manage admins from admin ui
This commit is contained in:
parent
f0786957f7
commit
884c699c8f
2 changed files with 68 additions and 3 deletions
|
@ -129,6 +129,50 @@ module.exports = (db) => {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
router.post('/edit/promote/:userToPromote', verifyAuth(), async (req, res) => {
|
||||||
|
if (!req.user.admin) return res.redirect('/')
|
||||||
|
const user = await db.get(req.params.userToPromote)
|
||||||
|
if (!user) {
|
||||||
|
req.flash('error', 'User not found.')
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
|
||||||
|
}
|
||||||
|
if (user.admin) {
|
||||||
|
req.flash('error', 'user is already admin')
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
|
||||||
|
}
|
||||||
|
|
||||||
|
user.admin = true
|
||||||
|
await db.put(user)
|
||||||
|
|
||||||
|
req.flash('success', `${user._id} is now an admin.`)
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
|
||||||
|
})
|
||||||
|
|
||||||
|
router.post('/edit/demote/:userToDemote', verifyAuth(), async (req, res) => {
|
||||||
|
if (!req.user.admin) return res.redirect('/')
|
||||||
|
if (req.user._id === req.params.userToDemote) {
|
||||||
|
req.flash('error', 'You cannot demote yourself.')
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||||
|
}
|
||||||
|
|
||||||
|
const user = await db.get(req.params.userToDemote)
|
||||||
|
|
||||||
|
if (!user) {
|
||||||
|
req.flash('error', 'User not found.')
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||||
|
}
|
||||||
|
if (!user.admin) {
|
||||||
|
req.flash('error', 'user is not an admin')
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||||
|
}
|
||||||
|
|
||||||
|
user.admin = false
|
||||||
|
await db.put(user)
|
||||||
|
|
||||||
|
req.flash('success', `${user._id} is no longer an admin.`)
|
||||||
|
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
|
||||||
|
})
|
||||||
|
|
||||||
router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => {
|
router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => {
|
||||||
if (!req.user.admin) return res.redirect('/')
|
if (!req.user.admin) return res.redirect('/')
|
||||||
const doc = await db.get(req.params.userToRemove)
|
const doc = await db.get(req.params.userToRemove)
|
||||||
|
|
|
@ -45,11 +45,32 @@ block content
|
||||||
.control
|
.control
|
||||||
input.button.is-primary(type='submit' value='Change Username')
|
input.button.is-primary(type='submit' value='Change Username')
|
||||||
.column.is-narrow
|
.column.is-narrow
|
||||||
h2 Impersonate
|
h2 Admin
|
||||||
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')
|
//- Yes, ternary exists, but I think the code is cleaner with a more "naive" style :)
|
||||||
|
//- p.is-marginless #{user._id} is #{user.admin ? '' : 'not '}an admin.
|
||||||
|
//- vs.
|
||||||
|
if user.admin
|
||||||
|
p.is-marginless #{user._id} is an admin.
|
||||||
|
form(action=`${_CC.config.base}admin-settings/edit/demote/${user._id}`, method='POST')
|
||||||
.field
|
.field
|
||||||
.control
|
.control
|
||||||
input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;')
|
if user._id === req.user._id
|
||||||
|
input.input.button(disabled, type='submit', value=`You cannot demote yourself`, style='margin-top: 1em;')
|
||||||
|
else
|
||||||
|
input.input.button(type='submit', value=`Demote ${user._id}`, style='margin-top: 1em;')
|
||||||
|
else
|
||||||
|
p.is-marginless #{user._id} is not an admin.
|
||||||
|
form(action=`${_CC.config.base}admin-settings/edit/promote/${user._id}`, method='POST')
|
||||||
|
.field
|
||||||
|
.control
|
||||||
|
input.input.button(type='submit', value=`Promote ${user._id}`, style='margin-top: 1em;')
|
||||||
|
if user._id !== req.user._id
|
||||||
|
.column.is-narrow
|
||||||
|
h2 Impersonate
|
||||||
|
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')
|
||||||
|
.field
|
||||||
|
.control
|
||||||
|
input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;')
|
||||||
h2(style='margin-bottom: 1em;') Reset Password
|
h2(style='margin-bottom: 1em;') Reset Password
|
||||||
if user.pwToken
|
if user.pwToken
|
||||||
- const resetLink = `${_CC.config.base}resetpw/${user.pwToken}`
|
- const resetLink = `${_CC.config.base}resetpw/${user.pwToken}`
|
||||||
|
|
Loading…
Reference in a new issue