Add user editing options
This commit is contained in:
parent
d1666f1f8e
commit
3821e24748
41
src/html/pages/api/users/edit.js
Normal file
41
src/html/pages/api/users/edit.js
Normal file
@ -0,0 +1,41 @@
|
||||
import { checkPermissions, permissionBits } from "../../../../../utils/permissions.js";
|
||||
|
||||
export default {
|
||||
path: "/api/users/:username",
|
||||
requiresLogin: true,
|
||||
permissions: permissionBits.USERS | permissionBits.ADMIN,
|
||||
type: "put",
|
||||
async execute(request, response) {
|
||||
const { username } = request.params;
|
||||
let { permissions, newname } = request.body;
|
||||
const target = await global.database.users.findOne({
|
||||
where: { username: username },
|
||||
});
|
||||
if (!target) return response.status(404).send({ message: "User does not exists" });
|
||||
|
||||
if (await global.database.users.findOne({
|
||||
where: { username: newname },
|
||||
})) return response.status(409).send({ message: "Another user with this name already exists" });
|
||||
|
||||
|
||||
const userPerms = checkPermissions(request.session.user.permissions);
|
||||
const targetPerms = checkPermissions(target.dataValues.permissions);
|
||||
|
||||
if((permissionBits.ADMIN & request.session.user.permissions) == 0){
|
||||
for(const perm in Object.keys(checkPermissions(permissions))){
|
||||
if(targetPerms[perm] != permissions[perm] && !userPerms[perm]) return response.status(403).send({ message: "You're not allowed to give permissions you don't have" });
|
||||
}
|
||||
}
|
||||
|
||||
const userParams = {
|
||||
username: newname,
|
||||
permissions: permissions,
|
||||
}
|
||||
console.log(`Editing user ${username}`);
|
||||
await global.database.users.update(userParams, { where: { username: username } });
|
||||
response.status(201).send({
|
||||
username: newname,
|
||||
permissions: permissions,
|
||||
});
|
||||
},
|
||||
};
|
@ -46,6 +46,38 @@ function getUserHTML(user) {
|
||||
<td>${userPerms.join(", ")}</td>
|
||||
<td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
|
||||
</tr>
|
||||
</table>`;
|
||||
</table>
|
||||
|
||||
<form action="javascript:editUserFromForm()" id="userEditForm">
|
||||
<div class="container">
|
||||
<hr>
|
||||
<p>Formulaire de modification de compte.</p>
|
||||
|
||||
<label for="username"><b>Changer le nom d'utilisateur</b></label>
|
||||
<input type="text" placeholder="Entrez le nom d'utilisateur" name="username" id="username" value="${user.username}" required>
|
||||
<input type="hidden" name="oldName" value="${user.username}" required>
|
||||
|
||||
<h4>Permissions</h4>
|
||||
<label class="container">Appels
|
||||
<input type="checkbox" name="permissions" value="2" ${(user.permissions & 2) != 0 ? "checked" : ""}>
|
||||
<span class="checkmark"></span>
|
||||
</label>
|
||||
<label class="container">Gestion des utilisateurs
|
||||
<input type="checkbox" name="permissions" value="4" ${(user.permissions & 4) != 0 ? "checked" : ""}>
|
||||
<span class="checkmark"></span>
|
||||
</label>
|
||||
<label class="container">Gestion des contacts
|
||||
<input type="checkbox" name="permissions" value="16" ${(user.permissions & 16) != 0 ? "checked" : ""}>
|
||||
<span class="checkmark"></span>
|
||||
</label>
|
||||
<label class="container">Admin
|
||||
<input type="checkbox" name="permissions" value="8" ${(user.permissions & 8) != 0 ? "checked" : ""}>
|
||||
<span class="checkmark"></span>
|
||||
</label>
|
||||
<hr>
|
||||
|
||||
<button type="submit" class="registerbtn">Submit</button>
|
||||
</div>
|
||||
</form>`;
|
||||
return res;
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ async function genHandler() {
|
||||
const handler = {
|
||||
get: [],
|
||||
post: [],
|
||||
path: [],
|
||||
put: [],
|
||||
delete: [],
|
||||
};
|
||||
let numberOfPages = 0;
|
||||
@ -85,6 +85,25 @@ async function deployHandler(app) {
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
for(const endpoint of handler.put) {
|
||||
app.put(endpoint.path, async (request, response) => {
|
||||
console.log("DELETE: " + request.originalUrl);
|
||||
|
||||
if (endpoint.requiresLogin && !request.session.user) {
|
||||
return response.redirect("/login");
|
||||
}
|
||||
if (endpoint.permissions) {
|
||||
if((endpoint.permissions & request.session.user.permissions) == 0) {
|
||||
return response.status(403).send("Vous n'avez pas la permission d'effectuer cette action !");
|
||||
}
|
||||
}
|
||||
return await endpoint.execute(
|
||||
request,
|
||||
response,
|
||||
);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
function parseURL(URL) {
|
||||
|
@ -26,7 +26,31 @@
|
||||
location.reload();
|
||||
});
|
||||
}
|
||||
</script>
|
||||
function editUserFromForm() {
|
||||
const form = document.getElementById("userEditForm");
|
||||
let perms = 1;
|
||||
for(const node of form.querySelectorAll('input[name="permissions"]')) {
|
||||
perms += node.checked ? Number(node.value) : 0;
|
||||
}
|
||||
console.log(perms)
|
||||
fetch(`/api/users/${form.oldName.value}`, {
|
||||
method: "PUT",
|
||||
body: JSON.stringify({
|
||||
newname: form.username.value,
|
||||
permissions: perms,
|
||||
}),
|
||||
headers: {
|
||||
"Content-type": "application/json; charset=UTF-8"
|
||||
}
|
||||
})
|
||||
.then(async (response) => {
|
||||
const res = await response.json();
|
||||
console.log(res);
|
||||
if(!response.ok) return alert(res.message);
|
||||
window.location = `/dashboard/users/${res.username}`;
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<NAVBAR>
|
||||
<USERINFO>
|
||||
<a href='./'><p>Retour</p></a>
|
||||
|
Loading…
Reference in New Issue
Block a user