Frontend: Add support for updating users
This commit is contained in:
parent
8d60bb55bc
commit
e6085c6e0b
@ -117,6 +117,25 @@ sub enumerateChannels {
|
||||
return $output;
|
||||
}
|
||||
|
||||
sub enumerateUsers {
|
||||
my $aConnection = $_[0];
|
||||
my $aSession = $_[1];
|
||||
|
||||
my $output = "<select name=\"user\">";
|
||||
my $query = $aConnection->prepare(qq(select id, name from users;));
|
||||
$query->execute();
|
||||
while(my @row = $query->fetchrow_array()) {
|
||||
my $id = $row[0];
|
||||
my $name = $row[1];
|
||||
if($name eq $aSession->{"username"}) {
|
||||
next;
|
||||
}
|
||||
$output.="<option value=\"$id\">$name</option>";
|
||||
}
|
||||
$output.="</select>";
|
||||
return $output;
|
||||
}
|
||||
|
||||
sub handlePath {
|
||||
my $aClient = $_[0];
|
||||
my $aPath = $_[1];
|
||||
@ -258,21 +277,11 @@ sub handlePath {
|
||||
|
||||
my $manageChannelAccess = "";
|
||||
my $addUser = "";
|
||||
my $updateUser = "";
|
||||
if($privileges>=1) { # moderator
|
||||
$manageChannelAccess.="<h3>Manage channel access</h3>";
|
||||
$manageChannelAccess.="<form action=\"manage_access_action\" method=\"POST\">";
|
||||
$manageChannelAccess.="<select name=\"user\">";
|
||||
$query = $aConnection->prepare(qq(select id, name from users;));
|
||||
$query->execute();
|
||||
while(@row = $query->fetchrow_array()) {
|
||||
my $id = $row[0];
|
||||
my $name = $row[1];
|
||||
if($name eq $session->{"username"}) {
|
||||
next;
|
||||
}
|
||||
$manageChannelAccess.="<option value=\"$id\">$name</option>";
|
||||
}
|
||||
$manageChannelAccess.="</select>";
|
||||
$manageChannelAccess.=enumerateUsers($aConnection, $session)." ";
|
||||
$manageChannelAccess.=enumerateChannels($aConnection)."<br />";
|
||||
$manageChannelAccess.="<input name=\"grant\" type=\"submit\" value=\"Grant access\" /> ";
|
||||
$manageChannelAccess.="<input name=\"revoke\" type=\"submit\" value=\"Revoke access\" />";
|
||||
@ -286,6 +295,14 @@ sub handlePath {
|
||||
$addUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />";
|
||||
$addUser.="<input type=\"submit\" value=\"Add\" />";
|
||||
$addUser.="</form>";
|
||||
|
||||
$updateUser.="<h3>Update user</h3>";
|
||||
$updateUser.="<form action=\"update_user_action\" method=\"POST\">";
|
||||
$updateUser.=enumerateUsers($aConnection, $session)."<br />";
|
||||
$updateUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />";
|
||||
$updateUser.="<input name=\"update\" type=\"submit\" value=\"Update\" /> ";
|
||||
$updateUser.="<input name=\"delete\" type=\"submit\" value=\"Delete\" />";
|
||||
$updateUser.="</form>";
|
||||
}
|
||||
|
||||
my $addServer = "";
|
||||
@ -338,6 +355,7 @@ sub handlePath {
|
||||
"username"=>$session->{"username"},
|
||||
"manageChannelAccess"=>$manageChannelAccess,
|
||||
"addUser"=>$addUser,
|
||||
"updateUser"=>$updateUser,
|
||||
"addServer"=>$addServer,
|
||||
"updateServer"=>$updateServer,
|
||||
"addChannel"=>$addChannel,
|
||||
@ -495,6 +513,42 @@ sub handlePath {
|
||||
frontend::redirect($aClient, "/user_added.html");
|
||||
return 1;
|
||||
}
|
||||
when("/update_user_action") {
|
||||
if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
|
||||
return 1;
|
||||
}
|
||||
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
|
||||
if(!defined($parameters{"user"}) || length($parameters{"user"})==0) {
|
||||
frontend::sendBadRequest($aClient, "User required");
|
||||
return 1;
|
||||
}
|
||||
my $query = $aConnection->prepare(qq(select privileges from users where id=?;));
|
||||
$query->execute($parameters{"user"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if(scalar(@row)==0) {
|
||||
frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist");
|
||||
return 1;
|
||||
}
|
||||
if($row[0]>1 && !verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
|
||||
return 1;
|
||||
}
|
||||
if(defined($parameters{"update"})) {
|
||||
$query = $aConnection->prepare(qq(update users set privileges=? where id=?;));
|
||||
$query->execute(defined($parameters{"operator"})?1:0, $parameters{"user"});
|
||||
}
|
||||
elsif(defined($parameters{"delete"})) {
|
||||
$query = $aConnection->prepare(qq(delete from users where id=?;));
|
||||
$query->execute($parameters{"user"});
|
||||
$query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
|
||||
$query->execute($parameters{"user"});
|
||||
}
|
||||
else {
|
||||
frontend::sendBadRequest($aClient, "Action (update or delete) required");
|
||||
return 1;
|
||||
}
|
||||
frontend::redirect($aClient, "/user_updated.html");
|
||||
return 1;
|
||||
}
|
||||
when("/add_server_action") {
|
||||
if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
|
||||
return 1;
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
</form>
|
||||
{{manageChannelAccess}}
|
||||
{{addUser}}
|
||||
{{updateUser}}
|
||||
{{addServer}}
|
||||
{{updateServer}}
|
||||
{{addChannel}}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user