Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check for super user on user edit

Browse Source
This commit is contained in:
amcmanu3 2023-10-08 16:39:04 -04:00
parent 612cac4ed2
commit 6d9f930e71
2 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/frontend/templates/panel/panel_config.html
View File

@ -138,7 +138,7 @@
{% end %} {% end %}
</ul> </ul>
</td> </td>
<td><a href="/panel/edit_user?id={{user.user_id}}"><i class="fas fa-pencil-alt"></i></a></td> <td><a class="edit_user" data-name="{{user.username}}" data-id="{{user.user_id}}"><i class="fa-solid fa-user"></i></a>&nbsp;&nbsp;<a class="edit_password" data-id="{{user.user_id}}"><i class="fa-solid fa-lock"></i></a>&nbsp;&nbsp;<a href="/panel/edit_user?id={{user.user_id}}"><i class="fas fa-pencil-alt"></i></a></td>
</tr> </tr>
{% end %} {% end %}
</tbody> </tbody>

30
app/frontend/templates/panel/panel_edit_user.html
View File

@ -409,10 +409,31 @@ data['lang']) }}{% end %}
return; return;
} }
const token = getCookie("_xsrf") const token = getCookie("_xsrf")
let userRes = await fetch(`/api/v2/users/@me`, {
method: "GET",
headers: {
'X-XSRFToken': token
},
});
let userData = await userRes.json();
let superuser = null;
if (userData.status === "ok") {
superuser = userData.data["superuser"];
edit_id = userData.data["user_id"];
} else {
bootbox.alert({
title: userData.error,
message: userData.error
});
}
let userForm = document.getElementById("user_form"); let userForm = document.getElementById("user_form");
let disabled_flag = false; let disabled_flag = false;
let roles = $('.role_check').map(function() { let roles = null;
if (superuser || userId != edit_id){
roles = $('.role_check').map(function() {
if ($(this).attr("disabled")){ if ($(this).attr("disabled")){
disabled_flag = true; disabled_flag = true;
} }
@ -420,7 +441,6 @@ data['lang']) }}{% end %}
return $(this).val(); return $(this).val();
} }
}).get(); }).get();
let avail_permissions = $('.perm-name').map(function() { let avail_permissions = $('.perm-name').map(function() {
return $(this).data("perm"); return $(this).data("perm");
}).get(); }).get();
@ -429,22 +449,24 @@ data['lang']) }}{% end %}
for(i=0; i < avail_permissions.length; i++){ for(i=0; i < avail_permissions.length; i++){
permissions.push({"name": avail_permissions[i], "quantity": $(`#quantity_${avail_permissions[i]}`).val(), "enabled": $(`#permission_${avail_permissions[i]}`).is(':checked')}) permissions.push({"name": avail_permissions[i], "quantity": $(`#quantity_${avail_permissions[i]}`).val(), "enabled": $(`#permission_${avail_permissions[i]}`).is(':checked')})
} }
console.log(permissions); }
let formData = new FormData(userForm); let formData = new FormData(userForm);
//Create an object from the form data entries //Create an object from the form data entries
let formDataObject = Object.fromEntries(formData.entries()); let formDataObject = Object.fromEntries(formData.entries());
if (superuser || userId != edit_id){
if (!disabled_flag){ if (!disabled_flag){
formDataObject.roles = roles; formDataObject.roles = roles;
} }
if ($("#permissions").length){ if ($("#permissions").length){
formDataObject.permissions = permissions; formDataObject.permissions = permissions;
} }
if (userId === null){ if(userId){
if(typeof password === "string"){ if(typeof password === "string"){
formDataObject.password = password; formDataObject.password = password;
} }
} }
}
formDataObject.enabled = $("#enabled").is(":checked"); formDataObject.enabled = $("#enabled").is(":checked");
if ($("#superuser").is(":enabled")){ if ($("#superuser").is(":enabled")){
formDataObject.superuser = $("#superuser").is(":checked"); formDataObject.superuser = $("#superuser").is(":checked");