Add ability for non-admin users to manage their account
parent
54978d3c35
commit
e277107b10
|
@ -4,13 +4,14 @@ import * as Form from "../form.js";
|
|||
const submissionForm = document.getElementById('submission-form');
|
||||
const emailTextbox = document.getElementById('email-textbox');
|
||||
const passwordTextbox = document.getElementById('password-textbox');
|
||||
const adminCheckboxSection = document.getElementById('admin-checkbox-section');
|
||||
const adminCheckbox = document.getElementById('admin-checkbox');
|
||||
const submitButton = document.getElementById('submit-button');
|
||||
const deleteButton = document.getElementById('delete-button');
|
||||
|
||||
async function Initialize() {
|
||||
let params = new URLSearchParams(location.search);
|
||||
let accountID = params.get('account');
|
||||
let accountID = params.get('account') || (document.getElementById('account-id') ? document.getElementById('account-id').value : null);
|
||||
if(accountID) {
|
||||
const account = await Data.getAccount(accountID);
|
||||
console.log(account);
|
||||
|
@ -21,16 +22,25 @@ async function Initialize() {
|
|||
|
||||
adminCheckbox.checked = account.isAdmin;
|
||||
|
||||
if(!document.getElementById('account-id')) {
|
||||
adminCheckboxSection.style.visibility = "visible";
|
||||
adminCheckbox.disabled = false;
|
||||
|
||||
Form.addHiddenValue('account', accountID, submissionForm);
|
||||
}
|
||||
|
||||
deleteButton.style.visibility = "visible";
|
||||
deleteButton.disabled = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
adminCheckboxSection.style.visibility = "visible";
|
||||
adminCheckbox.disabled = false;
|
||||
}
|
||||
emailTextbox.disabled = false;
|
||||
emailTextbox.addEventListener('keyup', checkDataValidity);
|
||||
passwordTextbox.disabled = false;
|
||||
passwordTextbox.addEventListener('keyup', checkDataValidity);
|
||||
adminCheckbox.disabled = false;
|
||||
checkDataValidity();
|
||||
}
|
||||
Initialize();
|
||||
|
|
|
@ -2,6 +2,8 @@ import * as Data from "./../data.js";
|
|||
|
||||
const gamesListTable = document.getElementById('games-list');
|
||||
const addNewButton = document.getElementById('add-new-button');
|
||||
const manageAccountButton = document.getElementById('manage-account-button');
|
||||
|
||||
|
||||
|
||||
function getGenderLetter(genderName) {
|
||||
|
@ -125,3 +127,6 @@ async function listItems() {
|
|||
listItems();
|
||||
|
||||
addNewButton.addEventListener('click', () => addGame());
|
||||
manageAccountButton.addEventListener('click', () => {
|
||||
window.location.href = '/manage/account';
|
||||
});
|
|
@ -1,3 +1,7 @@
|
|||
h1 {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
#admin-checkbox-section {
|
||||
visibility: hidden;
|
||||
}
|
|
@ -16,7 +16,16 @@ function adminLoggedIn(req, res, next) {
|
|||
req.flash('error', 'An admin account is required to access this page.');
|
||||
res.redirect('/auth/login');
|
||||
}
|
||||
}
|
||||
|
||||
function userLoggedIn(req, res, next) {
|
||||
if (req.user) {
|
||||
next();
|
||||
}
|
||||
else {
|
||||
res.redirect('/auth/login');
|
||||
}
|
||||
}
|
||||
|
||||
router.get('/sports', function(req, res, next) {
|
||||
sports.retrieveAll()
|
||||
|
@ -77,9 +86,17 @@ router.get('/accounts', adminLoggedIn, function(req, res, next) {
|
|||
.then(data => res.json(data));
|
||||
})
|
||||
|
||||
router.get('/account', adminLoggedIn, function(req, res, next) {
|
||||
router.get('/account', userLoggedIn, function(req, res, next) {
|
||||
const userIsAdmin = req.user[2];
|
||||
const loggedInAccountID = req.user[0];
|
||||
const requestedAccountID = req.query.account;
|
||||
|
||||
if(!userIsAdmin && loggedInAccountID != requestedAccountID) {
|
||||
res.status(403).send("ACCESS DENIED");
|
||||
} else {
|
||||
accounts.getFromID(req.query.account)
|
||||
.then(data => res.json(data));
|
||||
}
|
||||
})
|
||||
|
||||
module.exports = router;
|
|
@ -149,23 +149,46 @@ router.post('/team', adminLoggedIn, function(req, res, next) {
|
|||
else teams.add(name, sport).then(res.redirect("/manage"));
|
||||
});
|
||||
|
||||
router.get('/account', adminLoggedIn, (req, res, next) => {
|
||||
router.get('/account', userLoggedIn, (req, res, next) => {
|
||||
const userIsAdmin = req.user[2];
|
||||
const accountID = req.user[0];
|
||||
|
||||
if(userIsAdmin) {
|
||||
let title = req.query.account ? 'Manage User' : 'Create User'
|
||||
|
||||
res.render('accounts/createuser', { title });
|
||||
}
|
||||
else {
|
||||
let title = 'Manage Account';
|
||||
|
||||
res.render('accounts/createuser', { title, accountID });
|
||||
}
|
||||
});
|
||||
|
||||
router.post('/account', adminLoggedIn, (req, res, next) => {
|
||||
router.post('/account', userLoggedIn, (req, res, next) => {
|
||||
const email = req.body.email;
|
||||
const password = req.body.password;
|
||||
const isAdmin = !!req.body.admin;
|
||||
|
||||
const accountID = req.body.account;
|
||||
const remove = req.body.remove;
|
||||
|
||||
const loggedInAccountIsAdmin = req.user[2];
|
||||
const loggedInAccountID = req.user[0];
|
||||
|
||||
console.log(accountID);
|
||||
console.log(loggedInAccountID);
|
||||
|
||||
|
||||
if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) {
|
||||
res.status(403).send("ACCESS DENIED");
|
||||
}
|
||||
else {
|
||||
const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;
|
||||
|
||||
if(remove) accounts.remove(accountID).then(res.redirect('/manage'));
|
||||
if(accountID) accounts.edit(accountID, email, password, isAdmin).then(res.redirect('/manage'));
|
||||
else accounts.create(req.body.email, req.body.password, !!req.body.admin).then(res.redirect('/manage'));
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
|
|
@ -8,6 +8,8 @@ block content
|
|||
div#mobile-view
|
||||
h1 #{title}
|
||||
form#submission-form(action='/manage/account', method='POST')
|
||||
if accountID
|
||||
input#account-id(type="hidden" name="account" value=accountID)
|
||||
span(class='form-section')
|
||||
label Email
|
||||
span(class='form-section-input')
|
||||
|
@ -16,7 +18,7 @@ block content
|
|||
label Password
|
||||
span(class='form-section-input' )
|
||||
input#password-textbox(type="password" name="password" disabled)
|
||||
span(class='form-section')
|
||||
span#admin-checkbox-section(class='form-section')
|
||||
span(class='form-section-checkbox')
|
||||
input#admin-checkbox(type="checkbox" name="admin" disabled)
|
||||
label(for="admin-checkbox") Grant admin privileges
|
||||
|
|
Reference in New Issue