From 2d6dfb069550bf5b161b335724fa415f64768060 Mon Sep 17 00:00:00 2001
From: Casu Al Snek <casualsnek@pm.me>
Date: Sun, 12 Jan 2025 22:30:22 +0545
Subject: [PATCH] Allow show pending in /listAll when authenticated as admin

---
 backend/blueprints/course/__init__.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/backend/blueprints/course/__init__.py b/backend/blueprints/course/__init__.py
index 0ec75da..8ccc107 100644
--- a/backend/blueprints/course/__init__.py
+++ b/backend/blueprints/course/__init__.py
@@ -24,17 +24,22 @@ def list_all_courses():
     category_uuid: str = request.args.get('category_uuid')
     search_q: str = request.args.get('search_q', '').strip()
     sort_by: str = request.args.get('sort_by', '').strip()
+    show_pending: bool = bool(int(request.args.get('show_pending', 0)))
     available_sorts = ['date_asc', 'date_desc', 'name_asc', 'name_desc', 'students_desc', 'students_asc']
     if category_uuid is not None:
         category_uuid: uuid.UUID = uuid.UUID(request.args.get('category_uuid'))
     # Build the query as required
-    query: select = select(Course)
+    query: select = select(Course).where(in_)
     if search_q != '':
         query = query.where(or_(Course.name.like(f'%{search_q}%'), Course.description.like(f'%{search_q}%'),
                                 User.firstName.like(f'%{search_q}%')))
     if category_uuid is not None:
         query = query.where(Course.categoryID == category_uuid)
-
+    if g.get('is_authed'):
+        if show_pending and g.current_user.role == int(UserRole.ADMIN):
+            query = query.where(Course.publishedStatus == int(PublishedStatus.PENDING))
+    else:
+        query = query.where(Course.publishedStatus == int(PublishedStatus.APPROVED))
     #total_pages_for_offset: int = db.session.execute(func.count(Course.id).select_from(Course)).scalar()/limit
     total_pages_for_offset: int = db.session.execute(
             select(func.count()).select_from(query.subquery())