Finished role management & began work on categories

src/app.rb

@@ -54,14 +54,18 @@ def auth_denied(msg=AUTH_ERRORS[:denied], status=403, ret="/")
 	redirect ret
 end
 
-def no_go_away(ret="/")
+def no_go_away(ret=back)
 	auth_denied "No! GO AWAY!", 403, ret
 end
 
-def banned(ret="/")
+def banned(ret=back)
 	auth_denied "You are banned!", 403, ret
 end
 
+def error(ret=back)
+	auth_denied "Internal server error.", 500, ret
+end
+
 # Routes
 get "/style.css" do
 	sass :"stylesheets/style", style: :compressed
@@ -155,6 +159,11 @@ get "/logout" do
 end
 
 post "/user/update" do
+	id = (get_current_user.admin? and params[:id]) ? params[:id].to_i : session[:userid]
+	p "##########################"
+	puts "id=#{id}"
+	p "##########################"
+
 	data = {
 		name: params["displayname"].chomp,
 		bio_text: params["bio"].chomp
@@ -162,15 +171,15 @@ post "/user/update" do
 
 	if params[:image] then
 		imgdata = params[:image][:tempfile] 
-		save_image imgdata.read, "./public/avatars/#{session[:userid]}.png" # save the image
+		save_image imgdata.read, "./public/avatars/#{id}.png" # save the image
-		data[:avatar_url] = "/avatars/#{session[:userid]}.png" # update image path
+		data[:avatar_url] = "/avatars/#{id}.png" # update image path
 	end
 
-	success, msg = get_current_user.update_creds data # update the user creds
+	success, msg = User.find_by_id(id).update_creds data # update the user creds
 	if not success then flash[:error] = msg end	
 
 	flash[:success] = "Profile updated."
-	redirect "/settings"
+	redirect back
 end
 
 # Auction stuff
@@ -230,7 +239,8 @@ get "/admin" do
 
 	data = {
 		roles: Role.get_all,
-		users: User.get_all
+		users: User.get_all,
+		categories: Category.get_all
 	}
 
 	serve :"admin/index", {flags: flags, data: data}
@@ -240,6 +250,7 @@ end
 get "/admin/users/:id/ban" do
 	auth_denied unless get_current_user.admin?
 	id = params[:id].to_i
+
 	user = User.find_by_id id
 	user.banned = true
 
@@ -251,6 +262,7 @@ end
 get "/admin/users/:id/unban" do
 	auth_denied unless get_current_user.admin?
 	id = params[:id].to_i
+
 	user = User.find_by_id id
 	user.banned = false
 
@@ -267,12 +279,84 @@ get "/admin/users/:id/edit" do
 	serve :"admin/users/edit", {user: user}
 end
 
+post "/admin/users/rolegive" do
+	user = get_current_user
+	auth_denied unless user.permitted?(:roleman)
+
+	user_id = params[:user_id].to_i
+	role_id = params[:role_id].to_i
+
+	auth_denied "You are not permitted to give that role!", 403, back if role_id == ROLES[:banned][:id]
+	
+	if user.role_ids.include?(role_id) or user.admin? then
+		resp = User_Role_relation.give_role(user_id, role_id)
+
+		flash[:success] = "Gave role to user." if resp 
+		redirect back
+	else
+		auth_denied "You are not permitted to give that role!", 403, back
+	end
+end
+
+post "/admin/users/rolerevoke" do
+	user = get_current_user
+	auth_denied unless user.permitted?(:roleman)
+
+	user_id = params[:user_id].to_i
+	role_id = params[:role_id].to_i
+
+	auth_denied "You are not permitted to give that role!", 403, back if role_id == ROLES[:banned][:id]
+	if user.admin? then
+		resp = User_Role_relation.revoke_role(user_id, role_id)	
+		flash[:success] = "Revoked role from user." if resp 
+		redirect back
+	else
+		auth_denied "You are not permitted to give that role!", 403, back
+	end
+end
+
+
+post "/admin/users/setmoney" do
+	user = get_current_user
+	auth_denied unless user.permitted? :moneyman
+
+	id = params[:user_id].to_i
+	money = params[:money].to_f
+	target = User.find_by_id(id)
+
+	target.balance = money
+
+	flash[:success] = "Set users money to '#{money}'."
+
+	redirect back
+end
+
 # ADMIN ROLE MANAGEMENT
 def role_check(id)
 	no_go_away if ROLE_IDS.include? id
 	auth_denied unless get_current_user.permitted? :roleman
 end
 
+post "/admin/roles" do
+	user = get_current_user
+	auth_denied unless user.permitted? :roleman
+
+	name = params[:name]
+	color = params[:color]
+	flags = params[:flags]
+
+	flags = params[:flags].to_i
+	flags = verify_flags(flags, user.flags)
+
+	newid, resp = Role.create(name, color, flags)
+	if newid then
+		flash[:success] = "Successfully created role '#{name}'."
+	else
+		flash[:error] = resp 
+	end
+	redirect back
+end
+
 get "/admin/roles/:id/delete" do
 	id = params[:id].to_i
 	role_check id
@@ -322,43 +406,18 @@ post "/admin/roles/:id/update" do
 	redirect "/admin/roles/#{id}/edit"
 end
 
-post "/admin/roles/give" do
-	user = get_current_user
-	auth_denied unless user.permitted?(:roleman)
-
-	user_id = params[:user_id].to_i
-	role_id = params[:role_id].to_i
 
-	# Deny giving the "banned role"
+# ADMIN CATEGORY MANAGEMENT
-	auth_denied "You are not permitted to give that role!", 403, "/admin" if role_id == ROLES[:banned][:id]
+post "/admin/categories" do
-	
-	if user.role_ids.include?(role_id) or user.admin? then
-		resp = User_Role_relation.give_role(user_id, role_id)
-
-		newrole = Role.find_by_id role_id
-		promoted_user = User.find_by_id user_id
-
-		flash[:success] = "Gave role '#{newrole.name}' to #{promoted_user.name}!" if resp 
-		redirect back
-	else
-		auth_denied "You are not permitted to give that role!", 403, "/admin"
-	end
-end
-
-post "/admin/roles" do
 	user = get_current_user
-	auth_denied unless user.permitted? :roleman
+	auth_denied unless user.permitted? :cateman
 
 	name = params[:name]
 	color = params[:color]
-	flags = params[:flags]
 
-	flags = params[:flags].to_i
+	newid, resp = Category.create(name, color)
-	flags = verify_flags(flags, user.flags)
-
-	newid, resp = Role.create(name, color, flags)
 	if newid then
-		flash[:success] = "Successfully created role '#{name}'."
+		flash[:success] = "Successfully created category '#{name}'."
 	else
 		flash[:error] = resp 
 	end

src/db_models.rb

@@ -55,7 +55,13 @@ class User < EntityModel
 	def reputation=(val)
 		val = val.clamp MIN_REP, MAX_REP
 		@reputation = val
-		self.update({reputation: val}, "id = ?", @id)
+		User.update({reputation: val}, "id = ?", @id)
+	end
+
+	def balance=(val)
+		val = val >= 0 ? val : 0
+		@balance = val
+		User.update({balance: val}, "id = ?", @id)
 	end
 
 	def update_creds(data)

src/views/admin/index.slim

@@ -20,9 +20,9 @@ div
       ul.list-container
         - data[:users].each do |user|
             li
-              | #{user.name}
+              | #{user.name} (id=#{user.id})
               a.inlbutton href="/admin/users/#{user.id}/edit"
-                | [EDIT]
+                | [MANAGE]
               - if session_user.admin?
                 - if user.banned?
                   a.green.inlbutton href="/admin/users/#{user.id}/unban"
@@ -31,32 +31,6 @@ div
                   a.red.inlbutton href="/admin/users/#{user.id}/ban"
                     | [BAN USER]
 
-    article.card.border
-      h2 Add User to Role 
-
-      .form-container
-        form action="/admin/roles/give" method="post"
-          label Select User
-          select name="user_id"
-            - User.get_all.each do |seluser|
-              option value="#{seluser.id}"
-                | #{seluser.name} (id=#{seluser.id})
-
-          label Select Role
-          select name="role_id"
-            - if session_user.admin?
-              - Role.get_all.each do |selrole|
-                - if selrole.id != ROLES[:banned][:id]
-                  option value="#{selrole.id}"
-                    | #{selrole.name} (id=#{selrole.id})
-            - else
-              - session_user.roles.each do |selrole|
-                - if selrole.id != ROLES[:banned][:id]
-                  option value="#{selrole.id}"
-                    | #{selrole.name} (id=#{selrole.id})
-
-          input type="submit" value="Add User"
-
   h2#roles Role Management
   .management-container
     article.card.border
@@ -87,3 +61,30 @@ div
                   | [EDIT]
                 a.inlbutton href="/admin/roles/#{role.id}/delete"
                   | [DELETE]
+
+  h2#categories Category Management
+  .management-container
+    article.card.border
+      h2 Create Category
+
+      .form-container
+        form action="/admin/categories" method="post"
+          label Category name
+          input type="text" name="name" pattern="#{NAME_REGEX_STR}" maxlength="#{MAX_NAME_LEN}" oninput="this.reportValidity()" title="#{REGISTER_ERRORS[:name_desc]}"
+
+          label Category color 
+          input type="color" name="color" value="#010ffa"
+
+          input type="submit" value="Create category"
+        
+
+    article.card.border
+      h2 Manage Categories 
+      ul.list-container
+        - data[:categories].each do |category|
+            li
+              | #{category.name}
+              a.inlbutton href="/admin/categories/#{category.id}/edit"
+                | [EDIT]
+              a.inlbutton href="/admin/categories/#{category.id}/delete"
+                | [DELETE]

src/views/admin/users/edit.slim

@@ -16,6 +16,7 @@
     h2.tcenter = "User Settings"
     .form-container
       form action="/user/update" method="post" enctype="multipart/form-data"
+        input type="hidden" name="id" value="#{user.id}"
         img.avatar_big src="#{user.avatar_url}" alt="Your avatar"
         label Change avatar
         input type="file" name="image" accept="image"
@@ -27,3 +28,49 @@
         textarea name="bio" cols="20" rows="5" title="Content length must be between #{MIN_BIO_LEN} and #{MAX_BIO_LEN} characters" pattern="#{BIO_REGEX_STR}" maxlength="#{MAX_BIO_LEN}" placeholder="Tell us about yourself!" value="#{user.bio_text}" = user.bio_text
         input type="submit" value="Update"
 
+    article.card.border
+      h2 Add Role 
+
+      .form-container
+        form action="/admin/users/rolegive" method="post"
+          label Select Role
+          input type="hidden" name="user_id" value="#{user.id}"
+          select name="role_id"
+            - if session_user.admin?
+              - Role.get_all.each do |selrole|
+                - if selrole.id != ROLES[:banned][:id]
+                  option value="#{selrole.id}"
+                    | #{selrole.name} (id=#{selrole.id})
+            - else
+              - session_user.roles.each do |selrole|
+                - if selrole.id != ROLES[:banned][:id]
+                  option value="#{selrole.id}"
+                    | #{selrole.name} (id=#{selrole.id})
+
+          input type="submit" value="Give role"
+
+    article.card.border
+      h2 Remove Role 
+
+      .form-container
+        form action="/admin/users/rolerevoke" method="post"
+          label Select Role
+          input type="hidden" name="user_id" value="#{user.id}"
+          select name="role_id"
+            - user.roles.each do |selrole|
+              - if selrole and selrole.id != ROLES[:banned][:id]
+                option value="#{selrole.id}"
+                  | #{selrole.name} (id=#{selrole.id})
+
+          input type="submit" value="Revoke role"
+
+    article.card.border
+      h2 Set money 
+
+      .form-container
+        form action="/admin/users/setmoney" method="post"
+          label Amount 
+          input type="hidden" name="user_id" value="#{user.id}"
+          input type="number" name="money" value="#{user.balance}" min="0"
+
+          input type="submit" value="Set money"

src/views/stylesheets/style.sass

@@ -155,8 +155,10 @@ a.button:hover
   font-size: 1rem
   font-weight: bold
   animation: fade-in .9s ease-in alternate
+  border-radius: $border_radius
   background: $bg_clr
   transition: .1s opacity 
+  overflow: hidden
 
   div:not(:last-child)
     margin-bottom: 1rem
@@ -164,14 +166,12 @@ a.button:hover
   &-error
     color: $fg_error
     padding: 8px
-    border: $border_size solid $red_clr
+    border: $border_size solid $green_clr
-    border-radius: $border_radius
 
   &-success
     color: $green_clr
     padding: 8px
     border: $border_size solid $green_clr
-    border-radius: $border_radius
 
 .flash:hover
   cursor: pointer