Add user editing options

This commit is contained in:
Ninjdai 2023-12-12 16:19:50 +01:00
parent d1666f1f8e
commit 3821e24748
4 changed files with 119 additions and 3 deletions

View File

@ -0,0 +1,41 @@
import { checkPermissions, permissionBits } from "../../../../../utils/permissions.js";
export default {
path: "/api/users/:username",
requiresLogin: true,
permissions: permissionBits.USERS | permissionBits.ADMIN,
type: "put",
async execute(request, response) {
const { username } = request.params;
let { permissions, newname } = request.body;
const target = await global.database.users.findOne({
where: { username: username },
});
if (!target) return response.status(404).send({ message: "User does not exists" });
if (await global.database.users.findOne({
where: { username: newname },
})) return response.status(409).send({ message: "Another user with this name already exists" });
const userPerms = checkPermissions(request.session.user.permissions);
const targetPerms = checkPermissions(target.dataValues.permissions);
if((permissionBits.ADMIN & request.session.user.permissions) == 0){
for(const perm in Object.keys(checkPermissions(permissions))){
if(targetPerms[perm] != permissions[perm] && !userPerms[perm]) return response.status(403).send({ message: "You're not allowed to give permissions you don't have" });
}
}
const userParams = {
username: newname,
permissions: permissions,
}
console.log(`Editing user ${username}`);
await global.database.users.update(userParams, { where: { username: username } });
response.status(201).send({
username: newname,
permissions: permissions,
});
},
};

View File

@ -46,6 +46,38 @@ function getUserHTML(user) {
<td>${userPerms.join(", ")}</td>
<td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
</tr>
</table>`;
</table>
<form action="javascript:editUserFromForm()" id="userEditForm">
<div class="container">
<hr>
<p>Formulaire de modification de compte.</p>
<label for="username"><b>Changer le nom d'utilisateur</b></label>
<input type="text" placeholder="Entrez le nom d'utilisateur" name="username" id="username" value="${user.username}" required>
<input type="hidden" name="oldName" value="${user.username}" required>
<h4>Permissions</h4>
<label class="container">Appels
<input type="checkbox" name="permissions" value="2" ${(user.permissions & 2) != 0 ? "checked" : ""}>
<span class="checkmark"></span>
</label>
<label class="container">Gestion des utilisateurs
<input type="checkbox" name="permissions" value="4" ${(user.permissions & 4) != 0 ? "checked" : ""}>
<span class="checkmark"></span>
</label>
<label class="container">Gestion des contacts
<input type="checkbox" name="permissions" value="16" ${(user.permissions & 16) != 0 ? "checked" : ""}>
<span class="checkmark"></span>
</label>
<label class="container">Admin
<input type="checkbox" name="permissions" value="8" ${(user.permissions & 8) != 0 ? "checked" : ""}>
<span class="checkmark"></span>
</label>
<hr>
<button type="submit" class="registerbtn">Submit</button>
</div>
</form>`;
return res;
}

View File

@ -5,7 +5,7 @@ async function genHandler() {
const handler = {
get: [],
post: [],
path: [],
put: [],
delete: [],
};
let numberOfPages = 0;
@ -85,6 +85,25 @@ async function deployHandler(app) {
);
});
}
for(const endpoint of handler.put) {
app.put(endpoint.path, async (request, response) => {
console.log("DELETE: " + request.originalUrl);
if (endpoint.requiresLogin && !request.session.user) {
return response.redirect("/login");
}
if (endpoint.permissions) {
if((endpoint.permissions & request.session.user.permissions) == 0) {
return response.status(403).send("Vous n'avez pas la permission d'effectuer cette action !");
}
}
return await endpoint.execute(
request,
response,
);
});
}
}
function parseURL(URL) {

View File

@ -26,7 +26,31 @@
location.reload();
});
}
</script>
function editUserFromForm() {
const form = document.getElementById("userEditForm");
let perms = 1;
for(const node of form.querySelectorAll('input[name="permissions"]')) {
perms += node.checked ? Number(node.value) : 0;
}
console.log(perms)
fetch(`/api/users/${form.oldName.value}`, {
method: "PUT",
body: JSON.stringify({
newname: form.username.value,
permissions: perms,
}),
headers: {
"Content-type": "application/json; charset=UTF-8"
}
})
.then(async (response) => {
const res = await response.json();
console.log(res);
if(!response.ok) return alert(res.message);
window.location = `/dashboard/users/${res.username}`;
});
}
</script>
<NAVBAR>
<USERINFO>
<a href='./'><p>Retour</p></a>