Laying groundwork for roles patch

app/classes/web/routes/api/roles/role/index.py

@@ -33,6 +33,35 @@ modify_role_schema = {
     "minProperties": 1,
 }
 
+basic_modify_role_schema = {
+    "type": "object",
+    "properties": {
+        "name": {
+            "type": "string",
+            "minLength": 1,
+        },
+        "servers": {
+            "type": "array",
+            "items": {
+                "type": "object",
+                "properties": {
+                    "server_id": {
+                        "type": "integer",
+                        "minimum": 1,
+                    },
+                    "permissions": {
+                        "type": "string",
+                        "pattern": "^[01]{8}$",  # 8 bits, see EnumPermissionsServer
+                    },
+                },
+                "required": ["server_id", "permissions"],
+            },
+        },
+    },
+    "additionalProperties": False,
+    "minProperties": 1,
+}
+
 
 class ApiRolesRoleIndexHandler(BaseApiHandler):
     def get(self, role_id: str):
@@ -110,7 +139,10 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
             )
 
         try:
-            validate(data, modify_role_schema)
+            if auth_data[4]["superuser"]:
+                validate(data, modify_role_schema)
+            else:
+                validate(data, basic_modify_role_schema)
         except ValidationError as e:
             return self.finish_json(
                 400,

app/frontend/templates/panel/panel_edit_role.html

@@ -50,9 +50,6 @@
           <div class="">
             <div class="">
               <form id="role_form" class="forms-sample" method="post" action="{{ '/panel/add_role' if data['new_role'] else '/panel/edit_role' }}">
-                {% raw xsrf_form_html() %}
-                <input type="hidden" name="id" value="{{ data['role']['role_id'] }}">
-                <input type="hidden" name="subpage" value="config">
 
                 <div class="card">
                   <div class="card-header header-sm d-flex justify-content-between align-items-center">
@@ -321,9 +318,61 @@
         return r ? r[1] : undefined;
     }
 
+    function gather_server_json() {
+      servers = [];
+      for (s = 0; s < page_servers.length; s++){
+        mask = ""
+      
+      for (i = 0; i < permissions.length; i++){
+        if ($(`permission_${page_servers[s].id}_${permissions[i]}`).prop('checked')){
+          mask += "1"
+        }else{
+          mask += "0"
+        }
+      }
+      servers.push(JSON.stringify({"id": page_servers[s].id, "permissions": mask}));
+    }
+    return servers;
+    }
+
     $( document ).ready(function() {
         console.log( "ready!" );
     });
+    const roleId = new URLSearchParams(document.location.search).get('id');
+
+    $("#config_form").on("submit", async function (e) {
+      e.preventDefault();
+      var token = getCookie("_xsrf")
+      let configForm = document.getElementById("config_form");
+
+      let formData = new FormData(configForm);
+      //Create an object from the form data entries
+      let formDataObject = Object.fromEntries(formData.entries());
+      let send_object = Object()
+      send_object.servers = []
+      send_object.name = formDataObject.role_name
+
+      // Format the plain form data as JSON
+      let formDataJsonString = JSON.stringify(formDataObject, replacer);
+
+      let res = await fetch(`/api/v2/roles/${roleId}`, {
+        method: 'PATCH',
+        headers: {
+          'X-XSRFToken': token
+        },
+        body: formDataJsonString,
+      });
+      let responseData = await res.json();
+      if (responseData.status === "ok") {
+        window.location.reload();
+      } else {
+
+        bootbox.alert({
+          title: responseData.error,
+          message: responseData.error_data
+          });
+      } 
+    });
 
 
 </script>