From e6085c6e0bbc5f49ea469c57fd94d89144b2f0f9 Mon Sep 17 00:00:00 2001
From: mrkubax10 <mrkubax10@onet.pl>
Date: Sat, 23 Sep 2023 14:42:31 +0200
Subject: [PATCH] Frontend: Add support for updating users

---
 frontend_routes.pm   | 78 +++++++++++++++++++++++++++++++++++++-------
 templates/panel.html |  1 +
 2 files changed, 67 insertions(+), 12 deletions(-)

diff --git a/frontend_routes.pm b/frontend_routes.pm
index 2d822c3..f863dd1 100644
--- a/frontend_routes.pm
+++ b/frontend_routes.pm
@@ -117,6 +117,25 @@ sub enumerateChannels {
 	return $output;
 }
 
+sub enumerateUsers {
+	my $aConnection = $_[0];
+	my $aSession = $_[1];
+
+	my $output = "<select name=\"user\">";
+	my $query = $aConnection->prepare(qq(select id, name from users;));
+	$query->execute();
+	while(my @row = $query->fetchrow_array()) {
+		my $id = $row[0];
+		my $name = $row[1];
+		if($name eq $aSession->{"username"}) {
+			next;
+		}
+		$output.="<option value=\"$id\">$name</option>";
+	}
+	$output.="</select>";
+	return $output;
+}
+
 sub handlePath {
 	my $aClient = $_[0];
 	my $aPath = $_[1];
@@ -258,21 +277,11 @@ sub handlePath {
 
 		my $manageChannelAccess = "";
 		my $addUser = "";
+		my $updateUser = "";
 		if($privileges>=1) { # moderator
 			$manageChannelAccess.="<h3>Manage channel access</h3>";
 			$manageChannelAccess.="<form action=\"manage_access_action\" method=\"POST\">";
-			$manageChannelAccess.="<select name=\"user\">";
-			$query = $aConnection->prepare(qq(select id, name from users;));
-			$query->execute();
-			while(@row = $query->fetchrow_array()) {
-				my $id = $row[0];
-				my $name = $row[1];
-				if($name eq $session->{"username"}) {
-					next;
-				}
-				$manageChannelAccess.="<option value=\"$id\">$name</option>";
-			}
-			$manageChannelAccess.="</select>";
+			$manageChannelAccess.=enumerateUsers($aConnection, $session)." ";
 			$manageChannelAccess.=enumerateChannels($aConnection)."<br />";
 			$manageChannelAccess.="<input name=\"grant\" type=\"submit\" value=\"Grant access\" /> ";
 			$manageChannelAccess.="<input name=\"revoke\" type=\"submit\" value=\"Revoke access\" />";
@@ -286,6 +295,14 @@ sub handlePath {
 			$addUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />";
 			$addUser.="<input type=\"submit\" value=\"Add\" />";
 			$addUser.="</form>";
+
+			$updateUser.="<h3>Update user</h3>";
+			$updateUser.="<form action=\"update_user_action\" method=\"POST\">";
+			$updateUser.=enumerateUsers($aConnection, $session)."<br />";
+			$updateUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />";
+			$updateUser.="<input name=\"update\" type=\"submit\" value=\"Update\" /> ";
+			$updateUser.="<input name=\"delete\" type=\"submit\" value=\"Delete\" />";
+			$updateUser.="</form>";
 		}
 
 		my $addServer = "";
@@ -338,6 +355,7 @@ sub handlePath {
 			"username"=>$session->{"username"},
 			"manageChannelAccess"=>$manageChannelAccess,
 			"addUser"=>$addUser,
+			"updateUser"=>$updateUser,
 			"addServer"=>$addServer,
 			"updateServer"=>$updateServer,
 			"addChannel"=>$addChannel,
@@ -495,6 +513,42 @@ sub handlePath {
 		frontend::redirect($aClient, "/user_added.html");
 		return 1;
 	}
+	when("/update_user_action") {
+		if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
+			return 1;
+		}
+		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
+		if(!defined($parameters{"user"}) || length($parameters{"user"})==0) {
+			frontend::sendBadRequest($aClient, "User required");
+			return 1;
+		}
+		my $query = $aConnection->prepare(qq(select privileges from users where id=?;));
+		$query->execute($parameters{"user"});
+		my @row = $query->fetchrow_array();
+		if(scalar(@row)==0) {
+			frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist");
+			return 1;
+		}
+		if($row[0]>1 && !verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
+			return 1;
+		}
+		if(defined($parameters{"update"})) {
+			$query = $aConnection->prepare(qq(update users set privileges=? where id=?;));
+			$query->execute(defined($parameters{"operator"})?1:0, $parameters{"user"});
+		}
+		elsif(defined($parameters{"delete"})) {
+			$query = $aConnection->prepare(qq(delete from users where id=?;));
+			$query->execute($parameters{"user"});
+			$query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
+			$query->execute($parameters{"user"});
+		}
+		else {
+			frontend::sendBadRequest($aClient, "Action (update or delete) required");
+			return 1;
+		}
+		frontend::redirect($aClient, "/user_updated.html");
+		return 1;
+	}
 	when("/add_server_action") {
 		if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
 			return 1;
diff --git a/templates/panel.html b/templates/panel.html
index ea18388..a620f04 100644
--- a/templates/panel.html
+++ b/templates/panel.html
@@ -14,6 +14,7 @@
 		</form>
 		{{manageChannelAccess}}
 		{{addUser}}
+		{{updateUser}}
 		{{addServer}}
 		{{updateServer}}
 		{{addChannel}}