feat(admin): handle user demotion & promotion
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
7c6acad689
commit
546600db93
@ -71,7 +71,7 @@ const (
|
||||
type requestAdminUpdateUser struct {
|
||||
User string `form:"user"`
|
||||
Password *string `form:"password"`
|
||||
isAdmin *bool `form:"is_admin"`
|
||||
IsAdmin *string `form:"is_admin"`
|
||||
Operation operationType `form:"operation"`
|
||||
}
|
||||
|
||||
@ -674,14 +674,14 @@ func (api *API) restoreData(zipReader *zip.Reader) error {
|
||||
destPath := filepath.Join(api.cfg.DataPath, file.Name)
|
||||
destFile, err := os.Create(destPath)
|
||||
if err != nil {
|
||||
fmt.Println("Error creating destination file:", err)
|
||||
log.Errorf("error creating destination file: %v", err)
|
||||
return err
|
||||
}
|
||||
defer destFile.Close()
|
||||
|
||||
// Copy the contents from the zip file to the destination file.
|
||||
if _, err := io.Copy(destFile, rc); err != nil {
|
||||
fmt.Println("Error copying file contents:", err)
|
||||
log.Errorf("Error copying file contents: %v", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
@ -796,8 +796,8 @@ func (api *API) createUser(createRequest requestAdminUpdateUser) error {
|
||||
}
|
||||
|
||||
// Handle Admin (Explicit or False)
|
||||
if createRequest.isAdmin != nil {
|
||||
createParams.Admin = *createRequest.isAdmin
|
||||
if createRequest.IsAdmin != nil {
|
||||
createParams.Admin = *createRequest.IsAdmin == "true"
|
||||
} else {
|
||||
createParams.Admin = false
|
||||
}
|
||||
@ -835,7 +835,7 @@ func (api *API) updateUser(updateRequest requestAdminUpdateUser) error {
|
||||
if updateRequest.User == "" {
|
||||
return fmt.Errorf("username can't be empty")
|
||||
}
|
||||
if updateRequest.Password == nil && updateRequest.isAdmin == nil {
|
||||
if updateRequest.Password == nil && updateRequest.IsAdmin == nil {
|
||||
return fmt.Errorf("nothing to update")
|
||||
}
|
||||
|
||||
@ -845,8 +845,8 @@ func (api *API) updateUser(updateRequest requestAdminUpdateUser) error {
|
||||
}
|
||||
|
||||
// Handle Admin (Update or Existing)
|
||||
if updateRequest.isAdmin != nil {
|
||||
updateParams.Admin = *updateRequest.isAdmin
|
||||
if updateRequest.IsAdmin != nil {
|
||||
updateParams.Admin = *updateRequest.IsAdmin == "true"
|
||||
} else {
|
||||
user, err := api.db.Queries.GetUser(api.db.Ctx, updateRequest.User)
|
||||
if err != nil {
|
||||
@ -855,8 +855,12 @@ func (api *API) updateUser(updateRequest requestAdminUpdateUser) error {
|
||||
updateParams.Admin = user.Admin
|
||||
}
|
||||
|
||||
// TODO:
|
||||
// - Validate Not Last Admin
|
||||
// Check Admins
|
||||
if isLast, err := api.isLastAdmin(updateRequest.User); err != nil {
|
||||
return err
|
||||
} else if isLast {
|
||||
return fmt.Errorf("unable to demote %s - last admin", updateRequest.User)
|
||||
}
|
||||
|
||||
// Handle Password
|
||||
if updateRequest.Password != nil {
|
||||
@ -891,7 +895,31 @@ func (api *API) updateUser(updateRequest requestAdminUpdateUser) error {
|
||||
}
|
||||
|
||||
func (api *API) deleteUser(updateRequest requestAdminUpdateUser) error {
|
||||
// TODO:
|
||||
// - Validate Not Last Admin
|
||||
// Check Admins
|
||||
if isLast, err := api.isLastAdmin(updateRequest.User); err != nil {
|
||||
return err
|
||||
} else if isLast {
|
||||
return fmt.Errorf("unable to demote %s - last admin", updateRequest.User)
|
||||
}
|
||||
|
||||
// TODO - Implementation
|
||||
|
||||
return errors.New("unimplemented")
|
||||
}
|
||||
|
||||
func (api *API) isLastAdmin(userID string) (bool, error) {
|
||||
allUsers, err := api.db.Queries.GetUsers(api.db.Ctx)
|
||||
if err != nil {
|
||||
return false, errors.Wrap(err, fmt.Sprintf("GetUsers DB Error: %v", err))
|
||||
}
|
||||
|
||||
hasAdmin := false
|
||||
for _, user := range allUsers {
|
||||
if user.Admin && user.ID != userID {
|
||||
hasAdmin = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return !hasAdmin, nil
|
||||
}
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -68,11 +68,8 @@
|
||||
<form method="POST"
|
||||
action="./users"
|
||||
class="flex flex gap-2 text-black dark:text-white text-sm">
|
||||
<input type="text"
|
||||
id="operation"
|
||||
name="operation"
|
||||
value="UPDATE"
|
||||
class="hidden" />
|
||||
<input type="hidden" id="operation" name="operation" value="UPDATE" />
|
||||
<input type="hidden" id="user" name="user" value="{{ $user.ID }}" />
|
||||
<input type="password"
|
||||
id="password"
|
||||
name="password"
|
||||
@ -83,17 +80,37 @@
|
||||
</form>
|
||||
</div>
|
||||
</td>
|
||||
<td class="p-3 border-b border-gray-200 text-center min-w-40">
|
||||
<span class="px-2 py-1 rounded-md text-white dark:text-black {{ if $user.Admin }}bg-gray-800 dark:bg-gray-100{{ else }}bg-gray-400 dark:bg-gray-600 cursor-pointer{{ end }}">admin</span>
|
||||
<span class="px-2 py-1 rounded-md text-white dark:text-black {{ if $user.Admin }}bg-gray-400 dark:bg-gray-600 cursor-pointer{{ else }}bg-gray-800 dark:bg-gray-100{{ end }}">user</span>
|
||||
</td>
|
||||
<td class="p-3 border-b border-gray-200">
|
||||
<p>{{ $user.CreatedAt }}</p>
|
||||
</td>
|
||||
</tr>
|
||||
{{ end }}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<td class="flex gap-2 justify-center p-3 border-b border-gray-200 text-center min-w-40">
|
||||
<!-- Set Admin & User Styles -->
|
||||
{{ $adminStyle := "bg-gray-400 dark:bg-gray-600 cursor-pointer" }}
|
||||
{{ $userStyle := "bg-gray-400 dark:bg-gray-600 cursor-pointer" }}
|
||||
{{ if $user.Admin }}{{ $adminStyle = "bg-gray-800 dark:bg-gray-100 cursor-default" }}{{ end }}
|
||||
{{ if not $user.Admin }}{{ $userStyle = "bg-gray-800 dark:bg-gray-100 cursor-default" }}{{ end }}
|
||||
<form method="POST"
|
||||
action="./users"
|
||||
class="flex flex gap-2 text-black dark:text-white text-sm">
|
||||
<input type="hidden" id="operation" name="operation" value="UPDATE" />
|
||||
<input type="hidden" id="user" name="user" value="{{ $user.ID }}" />
|
||||
<input type="hidden" id="is_admin" name="is_admin" value="true" />
|
||||
<button {{ if $user.Admin }}type="button"{{ else }}type="submit"{{ end }} class="px-2 py-1 rounded-md text-white dark:text-black {{ $adminStyle }}">admin
|
||||
</button>
|
||||
</form>
|
||||
<form method="POST"
|
||||
action="./users"
|
||||
class="flex flex gap-2 text-black dark:text-white text-sm">
|
||||
<input type="hidden" id="operation" name="operation" value="UPDATE" />
|
||||
<input type="hidden" id="user" name="user" value="{{ $user.ID }}" />
|
||||
<input type="hidden" id="is_admin" name="is_admin" value="false" />
|
||||
<button {{ if $user.Admin }}type="submit"{{ else }}type="button"{{ end }} class="px-2 py-1 rounded-md text-white dark:text-black {{ $userStyle }}">user
|
||||
</form>
|
||||
</td>
|
||||
<td class="p-3 border-b border-gray-200">
|
||||
<p>{{ $user.CreatedAt }}</p>
|
||||
</td>
|
||||
</tr>
|
||||
{{ end }}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
{{ end }}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user