Added values for editing/adding permision to users via web interface

2024-09-19 17:21:10 +01:00 · 2017-12-01 13:48:29 -08:00 · 2017-12-01 13:48:29 -08:00 · c831bbf1e4
parent 4351bb7e4e
commit c831bbf1e4
4 changed files with 16 additions and 8 deletions
--- a/admin/admin.go
+++ b/admin/admin.go
@ -50,7 +50,7 @@ func AddUser() common.Handler {
 				StatusCode: http.StatusInternalServerError,
 			}
 		}
-		statement, err := db.Prepare("INSERT INTO users(username,hash,realname,email) VALUES (?,?,?,?)")
+		statement, err := db.Prepare("INSERT INTO users(username,hash,realname,email,permissions) VALUES (?,?,?,?,?)")
 		if err != nil {
 			return &common.HTTPError{
 				Message:    fmt.Sprintf("error preparing sqlite3 statement: %v", err),
@ -70,10 +70,11 @@ func AddUser() common.Handler {
 		password := strings.Join(r.Form["password"], "")
 		realname := strings.Join(r.Form["realname"], "")
 		email := strings.Join(r.Form["email"], "")
 		permissions := strings.Join(r.Form["permissions"], "")
 		hash, err := bcrypt.GenerateFromPassword([]byte(password), 4)
-		_, err = statement.Exec(username, hash, realname, email)
+		_, err = statement.Exec(username, hash, realname, email, permissions)
 		if err != nil {
 			return &common.HTTPError{
 				Message:    fmt.Sprintf("error executing sqlite3 statement: %v", err),
@ -112,9 +113,10 @@ func EditUser() common.Handler {
 		newpassword := strings.Join(r.Form["newpw1"], "")
 		realname := strings.Join(r.Form["realname"], "")
 		email := strings.Join(r.Form["email"], "")
 		permissions := strings.Join(r.Form["permissions"], "")
 		pwhash, err := bcrypt.GenerateFromPassword([]byte(password), 4)
-		statement, err := db.Prepare("UPDATE users SET username=?, hash=?, realname=?, email=? WHERE id=?")
+		statement, err := db.Prepare("UPDATE users SET username=?, hash=?, realname=?, email=?, permissions=? WHERE id=?")
 		if err != nil {
 			return &common.HTTPError{
 				Message:    fmt.Sprintf("error preparing sqlite3 statement: %v", err),
@ -162,7 +164,7 @@ func EditUser() common.Handler {
 			pwhash, err = bcrypt.GenerateFromPassword([]byte(newpassword), 4)
 		}
-		_, err = statement.Exec(username, pwhash, realname, email, id)
+		_, err = statement.Exec(username, pwhash, realname, email, id, permissions)
 		if err != nil {
 			return &common.HTTPError{
 				Message:    fmt.Sprintf("error executing sqlite3 statement: %v", err),
--- a/assets/config/users.db
+++ b/assets/config/users.db
--- a/assets/web/static/app.js
+++ b/assets/web/static/app.js
@ -91,6 +91,12 @@ const usernew = {
        <label for="password">New Password</label>
        <input type="password" id="password" name="password">
        <label for="permissions">Permission Level</label>
        <select name="permissions">
            <option value="0">Publishing only</option>
            <option value="1">Publishing and Episode Management</option>
            <option value="2">Publishing, Episode and User management</option>
        </select>
        <br /><br />
        <input type="submit" class="button" value="Save"></form>
    </div>
--- a/router/router.go
+++ b/router/router.go
@ -97,22 +97,22 @@ func Init() *mux.Router {
 		admin.DeleteUser(),
 	)).Methods("GET")
 	r.Handle("/admin/edit", Handle(
-		auth.RequireAuthorization(0),
+		auth.RequireAuthorization(1),
 		admin.EditEpisode(),
 	)).Methods("POST")
 	r.Handle("/admin/delete", Handle(
-		auth.RequireAuthorization(0),
+		auth.RequireAuthorization(1),
 		admin.RemoveEpisode(),
 	)).Methods("GET")
 	r.Handle("/admin/css", Handle(
-		auth.RequireAuthorization(2),
+		auth.RequireAuthorization(1),
 		admin.CustomCss(),
 	)).Methods("GET", "POST")
 	r.Handle("/admin/adduser", Handle(
-		auth.RequireAuthorization(1),
+		auth.RequireAuthorization(2),
 		admin.AddUser(),
 	)).Methods("POST")