From 3821e24748b3173fcf815ed2060e581c8b97cf03 Mon Sep 17 00:00:00 2001
From: Ninjdai <ninjdai@duck.com>
Date: Tue, 12 Dec 2023 16:19:50 +0100
Subject: [PATCH] Add user editing options

---
 src/html/pages/api/users/edit.js       | 41 ++++++++++++++++++++++++++
 src/html/pages/dashboard/users/show.js | 34 ++++++++++++++++++++-
 utils/handler.js                       | 21 ++++++++++++-
 www/dashboard/users/info.html          | 26 +++++++++++++++-
 4 files changed, 119 insertions(+), 3 deletions(-)
 create mode 100644 src/html/pages/api/users/edit.js

diff --git a/src/html/pages/api/users/edit.js b/src/html/pages/api/users/edit.js
new file mode 100644
index 0000000..24f0e23
--- /dev/null
+++ b/src/html/pages/api/users/edit.js
@@ -0,0 +1,41 @@
+import { checkPermissions, permissionBits } from "../../../../../utils/permissions.js";
+
+export default {
+    path: "/api/users/:username",
+    requiresLogin: true,
+    permissions: permissionBits.USERS | permissionBits.ADMIN,
+    type: "put",
+    async execute(request, response) {
+        const { username } = request.params;
+        let { permissions, newname } = request.body;
+        const target = await global.database.users.findOne({
+            where: { username: username },
+        });
+        if (!target) return response.status(404).send({ message: "User does not exists" });
+
+        if (await global.database.users.findOne({
+            where: { username: newname },
+        })) return response.status(409).send({ message: "Another user with this name already exists" });
+        
+
+        const userPerms = checkPermissions(request.session.user.permissions);
+        const targetPerms = checkPermissions(target.dataValues.permissions);
+
+        if((permissionBits.ADMIN & request.session.user.permissions) == 0){
+            for(const perm in Object.keys(checkPermissions(permissions))){
+                if(targetPerms[perm] != permissions[perm] && !userPerms[perm]) return response.status(403).send({ message: "You're not allowed to give permissions you don't have" });
+            }
+        }
+          
+        const userParams = {
+            username: newname,
+            permissions: permissions,
+        }
+        console.log(`Editing user ${username}`);
+        await global.database.users.update(userParams, { where: { username: username } });
+        response.status(201).send({
+            username: newname,
+            permissions: permissions,
+        });
+    },
+};
diff --git a/src/html/pages/dashboard/users/show.js b/src/html/pages/dashboard/users/show.js
index 9097902..4b090bd 100644
--- a/src/html/pages/dashboard/users/show.js
+++ b/src/html/pages/dashboard/users/show.js
@@ -46,6 +46,38 @@ function getUserHTML(user) {
           <td>${userPerms.join(", ")}</td>
           <td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
         </tr>
-      </table>`;
+      </table>
+      
+      <form action="javascript:editUserFromForm()" id="userEditForm">
+        <div class="container">
+          <hr>
+          <p>Formulaire de modification de compte.</p>
+
+          <label for="username"><b>Changer le nom d'utilisateur</b></label>
+          <input type="text" placeholder="Entrez le nom d'utilisateur" name="username" id="username" value="${user.username}" required>
+          <input type="hidden" name="oldName" value="${user.username}" required>
+
+          <h4>Permissions</h4>
+          <label class="container">Appels
+            <input type="checkbox" name="permissions" value="2" ${(user.permissions & 2) != 0 ? "checked" : ""}>
+            <span class="checkmark"></span>
+          </label>
+          <label class="container">Gestion des utilisateurs
+            <input type="checkbox" name="permissions" value="4" ${(user.permissions & 4) != 0 ? "checked" : ""}>
+            <span class="checkmark"></span>
+          </label>
+          <label class="container">Gestion des contacts
+            <input type="checkbox" name="permissions" value="16" ${(user.permissions & 16) != 0 ? "checked" : ""}>
+            <span class="checkmark"></span>
+          </label>
+          <label class="container">Admin
+            <input type="checkbox" name="permissions" value="8" ${(user.permissions & 8) != 0 ? "checked" : ""}>
+            <span class="checkmark"></span>
+          </label>
+          <hr>
+
+          <button type="submit" class="registerbtn">Submit</button>
+        </div>
+      </form>`;
     return res;
 }
diff --git a/utils/handler.js b/utils/handler.js
index 1e28761..f3ba7d7 100644
--- a/utils/handler.js
+++ b/utils/handler.js
@@ -5,7 +5,7 @@ async function genHandler() {
     const handler = {
         get: [],
         post: [],
-        path: [],
+        put: [],
         delete: [],
     };
     let numberOfPages = 0;
@@ -85,6 +85,25 @@ async function deployHandler(app) {
             );
         });
     }
+
+    for(const endpoint of handler.put) {
+        app.put(endpoint.path, async (request, response) => {
+            console.log("DELETE: " + request.originalUrl);
+            
+            if (endpoint.requiresLogin && !request.session.user) {
+                return response.redirect("/login");
+            }
+            if (endpoint.permissions) {
+                if((endpoint.permissions & request.session.user.permissions) == 0) {
+                    return response.status(403).send("Vous n'avez pas la permission d'effectuer cette action !");
+                }
+            }
+            return await endpoint.execute(
+                request,
+                response,
+            );
+        });
+    }
 }
 
 function parseURL(URL) {
diff --git a/www/dashboard/users/info.html b/www/dashboard/users/info.html
index 4bcbca0..8daa801 100644
--- a/www/dashboard/users/info.html
+++ b/www/dashboard/users/info.html
@@ -26,7 +26,31 @@
             location.reload();
         });
     }
-  </script>
+    function editUserFromForm() {
+        const form = document.getElementById("userEditForm");
+        let perms = 1;
+        for(const node of form.querySelectorAll('input[name="permissions"]')) {
+            perms += node.checked ? Number(node.value) : 0;
+        }
+        console.log(perms)
+        fetch(`/api/users/${form.oldName.value}`, {
+            method: "PUT",
+            body: JSON.stringify({
+                newname: form.username.value,
+                permissions: perms,
+            }),
+            headers: {
+                "Content-type": "application/json; charset=UTF-8"
+            }
+        })
+        .then(async (response) => {
+            const res = await response.json();
+            console.log(res);
+            if(!response.ok) return alert(res.message);
+            window.location = `/dashboard/users/${res.username}`;
+        });
+    }
+</script>
   <NAVBAR>
   <USERINFO>
   <a href='./'><p>Retour</p></a>