MIGDYN/irclogger_web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Frontend: Add support for updating users

Browse Source
This commit is contained in:
mrkubax10 2023-09-23 14:42:31 +02:00
parent 8d60bb55bc
commit e6085c6e0b
2 changed files with 67 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
frontend_routes.pm
View File

@ -117,6 +117,25 @@ sub enumerateChannels {
return $output; return $output;
} }
sub enumerateUsers {
my $aConnection = $_[0];
my $aSession = $_[1];
my $output = "<select name=\"user\">";
my $query = $aConnection->prepare(qq(select id, name from users;));
$query->execute();
while(my @row = $query->fetchrow_array()) {
my $id = $row[0];
my $name = $row[1];
if($name eq $aSession->{"username"}) {
next;
}
$output.="<option value=\"$id\">$name</option>";
}
$output.="</select>";
return $output;
}
sub handlePath { sub handlePath {
my $aClient = $_[0]; my $aClient = $_[0];
my $aPath = $_[1]; my $aPath = $_[1];
@ -258,21 +277,11 @@ sub handlePath {
my $manageChannelAccess = ""; my $manageChannelAccess = "";
my $addUser = ""; my $addUser = "";
my $updateUser = "";
if($privileges>=1) { # moderator if($privileges>=1) { # moderator
$manageChannelAccess.="<h3>Manage channel access</h3>"; $manageChannelAccess.="<h3>Manage channel access</h3>";
$manageChannelAccess.="<form action=\"manage_access_action\" method=\"POST\">"; $manageChannelAccess.="<form action=\"manage_access_action\" method=\"POST\">";
$manageChannelAccess.="<select name=\"user\">"; $manageChannelAccess.=enumerateUsers($aConnection, $session)." ";
$query = $aConnection->prepare(qq(select id, name from users;));
$query->execute();
while(@row = $query->fetchrow_array()) {
my $id = $row[0];
my $name = $row[1];
if($name eq $session->{"username"}) {
next;
}
$manageChannelAccess.="<option value=\"$id\">$name</option>";
}
$manageChannelAccess.="</select>";
$manageChannelAccess.=enumerateChannels($aConnection)."<br />"; $manageChannelAccess.=enumerateChannels($aConnection)."<br />";
$manageChannelAccess.="<input name=\"grant\" type=\"submit\" value=\"Grant access\" /> "; $manageChannelAccess.="<input name=\"grant\" type=\"submit\" value=\"Grant access\" /> ";
$manageChannelAccess.="<input name=\"revoke\" type=\"submit\" value=\"Revoke access\" />"; $manageChannelAccess.="<input name=\"revoke\" type=\"submit\" value=\"Revoke access\" />";
@ -286,6 +295,14 @@ sub handlePath {
$addUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />"; $addUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />";
$addUser.="<input type=\"submit\" value=\"Add\" />"; $addUser.="<input type=\"submit\" value=\"Add\" />";
$addUser.="</form>"; $addUser.="</form>";
$updateUser.="<h3>Update user</h3>";
$updateUser.="<form action=\"update_user_action\" method=\"POST\">";
$updateUser.=enumerateUsers($aConnection, $session)."<br />";
$updateUser.="<input name=\"operator\" type=\"checkbox\" />Operator<br />";
$updateUser.="<input name=\"update\" type=\"submit\" value=\"Update\" /> ";
$updateUser.="<input name=\"delete\" type=\"submit\" value=\"Delete\" />";
$updateUser.="</form>";
} }
my $addServer = ""; my $addServer = "";
@ -338,6 +355,7 @@ sub handlePath {
"username"=>$session->{"username"}, "username"=>$session->{"username"},
"manageChannelAccess"=>$manageChannelAccess, "manageChannelAccess"=>$manageChannelAccess,
"addUser"=>$addUser, "addUser"=>$addUser,
"updateUser"=>$updateUser,
"addServer"=>$addServer, "addServer"=>$addServer,
"updateServer"=>$updateServer, "updateServer"=>$updateServer,
"addChannel"=>$addChannel, "addChannel"=>$addChannel,
@ -495,6 +513,42 @@ sub handlePath {
frontend::redirect($aClient, "/user_added.html"); frontend::redirect($aClient, "/user_added.html");
return 1; return 1;
} }
when("/update_user_action") {
if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
return 1;
}
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
if(!defined($parameters{"user"}) || length($parameters{"user"})==0) {
frontend::sendBadRequest($aClient, "User required");
return 1;
}
my $query = $aConnection->prepare(qq(select privileges from users where id=?;));
$query->execute($parameters{"user"});
my @row = $query->fetchrow_array();
if(scalar(@row)==0) {
frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist");
return 1;
}
if($row[0]>1 && !verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
return 1;
}
if(defined($parameters{"update"})) {
$query = $aConnection->prepare(qq(update users set privileges=? where id=?;));
$query->execute(defined($parameters{"operator"})?1:0, $parameters{"user"});
}
elsif(defined($parameters{"delete"})) {
$query = $aConnection->prepare(qq(delete from users where id=?;));
$query->execute($parameters{"user"});
$query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
$query->execute($parameters{"user"});
}
else {
frontend::sendBadRequest($aClient, "Action (update or delete) required");
return 1;
}
frontend::redirect($aClient, "/user_updated.html");
return 1;
}
when("/add_server_action") { when("/add_server_action") {
if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) { if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
return 1; return 1;

1
templates/panel.html
View File

@ -14,6 +14,7 @@
</form> </form>
{{manageChannelAccess}} {{manageChannelAccess}}
{{addUser}} {{addUser}}
{{updateUser}}
{{addServer}} {{addServer}}
{{updateServer}} {{updateServer}}
{{addChannel}} {{addChannel}}