Add user editing options
This commit is contained in:
parent
d1666f1f8e
commit
3821e24748
41
src/html/pages/api/users/edit.js
Normal file
41
src/html/pages/api/users/edit.js
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
import { checkPermissions, permissionBits } from "../../../../../utils/permissions.js";
|
||||||
|
|
||||||
|
export default {
|
||||||
|
path: "/api/users/:username",
|
||||||
|
requiresLogin: true,
|
||||||
|
permissions: permissionBits.USERS | permissionBits.ADMIN,
|
||||||
|
type: "put",
|
||||||
|
async execute(request, response) {
|
||||||
|
const { username } = request.params;
|
||||||
|
let { permissions, newname } = request.body;
|
||||||
|
const target = await global.database.users.findOne({
|
||||||
|
where: { username: username },
|
||||||
|
});
|
||||||
|
if (!target) return response.status(404).send({ message: "User does not exists" });
|
||||||
|
|
||||||
|
if (await global.database.users.findOne({
|
||||||
|
where: { username: newname },
|
||||||
|
})) return response.status(409).send({ message: "Another user with this name already exists" });
|
||||||
|
|
||||||
|
|
||||||
|
const userPerms = checkPermissions(request.session.user.permissions);
|
||||||
|
const targetPerms = checkPermissions(target.dataValues.permissions);
|
||||||
|
|
||||||
|
if((permissionBits.ADMIN & request.session.user.permissions) == 0){
|
||||||
|
for(const perm in Object.keys(checkPermissions(permissions))){
|
||||||
|
if(targetPerms[perm] != permissions[perm] && !userPerms[perm]) return response.status(403).send({ message: "You're not allowed to give permissions you don't have" });
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const userParams = {
|
||||||
|
username: newname,
|
||||||
|
permissions: permissions,
|
||||||
|
}
|
||||||
|
console.log(`Editing user ${username}`);
|
||||||
|
await global.database.users.update(userParams, { where: { username: username } });
|
||||||
|
response.status(201).send({
|
||||||
|
username: newname,
|
||||||
|
permissions: permissions,
|
||||||
|
});
|
||||||
|
},
|
||||||
|
};
|
@ -46,6 +46,38 @@ function getUserHTML(user) {
|
|||||||
<td>${userPerms.join(", ")}</td>
|
<td>${userPerms.join(", ")}</td>
|
||||||
<td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
|
<td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>`;
|
</table>
|
||||||
|
|
||||||
|
<form action="javascript:editUserFromForm()" id="userEditForm">
|
||||||
|
<div class="container">
|
||||||
|
<hr>
|
||||||
|
<p>Formulaire de modification de compte.</p>
|
||||||
|
|
||||||
|
<label for="username"><b>Changer le nom d'utilisateur</b></label>
|
||||||
|
<input type="text" placeholder="Entrez le nom d'utilisateur" name="username" id="username" value="${user.username}" required>
|
||||||
|
<input type="hidden" name="oldName" value="${user.username}" required>
|
||||||
|
|
||||||
|
<h4>Permissions</h4>
|
||||||
|
<label class="container">Appels
|
||||||
|
<input type="checkbox" name="permissions" value="2" ${(user.permissions & 2) != 0 ? "checked" : ""}>
|
||||||
|
<span class="checkmark"></span>
|
||||||
|
</label>
|
||||||
|
<label class="container">Gestion des utilisateurs
|
||||||
|
<input type="checkbox" name="permissions" value="4" ${(user.permissions & 4) != 0 ? "checked" : ""}>
|
||||||
|
<span class="checkmark"></span>
|
||||||
|
</label>
|
||||||
|
<label class="container">Gestion des contacts
|
||||||
|
<input type="checkbox" name="permissions" value="16" ${(user.permissions & 16) != 0 ? "checked" : ""}>
|
||||||
|
<span class="checkmark"></span>
|
||||||
|
</label>
|
||||||
|
<label class="container">Admin
|
||||||
|
<input type="checkbox" name="permissions" value="8" ${(user.permissions & 8) != 0 ? "checked" : ""}>
|
||||||
|
<span class="checkmark"></span>
|
||||||
|
</label>
|
||||||
|
<hr>
|
||||||
|
|
||||||
|
<button type="submit" class="registerbtn">Submit</button>
|
||||||
|
</div>
|
||||||
|
</form>`;
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,7 @@ async function genHandler() {
|
|||||||
const handler = {
|
const handler = {
|
||||||
get: [],
|
get: [],
|
||||||
post: [],
|
post: [],
|
||||||
path: [],
|
put: [],
|
||||||
delete: [],
|
delete: [],
|
||||||
};
|
};
|
||||||
let numberOfPages = 0;
|
let numberOfPages = 0;
|
||||||
@ -85,6 +85,25 @@ async function deployHandler(app) {
|
|||||||
);
|
);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for(const endpoint of handler.put) {
|
||||||
|
app.put(endpoint.path, async (request, response) => {
|
||||||
|
console.log("DELETE: " + request.originalUrl);
|
||||||
|
|
||||||
|
if (endpoint.requiresLogin && !request.session.user) {
|
||||||
|
return response.redirect("/login");
|
||||||
|
}
|
||||||
|
if (endpoint.permissions) {
|
||||||
|
if((endpoint.permissions & request.session.user.permissions) == 0) {
|
||||||
|
return response.status(403).send("Vous n'avez pas la permission d'effectuer cette action !");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return await endpoint.execute(
|
||||||
|
request,
|
||||||
|
response,
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function parseURL(URL) {
|
function parseURL(URL) {
|
||||||
|
@ -26,6 +26,30 @@
|
|||||||
location.reload();
|
location.reload();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
function editUserFromForm() {
|
||||||
|
const form = document.getElementById("userEditForm");
|
||||||
|
let perms = 1;
|
||||||
|
for(const node of form.querySelectorAll('input[name="permissions"]')) {
|
||||||
|
perms += node.checked ? Number(node.value) : 0;
|
||||||
|
}
|
||||||
|
console.log(perms)
|
||||||
|
fetch(`/api/users/${form.oldName.value}`, {
|
||||||
|
method: "PUT",
|
||||||
|
body: JSON.stringify({
|
||||||
|
newname: form.username.value,
|
||||||
|
permissions: perms,
|
||||||
|
}),
|
||||||
|
headers: {
|
||||||
|
"Content-type": "application/json; charset=UTF-8"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.then(async (response) => {
|
||||||
|
const res = await response.json();
|
||||||
|
console.log(res);
|
||||||
|
if(!response.ok) return alert(res.message);
|
||||||
|
window.location = `/dashboard/users/${res.username}`;
|
||||||
|
});
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
<NAVBAR>
|
<NAVBAR>
|
||||||
<USERINFO>
|
<USERINFO>
|
||||||
|
Loading…
Reference in New Issue
Block a user