diff --git a/routes/manage.js b/routes/manage.js index 227c27d..c995742 100644 --- a/routes/manage.js +++ b/routes/manage.js @@ -156,16 +156,16 @@ router.get('/account', userLoggedIn, (req, res, next) => { if(userIsAdmin) { let title = req.query.account ? 'Manage User' : 'Create User' - res.render('accounts/createuser', { title, userLoggedIn: !!req.user }); + res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') }); } else { let title = 'Manage Account'; - res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user }); + res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') }); } }); -router.post('/account', userLoggedIn, (req, res, next) => { +router.post('/account', userLoggedIn, async function(req, res, next) { const email = req.body.email; const password = req.body.password; @@ -175,19 +175,24 @@ router.post('/account', userLoggedIn, (req, res, next) => { const loggedInAccountIsAdmin = req.user[2]; const loggedInAccountID = req.user[0]; - console.log(accountID); - console.log(loggedInAccountID); - - if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) { res.status(403).send("ACCESS DENIED"); } else { - const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false; + try { + const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false; - if(remove) accounts.remove(accountID).then(res.redirect('/manage')); - if(accountID) accounts.edit(accountID, email, password, isAdmin).then(res.redirect('/manage')); - else accounts.create(req.body.email, req.body.password, !!req.body.admin).then(res.redirect('/manage')); + if(remove) await accounts.remove(accountID); + else if(accountID) await accounts.edit(accountID, email, password, isAdmin); + else await accounts.create(req.body.email, req.body.password, !!req.body.admin); + + res.redirect('/manage'); + } + catch (err) { + console.error("ERROR: " + err.message); + req.flash("error", "An error has occurred."); + res.redirect('/manage/account'); + } } }); diff --git a/views/accounts/createuser.pug b/views/accounts/createuser.pug index a87897d..dfc1b13 100644 --- a/views/accounts/createuser.pug +++ b/views/accounts/createuser.pug @@ -20,6 +20,7 @@ block content span(class='form-section-checkbox') input#admin-checkbox(type="checkbox" name="admin" disabled) label(for="admin-checkbox") Grant admin privileges + .error #{message} span(class='form-section') button#submit-button(type="submit" disabled) Submit span(class='form-section')