manage admins from admin ui

This commit is contained in:
Wingy 2021-01-02 17:07:07 -05:00
parent f0786957f7
commit 884c699c8f
2 changed files with 68 additions and 3 deletions

View file

@ -129,6 +129,50 @@ module.exports = (db) => {
})
})
router.post('/edit/promote/:userToPromote', verifyAuth(), async (req, res) => {
if (!req.user.admin) return res.redirect('/')
const user = await db.get(req.params.userToPromote)
if (!user) {
req.flash('error', 'User not found.')
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
}
if (user.admin) {
req.flash('error', 'user is already admin')
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
}
user.admin = true
await db.put(user)
req.flash('success', `${user._id} is now an admin.`)
return res.redirect(`/admin-settings/edit/${req.params.userToPromote}`)
})
router.post('/edit/demote/:userToDemote', verifyAuth(), async (req, res) => {
if (!req.user.admin) return res.redirect('/')
if (req.user._id === req.params.userToDemote) {
req.flash('error', 'You cannot demote yourself.')
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
}
const user = await db.get(req.params.userToDemote)
if (!user) {
req.flash('error', 'User not found.')
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
}
if (!user.admin) {
req.flash('error', 'user is not an admin')
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
}
user.admin = false
await db.put(user)
req.flash('success', `${user._id} is no longer an admin.`)
return res.redirect(`/admin-settings/edit/${req.params.userToDemote}`)
})
router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => {
if (!req.user.admin) return res.redirect('/')
const doc = await db.get(req.params.userToRemove)

View file

@ -45,11 +45,32 @@ block content
.control
input.button.is-primary(type='submit' value='Change Username')
.column.is-narrow
h2 Impersonate
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')
h2 Admin
//- Yes, ternary exists, but I think the code is cleaner with a more "naive" style :)
//- p.is-marginless #{user._id} is #{user.admin ? '' : 'not '}an admin.
//- vs.
if user.admin
p.is-marginless #{user._id} is an admin.
form(action=`${_CC.config.base}admin-settings/edit/demote/${user._id}`, method='POST')
.field
.control
input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;')
if user._id === req.user._id
input.input.button(disabled, type='submit', value=`You cannot demote yourself`, style='margin-top: 1em;')
else
input.input.button(type='submit', value=`Demote ${user._id}`, style='margin-top: 1em;')
else
p.is-marginless #{user._id} is not an admin.
form(action=`${_CC.config.base}admin-settings/edit/promote/${user._id}`, method='POST')
.field
.control
input.input.button(type='submit', value=`Promote ${user._id}`, style='margin-top: 1em;')
if user._id !== req.user._id
.column.is-narrow
h2 Impersonate
form(action=`${_CC.config.base}admin-settings/edit/impersonate/${user._id}`, method='POST')
.field
.control
input.input.button.is-warning(type='submit', value=`Log in as ${user._id}`, style='margin-top: 1em;')
h2(style='margin-bottom: 1em;') Reset Password
if user.pwToken
- const resetLink = `${_CC.config.base}resetpw/${user.pwToken}`