Add ability for non-admin users to manage their account

2021-11-26 12:08:45 -07:00 · 2021-11-26 12:08:45 -07:00 · e277107b10
parent 54978d3c35
commit e277107b10
6 changed files with 79 additions and 18 deletions
--- a/public/scripts/manage/account.js
+++ b/public/scripts/manage/account.js
@ -4,13 +4,14 @@ import * as Form from "../form.js";
 const submissionForm = document.getElementById('submission-form');
 const emailTextbox = document.getElementById('email-textbox');
 const passwordTextbox = document.getElementById('password-textbox');
 const adminCheckboxSection = document.getElementById('admin-checkbox-section');
 const adminCheckbox = document.getElementById('admin-checkbox');
 const submitButton = document.getElementById('submit-button');
 const deleteButton = document.getElementById('delete-button');
 async function Initialize() {
    let params = new URLSearchParams(location.search);
-    let accountID = params.get('account');
+    let accountID = params.get('account') || (document.getElementById('account-id') ? document.getElementById('account-id').value : null);
    if(accountID) {
        const account = await Data.getAccount(accountID);
        console.log(account);
@ -21,16 +22,25 @@ async function Initialize() {
        adminCheckbox.checked = account.isAdmin;
-        Form.addHiddenValue('account', accountID, submissionForm);
+        if(!document.getElementById('account-id')) {
            adminCheckboxSection.style.visibility = "visible";
            adminCheckbox.disabled = false;    
            Form.addHiddenValue('account', accountID, submissionForm);
        }
        deleteButton.style.visibility = "visible";
        deleteButton.disabled = false;
    }
    else
    {
        adminCheckboxSection.style.visibility = "visible";
        adminCheckbox.disabled = false;
    }
    emailTextbox.disabled = false;
    emailTextbox.addEventListener('keyup', checkDataValidity);
    passwordTextbox.disabled = false;
    passwordTextbox.addEventListener('keyup', checkDataValidity);
    adminCheckbox.disabled = false;
    checkDataValidity();
 }
 Initialize();
--- a/public/scripts/manage/manage-nonadmin.js
+++ b/public/scripts/manage/manage-nonadmin.js
@ -2,6 +2,8 @@ import * as Data from "./../data.js";
 const gamesListTable = document.getElementById('games-list');
 const addNewButton = document.getElementById('add-new-button');
 const manageAccountButton = document.getElementById('manage-account-button');
 function getGenderLetter(genderName) {
@ -124,4 +126,7 @@ async function listItems() {
 }
 listItems();
-addNewButton.addEventListener('click', () => addGame());
+addNewButton.addEventListener('click', () => addGame());
 manageAccountButton.addEventListener('click', () => {
    window.location.href = '/manage/account';
 });
--- a/public/stylesheets/submit.css
+++ b/public/stylesheets/submit.css
@ -1,3 +1,7 @@
 h1 {
    text-align: center;
 }
 #admin-checkbox-section {
    visibility: hidden;
 }
--- a/routes/data.js
+++ b/routes/data.js
@ -10,13 +10,22 @@ var accounts = require('../database/accounts/accounts');
 function adminLoggedIn(req, res, next) {
    if (req.user && req.user[2]) {
        next();
    }
    else {
        req.flash('error', 'An admin account is required to access this page.');
        res.redirect('/auth/login');
    }
 }
 function userLoggedIn(req, res, next) {
    if (req.user) {
      next();
    }
    else {
      req.flash('error', 'An admin account is required to access this page.');
      res.redirect('/auth/login');
    }
-  }
+}
 router.get('/sports', function(req, res, next) {
    sports.retrieveAll()
@ -77,9 +86,17 @@ router.get('/accounts', adminLoggedIn, function(req, res, next) {
        .then(data => res.json(data));
 })
-router.get('/account', adminLoggedIn, function(req, res, next) {
+router.get('/account', userLoggedIn, function(req, res, next) {
-    accounts.getFromID(req.query.account)
+    const userIsAdmin = req.user[2];
-        .then(data => res.json(data));
+    const loggedInAccountID = req.user[0];
    const requestedAccountID = req.query.account;
    if(!userIsAdmin && loggedInAccountID != requestedAccountID) {
        res.status(403).send("ACCESS DENIED");
    } else {
        accounts.getFromID(req.query.account)
            .then(data => res.json(data));
    }
 })
 module.exports = router;
--- a/routes/manage.js
+++ b/routes/manage.js
@ -149,23 +149,46 @@ router.post('/team', adminLoggedIn, function(req, res, next) {
  else teams.add(name, sport).then(res.redirect("/manage"));
 });
-router.get('/account', adminLoggedIn, (req, res, next) => {
+router.get('/account', userLoggedIn, (req, res, next) => {
-  let title = req.query.account ? 'Manage User' : 'Create User'
+  const userIsAdmin = req.user[2];
  const accountID = req.user[0];
  if(userIsAdmin) {
    let title = req.query.account ? 'Manage User' : 'Create User'
-  res.render('accounts/createuser', { title });
+    res.render('accounts/createuser', { title });  
  }
  else {
    let title = 'Manage Account';
    res.render('accounts/createuser', { title, accountID });  
  }
 });
-router.post('/account', adminLoggedIn, (req, res, next) => {
+router.post('/account', userLoggedIn, (req, res, next) => {
  const email = req.body.email;
  const password = req.body.password;
  const isAdmin = !!req.body.admin;
  const accountID = req.body.account;
  const remove = req.body.remove;
-  if(remove) accounts.remove(accountID).then(res.redirect('/manage'));
+  const loggedInAccountIsAdmin = req.user[2];
-  if(accountID) accounts.edit(accountID, email, password, isAdmin).then(res.redirect('/manage'));
+  const loggedInAccountID = req.user[0];
-  else accounts.create(req.body.email, req.body.password, !!req.body.admin).then(res.redirect('/manage'));
+
  console.log(accountID);
  console.log(loggedInAccountID);
  if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) {
    res.status(403).send("ACCESS DENIED");
  }
  else {
    const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;
    if(remove) accounts.remove(accountID).then(res.redirect('/manage'));
    if(accountID) accounts.edit(accountID, email, password, isAdmin).then(res.redirect('/manage'));
    else accounts.create(req.body.email, req.body.password, !!req.body.admin).then(res.redirect('/manage'));  
  }
 });
 module.exports = router;
--- a/views/accounts/createuser.pug
+++ b/views/accounts/createuser.pug
@ -8,6 +8,8 @@ block content
  div#mobile-view
    h1 #{title}
    form#submission-form(action='/manage/account', method='POST')
      if accountID 
        input#account-id(type="hidden" name="account" value=accountID)
      span(class='form-section')
        label Email
        span(class='form-section-input')
@ -16,7 +18,7 @@ block content
        label Password 
        span(class='form-section-input' )
          input#password-textbox(type="password" name="password" disabled)
-      span(class='form-section')
+      span#admin-checkbox-section(class='form-section')
        span(class='form-section-checkbox')
          input#admin-checkbox(type="checkbox" name="admin" disabled)
          label(for="admin-checkbox") Grant admin privileges