More admin panel stuff with roles etc

3 years ago · ce06ef7f89
parent 7d5e9cb4ef
commit ce06ef7f89
7 changed files with 84 additions and 19 deletions
--- a/src/app.rb
+++ b/src/app.rb
@ -51,7 +51,7 @@ def auth_denied(msg=AUTH_ERRORS[:denied], status=403, ret="/")
 	session[:status] = status
 	session[:ret] = ret
 	flash[:error] = msg
-	redirect "/"
+	redirect ret
 end

 def no_go_away(ret="/")
@ -290,6 +290,26 @@ post "/admin/roles/:id/update" do
 	redirect "/admin/roles/#{id}/edit"
 end

+post "/admin/roles/give" do
+	user = get_current_user
+	auth_denied if user.permitted? :roleman
+
+	user_id = params[:user_id]
+	role_id = params[:role_id]
+	
+	if user.role_ids.include? role_id or user.admin? then
+		User_Role_relation.give_role(user_id, role_id)
+
+		newrole = Role.find_by_id role_id
+		promoted_user = User.find_by_id user_id
+
+		flash[:success] = "Gave role '#{newrole.name}' to #{promoted_user.name}!"
+		redirect "/admin"
+	else
+		auth_denied "You are not permitted to give that role!", 403, "/admin"
+	end
+end
+
 post "/admin/roles" do
 	user = get_current_user
 	auth_denied if user.permitted? :roleman
--- a/src/db_models.rb
+++ b/src/db_models.rb
@ -26,6 +26,10 @@ class User < EntityModel
 		return ""
 	end

+	def role_ids
+		User_Role_relation.get_user_roles_ids @id
+	end
+
 	def roles
 		User_Role_relation.get_user_roles @id
 	end
@ -207,16 +211,6 @@ class Role < EntityModel
 	def self.edit(roleid, data)
 		self.update data, "id = #{roleid}"
 	end
-
-	def self.get_all_ids
-		ids = self.get "id"
-		ids.map! {|k, id| id.to_i}
-	end
-
-	def self.get_all
-		data = self.get "*"
-		data && data.map! {|r| Role.new(r)}
-	end
 end


@ -232,10 +226,30 @@ class User_Role_relation < EntityModel
 		end
 	end

+	def self.give_role(user_id, role_id)
+		user = User.find_by_id user_id
+
+		# TODO prevent duplicate roles
+		if not user.role_ids.include? role_id then
+			data = {
+				role_id: role_id,
+				user_id: user_id
+			}
+			self.insert data
+		end
+	end
+
+	def self.get_user_roles_ids(user_id)
+		ids = self.get "role_id", "user_id = ?", user_id
+		ids.map! do |ent|
+			ent["role_id"].to_i
+		end
+	end
+	
 	def self.get_user_roles(user_id)
-		roleids = self.get "role_id", "user_id = ?", user_id
-		roles = roleids.map do |ent| 
-			Role.find_by_id(ent["role_id"].to_i)
+		roleids = self.get_user_roles_ids user_id
+		roles = roleids.map do |id| 
+			Role.find_by_id(id)
 		end
 	end
 end
--- a/src/lib/database.rb
+++ b/src/lib/database.rb
@ -98,10 +98,6 @@ class EntityModel
 		end
 	end

-	def self.get_all(ents="*")
-		self.query "SELECT #{ents} FROM #{self.name}"
-	end
-
 	def self.exists?(id)
 		resp = self.get "id", "id = ?", id
 		resp.length > 0
@ -111,6 +107,17 @@ class EntityModel
 		data = self.get("*", "id = ?", id).first
 		data && self.new(data)
 	end
+
+
+	def self.get_all_ids
+		ids = self.get "id"
+		ids.map! {|k, id| id.to_i}
+	end
+
+	def self.get_all
+		data = self.get "*"
+		data && data.map! {|r| self.new(r)}
+	end
 end

 class RelationModel < EntityModel # TODO: make this work
--- a/src/public/avatars/3.png
+++ b/src/public/avatars/3.png
--- a/src/views/admin/index.slim
+++ b/src/views/admin/index.slim
@ -27,3 +27,26 @@ h1 Admin Panel
            a.inlbutton href="/admin/roles/#{role.id}/delete"
              | [DELETE]
      
+  article.card.border
+    h2 Add User to Role 
+
+    .form-container
+      form action="/admin/roles/give" method="post"
+        label Select User
+        select name="user_id"
+          - User.get_all.each do |seluser|
+            option value="#{seluser.id}"
+              | #{seluser.name} (id=#{seluser.id})
+
+        label Select Role
+        select name="role_id"
+          - if session_user.admin?
+            - Role.get_all.each do |selrole|
+              option value="#{selrole.id}"
+                | #{selrole.name} (id=#{selrole.id})
+          - else
+            - session_user.roles.each do |selrole|
+              option value="#{selrole.id}"
+                | #{selrole.name} (id=#{selrole.id})
+
+        input type="submit" value="Add User"
--- a/src/views/auction/index.slim
+++ b/src/views/auction/index.slim
@ -4,7 +4,7 @@
    .form-container
      form action="/auctions" method="get"
        label Keywords
-        input type="text" name="title" placeholder="Keywords (ex: computer, teapot)"
+        input type="search" name="title" placeholder="Keywords (ex: computer, teapot)"

        label Price range
        input type="range" name="price_rng"
--- a/src/views/stylesheets/style.sass
+++ b/src/views/stylesheets/style.sass
@ -418,6 +418,7 @@ ul.list-container
 #admin-panel
  display: flex
  flex-wrap: wrap
+  justify-content: center

  article
    margin: 2rem