From 884c699c8f93b4108aabb3f3de2d4f9f53201503 Mon Sep 17 00:00:00 2001 From: Wingy Date: Sat, 2 Jan 2021 17:07:07 -0500 Subject: [PATCH] manage admins from admin ui --- routes/adminSettings/index.js | 44 +++++++++++++++++++++++++++++++++++ views/admin-user-edit.pug | 27 ++++++++++++++++++--- 2 files changed, 68 insertions(+), 3 deletions(-) diff --git a/routes/adminSettings/index.js b/routes/adminSettings/index.js index a7a45c3..1666d07 100644 --- a/routes/adminSettings/index.js +++ b/routes/adminSettings/index.js @@ -129,6 +129,50 @@ module.exports = (db) => { }) }) + router.post('/edit/promote/:userToPromote', verifyAuth(), async (req, res) => { + if (!req.user.admin) return res.redirect('/') + const user = await db.get(req.params.userToPromote) + if (!user) { + req.flash('error', 'User not found.') + return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`) + } + if (user.admin) { + req.flash('error', 'user is already admin') + return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`) + } + + user.admin = true + await db.put(user) + + req.flash('success', `${user._id} is now an admin.`) + return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`) + }) + + router.post('/edit/demote/:userToDemote', verifyAuth(), async (req, res) => { + if (!req.user.admin) return res.redirect('/') + if (req.user._id === req.params.userToDemote) { + req.flash('error', 'You cannot demote yourself.') + return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`) + } + + const user = await db.get(req.params.userToDemote) + + if (!user) { + req.flash('error', 'User not found.') + return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`) + } + if (!user.admin) { + req.flash('error', 'user is not an admin') + return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`) + } + + user.admin = false + await db.put(user) + + req.flash('success', `${user._id} is no longer an admin.`) + return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`) + }) + router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => { if (!req.user.admin) return res.redirect('/') const doc = await db.get(req.params.userToRemove) diff --git a/views/admin-user-edit.pug b/views/admin-user-edit.pug index dace33f..7e35b5a 100644 --- a/views/admin-user-edit.pug +++ b/views/admin-user-edit.pug @@ -45,11 +45,32 @@ block content .control input.button.is-primary(type='submit' value='Change Username') .column.is-narrow - h2 Impersonate - form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST') + h2 Admin + //- Yes, ternary exists, but I think the code is cleaner with a more "naive" style :) + //- p.is-marginless #{user._id} is #{user.admin ? '' : 'not '}an admin. + //- vs. + if user.admin + p.is-marginless #{user._id} is an admin. + form(action=`${_CC.config.base}admin-settings/edit/demote/${user._id}`, method='POST') .field .control - input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;') + if user._id === req.user._id + input.input.button(disabled, type='submit', value=`You cannot demote yourself`, style='margin-top: 1em;') + else + input.input.button(type='submit', value=`Demote ${user._id}`, style='margin-top: 1em;') + else + p.is-marginless #{user._id} is not an admin. + form(action=`${_CC.config.base}admin-settings/edit/promote/${user._id}`, method='POST') + .field + .control + input.input.button(type='submit', value=`Promote ${user._id}`, style='margin-top: 1em;') + if user._id !== req.user._id + .column.is-narrow + h2 Impersonate + form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST') + .field + .control + input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;') h2(style='margin-bottom: 1em;') Reset Password if user.pwToken - const resetLink = `${_CC.config.base}resetpw/${user.pwToken}`