pdf/christmas
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

manage admins from admin ui

Browse source
This commit is contained in:
Wingy 2021-01-02 17:07:07 -05:00
parent f0786957f7
commit 884c699c8f
2 changed files with 68 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
routes/adminSettings/index.js
View file

@ -129,6 +129,50 @@ module.exports = (db) => {
}) })
}) })
router.post('/edit/promote/:userToPromote', verifyAuth(), async (req, res) => {
if (!req.user.admin) return res.redirect('/')
const user = await db.get(req.params.userToPromote)
if (!user) {
req.flash('error', 'User not found.')
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
}
if (user.admin) {
req.flash('error', 'user is already admin')
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
}
user.admin = true
await db.put(user)
req.flash('success', `${user._id} is now an admin.`)
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
})
router.post('/edit/demote/:userToDemote', verifyAuth(), async (req, res) => {
if (!req.user.admin) return res.redirect('/')
if (req.user._id === req.params.userToDemote) {
req.flash('error', 'You cannot demote yourself.')
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
}
const user = await db.get(req.params.userToDemote)
if (!user) {
req.flash('error', 'User not found.')
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
}
if (!user.admin) {
req.flash('error', 'user is not an admin')
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
}
user.admin = false
await db.put(user)
req.flash('success', `${user._id} is no longer an admin.`)
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
})
router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => { router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => {
if (!req.user.admin) return res.redirect('/') if (!req.user.admin) return res.redirect('/')
const doc = await db.get(req.params.userToRemove) const doc = await db.get(req.params.userToRemove)

21
views/admin-user-edit.pug
View file

@ -44,6 +44,27 @@ block content
.field .field
.control .control
input.button.is-primary(type='submit' value='Change Username') input.button.is-primary(type='submit' value='Change Username')
.column.is-narrow
h2 Admin
//- Yes, ternary exists, but I think the code is cleaner with a more "naive" style :)
//- p.is-marginless #{user._id} is #{user.admin ? '' : 'not '}an admin.
//- vs.
if user.admin
p.is-marginless #{user._id} is an admin.
form(action=`${_CC.config.base}admin-settings/edit/demote/${user._id}`, method='POST')
.field
.control
if user._id === req.user._id
input.input.button(disabled, type='submit', value=`You cannot demote yourself`, style='margin-top: 1em;')
else
input.input.button(type='submit', value=`Demote ${user._id}`, style='margin-top: 1em;')
else
p.is-marginless #{user._id} is not an admin.
form(action=`${_CC.config.base}admin-settings/edit/promote/${user._id}`, method='POST')
.field
.control
input.input.button(type='submit', value=`Promote ${user._id}`, style='margin-top: 1em;')
if user._id !== req.user._id
.column.is-narrow .column.is-narrow
h2 Impersonate h2 Impersonate
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST') form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')