-    l4_router.post('/admin/panel/gb_api', handler(gb_api));
-
-    router.use('/admin/panel/*', l4_router);
+    router.post('/gb_api', handler(gb_api));
 
     
     // panel
     router.get('/admin/panel', handler(panel));
+
+    // article
+    router.get('/admin/article/new', handler(article_new));
 }
\ No newline at end of file