From 920376995e36dcc14bdfa1398c9bea173601f7bd Mon Sep 17 00:00:00 2001
From: mrkubax10 <mrkubax10@onet.pl>
Date: Sun, 10 Sep 2023 14:30:40 +0200
Subject: [PATCH] Frontend: Add user panel

---
 database_settings.sql |  1 +
 frontend_routes.pm    | 85 +++++++++++++++++++++++++++++++++++++++++++
 templates/panel.html  | 20 ++++++++++
 3 files changed, 106 insertions(+)
 create mode 100644 templates/panel.html

diff --git a/database_settings.sql b/database_settings.sql
index 2cc52b8..76c3601 100644
--- a/database_settings.sql
+++ b/database_settings.sql
@@ -8,6 +8,7 @@ create table channels(id int primary key not null,
 create table users(id int primary key not null,
 	name text not null,
 	password text not null,
+	privileges int not null, -- 0 - normal user, 1 - moderator, 2 - administrator
 	accessor int -- foreign key in accessors table
 );
 
diff --git a/frontend_routes.pm b/frontend_routes.pm
index 493f50d..592ba40 100644
--- a/frontend_routes.pm
+++ b/frontend_routes.pm
@@ -123,6 +123,91 @@ sub handlePath {
 		frontend::redirect($aClient, "/");
 		return 1;
 	}
+	when("/panel") {
+		if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
+			frontend::redirect($aClient, "/");
+			return 1;
+		}
+		my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
+		my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
+		$query->execute($session->{"username"});
+		my @row = $query->fetchrow_array();
+		my $privileges = $row[0];
+
+		my $manageChannelAccess = "";
+		if($privileges>=1) { # moderator
+			$manageChannelAccess.="<h3>Manage channel access</h3>";
+			$manageChannelAccess.="<form action=\"manage_access_action\" method=\"POST\">";
+			$manageChannelAccess.="<select name=\"user\">";
+			$query = $aConnection->prepare(qq(select id, name from users;));
+			$query->execute();
+			while(@row = $query->fetchrow_array()) {
+				my $id = $row[0];
+				my $name = $row[1];
+				if($name eq $session->{"username"}) {
+					next;
+				}
+				$manageChannelAccess.="<option value=\"$id\">$name</option>";
+			}
+			$manageChannelAccess.="</select>";
+			$manageChannelAccess.="<select name=\"channel\">";
+			$query = $aConnection->prepare(qq(select channels.id, channels.name, servers.name from channels inner join servers on channels.server_id=servers.id;));
+			$query->execute();
+			while(@row = $query->fetchrow_array()) {
+				my $channelID = $row[0];
+				my $channel = $row[1];
+				my $server = $row[2];
+				$manageChannelAccess.="<option value=\"$channelID\">$channel at $server</option>";
+			}
+			$manageChannelAccess.="</select><br />";
+			$manageChannelAccess.="<input name=\"grant\" type=\"submit\" value=\"Grant access\" /> ";
+			$manageChannelAccess.="<input name=\"revoke\" type=\"submit\" value=\"Revoke access\" />";
+			$manageChannelAccess.="</form>";
+		}
+
+		my $manageServers = "";
+		if($privileges==2) {
+			$manageServers.="<h3>Manage servers</h3>";
+			$manageServers.="<form action=\"add_server_action\" method=\"POST\">";
+			$manageServers.="<input name=\"name\" type=\"text\" placeholder=\"Server name\" /><br />";
+			$manageServers.="<input name=\"address\" type=\"text\" placeholder=\"Server address\" /> ";
+			$manageServers.="<input name=\"port\" type=\"number\" placeholder=\"Server port\" /><br />";
+			$manageServers.="<input type=\"submit\" value=\"Add\" />";
+			$manageServers.="</form>";
+		}
+
+		my $manageChannels = "";
+		if($privileges==2) {
+			$manageChannels.="<h3>Manage channels</h3>";
+			$manageChannels.="<form action=\"add_channel_action\" method=\"POST\">";
+			$manageChannels.="<input name=\"channel\" type=\"text\" placeholder=\"Channel\" /> at ";
+			$manageChannels.="<select name=\"server\">";
+			$query = $aConnection->prepare(qq(select id, name from servers;));
+			$query->execute();
+			while(@row = $query->fetchrow_array()) {
+				my $id = $row[0];
+				my $name = $row[1];
+				$manageChannels.="<option value=\"$id\">$name</option>";
+			}
+			$manageChannels.="</select><br />";
+			$manageChannels.="<input type=\"submit\" value=\"Add\" />";
+			$manageChannels.="</form>";
+		}
+
+		my $addUser = "";
+		if($privileges==2) {
+			$addUser.="<h3>Add user</h3>";
+			$addUser.="<form action=\"add_user_action\" method=\"POST\">";
+			$addUser.="<input name=\"name\" type=\"text\" placeholder=\"Username\" /><br />";
+			$addUser.="<input name=\"password\" type=\"password\" placeholder=\"Password\" /><br />";
+			$addUser.="<input name=\"confirmPassword\" type=\"password\" placeholder=\"Confirm password\" /><br />";
+			$addUser.="<input type=\"submit\" value=\"Add\" />";
+			$addUser.="</form>";
+		}
+
+		frontend::sendTemplate("templates/panel.html", $aClient, {"username"=>$session->{"username"}, "manageChannelAccess"=>$manageChannelAccess, "manageServers"=>$manageServers, "manageChannels"=>$manageChannels, "addUser"=>$addUser});
+		return 1;
+	}
 	when("/view_logs") {
 		my $channelID = $aRequest->{"path"}{"parameters"}{"channel"};
 		if(!defined($channelID)) {
diff --git a/templates/panel.html b/templates/panel.html
new file mode 100644
index 0000000..b567ba3
--- /dev/null
+++ b/templates/panel.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML>
+<html>
+	<head>
+		<title>{{username}}'s panel</title>
+	</head>
+	<body>
+		<h1>User panel</h1>
+		<a href="/">Back</a>
+		<h3>Change password</h3>
+		<form action="change_password_action" method="POST">
+			<input name="currentPassword" type="password" placeholder="Current password" /><br />
+			<input name="newPassword" type="password" placeholder="New password"><br />
+			<input type="submit" value="Change" />
+		</form>
+		{{manageChannelAccess}}
+		{{manageServers}}
+		{{manageChannels}}
+		{{addUser}}
+	</body>
+</html>