manage admins from admin ui
This commit is contained in:
Wingy
parent
f0786957f7
commit
884c699c8f
2 changed files with 68 additions and 3 deletions
|
|
@ -129,6 +129,50 @@ module.exports = (db) => {
|
|||
})
|
||||
})
|
||||
|
||||
router.post('/edit/promote/:userToPromote', verifyAuth(), async (req, res) => {
|
||||
if (!req.user.admin) return res.redirect('/')
|
||||
const user = await db.get(req.params.userToPromote)
|
||||
if (!user) {
|
||||
req.flash('error', 'User not found.')
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
|
||||
}
|
||||
if (user.admin) {
|
||||
req.flash('error', 'user is already admin')
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
|
||||
}
|
||||
|
||||
user.admin = true
|
||||
await db.put(user)
|
||||
|
||||
req.flash('success', `${user._id} is now an admin.`)
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
|
||||
})
|
||||
|
||||
router.post('/edit/demote/:userToDemote', verifyAuth(), async (req, res) => {
|
||||
if (!req.user.admin) return res.redirect('/')
|
||||
if (req.user._id === req.params.userToDemote) {
|
||||
req.flash('error', 'You cannot demote yourself.')
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||
}
|
||||
|
||||
const user = await db.get(req.params.userToDemote)
|
||||
|
||||
if (!user) {
|
||||
req.flash('error', 'User not found.')
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||
}
|
||||
if (!user.admin) {
|
||||
req.flash('error', 'user is not an admin')
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||
}
|
||||
|
||||
user.admin = false
|
||||
await db.put(user)
|
||||
|
||||
req.flash('success', `${user._id} is no longer an admin.`)
|
||||
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||
})
|
||||
|
||||
router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => {
|
||||
if (!req.user.admin) return res.redirect('/')
|
||||
const doc = await db.get(req.params.userToRemove)
|
||||
|
|
|
|||
|
|
@ -45,11 +45,32 @@ block content
|
|||
.control
|
||||
input.button.is-primary(type='submit' value='Change Username')
|
||||
.column.is-narrow
|
||||
h2 Impersonate
|
||||
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')
|
||||
h2 Admin
|
||||
//- Yes, ternary exists, but I think the code is cleaner with a more "naive" style :)
|
||||
//- p.is-marginless #{user._id} is #{user.admin ? '' : 'not '}an admin.
|
||||
//- vs.
|
||||
if user.admin
|
||||
p.is-marginless #{user._id} is an admin.
|
||||
form(action=`${_CC.config.base}admin-settings/edit/demote/${user._id}`, method='POST')
|
||||
.field
|
||||
.control
|
||||
input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;')
|
||||
if user._id === req.user._id
|
||||
input.input.button(disabled, type='submit', value=`You cannot demote yourself`, style='margin-top: 1em;')
|
||||
else
|
||||
input.input.button(type='submit', value=`Demote ${user._id}`, style='margin-top: 1em;')
|
||||
else
|
||||
p.is-marginless #{user._id} is not an admin.
|
||||
form(action=`${_CC.config.base}admin-settings/edit/promote/${user._id}`, method='POST')
|
||||
.field
|
||||
.control
|
||||
input.input.button(type='submit', value=`Promote ${user._id}`, style='margin-top: 1em;')
|
||||
if user._id !== req.user._id
|
||||
.column.is-narrow
|
||||
h2 Impersonate
|
||||
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')
|
||||
.field
|
||||
.control
|
||||
input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;')
|
||||
h2(style='margin-bottom: 1em;') Reset Password
|
||||
if user.pwToken
|
||||
- const resetLink = `${_CC.config.base}resetpw/${user.pwToken}`
|
||||
|
|
|
|||
Loading…
Reference in a new issue