a
/
gosora
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Show Email button to the User Editor and fix some problems too.

This commit is contained in:
Azareal 2019-11-05 09:32:25 +10:00
parent 5635a54d7a
commit 8cdb0dd187
2 changed files with 48 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
routes/panel/users.go
View File

@ -13,7 +13,6 @@ func Users(w http.ResponseWriter, r *http.Request, user c.User) c.RouteError {
if ferr != nil { if ferr != nil {
return ferr return ferr
} }
page, _ := strconv.Atoi(r.FormValue("page")) page, _ := strconv.Atoi(r.FormValue("page"))
perPage := 15 perPage := 15
offset, page, lastPage := c.PageOffset(basePage.Stats.Users, page, perPage) offset, page, lastPage := c.PageOffset(basePage.Stats.Users, page, perPage)
@ -41,7 +40,6 @@ func UsersEdit(w http.ResponseWriter, r *http.Request, user c.User, suid string)
if err != nil { if err != nil {
return c.LocalError("The provided UserID is not a valid number.", w, r, user) return c.LocalError("The provided UserID is not a valid number.", w, r, user)
} }
targetUser, err := c.Users.Get(uid) targetUser, err := c.Users.Get(uid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user) return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user)
@ -58,7 +56,7 @@ func UsersEdit(w http.ResponseWriter, r *http.Request, user c.User, suid string)
return c.InternalError(err, w, r) return c.InternalError(err, w, r)
} }
var groupList []interface{} var groupList []*c.Group
for _, group := range groups { for _, group := range groups {
if !user.Perms.EditUserGroupAdmin && group.IsAdmin { if !user.Perms.EditUserGroupAdmin && group.IsAdmin {
continue continue
@ -72,8 +70,9 @@ func UsersEdit(w http.ResponseWriter, r *http.Request, user c.User, suid string)
if r.FormValue("updated") == "1" { if r.FormValue("updated") == "1" {
basePage.AddNotice("panel_user_updated") basePage.AddNotice("panel_user_updated")
} }
showEmail := r.FormValue("show-email") == "1"
pi := c.PanelPage{basePage, groupList, targetUser} pi := c.PanelUserEditPage{basePage, groupList, targetUser, showEmail}
return renderTemplate("panel", w, r, basePage.Header, c.Panel{basePage, "", "", "panel_user_edit", &pi}) return renderTemplate("panel", w, r, basePage.Header, c.Panel{basePage, "", "", "panel_user_edit", &pi})
} }
@ -90,7 +89,6 @@ func UsersEditSubmit(w http.ResponseWriter, r *http.Request, user c.User, suid s
if err != nil { if err != nil {
return c.LocalError("The provided UserID is not a valid number.", w, r, user) return c.LocalError("The provided UserID is not a valid number.", w, r, user)
} }
targetUser, err := c.Users.Get(uid) targetUser, err := c.Users.Get(uid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user) return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user)
@ -101,38 +99,39 @@ func UsersEditSubmit(w http.ResponseWriter, r *http.Request, user c.User, suid s
return c.LocalError("Only administrators can edit the account of other administrators.", w, r, user) return c.LocalError("Only administrators can edit the account of other administrators.", w, r, user)
} }
newname := c.SanitiseSingleLine(r.PostFormValue("user-name")) newname := c.SanitiseSingleLine(r.PostFormValue("name"))
if newname == "" { if newname == "" {
return c.LocalError("You didn't put in a username.", w, r, user) return c.LocalError("You didn't put in a name.", w, r, user)
} }
// TODO: How should activation factor into admin set emails? // TODO: How should activation factor into admin set emails?
// TODO: How should we handle secondary emails? Do we even have secondary emails implemented? // TODO: How should we handle secondary emails? Do we even have secondary emails implemented?
newemail := c.SanitiseSingleLine(r.PostFormValue("user-email")) newemail := c.SanitiseSingleLine(r.PostFormValue("email"))
if newemail == "" { if newemail == "" && targetUser.Email != "" {
return c.LocalError("You didn't put in an email address.", w, r, user) return c.LocalError("You didn't put in an email address.", w, r, user)
} }
if newemail == "-1" {
newemail = targetUser.Email
}
if (newemail != targetUser.Email) && !user.Perms.EditUserEmail { if (newemail != targetUser.Email) && !user.Perms.EditUserEmail {
return c.LocalError("You need the EditUserEmail permission to edit the email address of a user.", w, r, user) return c.LocalError("You need the EditUserEmail permission to edit the email address of a user.", w, r, user)
} }
newpassword := r.PostFormValue("user-password") newpassword := r.PostFormValue("password")
if newpassword != "" && !user.Perms.EditUserPassword { if newpassword != "" && !user.Perms.EditUserPassword {
return c.LocalError("You need the EditUserPassword permission to edit the password of a user.", w, r, user) return c.LocalError("You need the EditUserPassword permission to edit the password of a user.", w, r, user)
} }
newgroup, err := strconv.Atoi(r.PostFormValue("user-group")) newgroup, err := strconv.Atoi(r.PostFormValue("group"))
if err != nil { if err != nil {
return c.LocalError("You need to provide a whole number for the group ID", w, r, user) return c.LocalError("You need to provide a whole number for the group ID", w, r, user)
} }
group, err := c.Groups.Get(newgroup) group, err := c.Groups.Get(newgroup)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return c.LocalError("The group you're trying to place this user in doesn't exist.", w, r, user) return c.LocalError("The group you're trying to place this user in doesn't exist.", w, r, user)
} else if err != nil { } else if err != nil {
return c.InternalError(err, w, r) return c.InternalError(err, w, r)
} }
if !user.Perms.EditUserGroupAdmin && group.IsAdmin { if !user.Perms.EditUserGroupAdmin && group.IsAdmin {
return c.LocalError("You need the EditUserGroupAdmin permission to assign someone to an administrator group.", w, r, user) return c.LocalError("You need the EditUserGroupAdmin permission to assign someone to an administrator group.", w, r, user)
} }
@ -145,18 +144,24 @@ func UsersEditSubmit(w http.ResponseWriter, r *http.Request, user c.User, suid s
return c.InternalError(err, w, r) return c.InternalError(err, w, r)
} }
red := false
if newpassword != "" { if newpassword != "" {
c.SetPassword(targetUser.ID, newpassword) c.SetPassword(targetUser.ID, newpassword)
// Log the user out as a safety precaution // Log the user out as a safety precaution
c.Auth.ForceLogout(targetUser.ID) c.Auth.ForceLogout(targetUser.ID)
red = true
} }
targetUser.CacheRemove() targetUser.CacheRemove()
// If we're changing our own password, redirect to the index rather than to a noperms error due to the force logout // If we're changing our own password, redirect to the index rather than to a noperms error due to the force logout
if targetUser.ID == user.ID { if targetUser.ID == user.ID && red {
http.Redirect(w, r, "/", http.StatusSeeOther) http.Redirect(w, r, "/", http.StatusSeeOther)
} else { } else {
http.Redirect(w, r, "/panel/users/edit/"+strconv.Itoa(targetUser.ID)+"?updated=1", http.StatusSeeOther) var se string
if r.PostFormValue("show-email") == "1" {
se = "&show-email=1"
}
http.Redirect(w, r, "/panel/users/edit/"+strconv.Itoa(targetUser.ID)+"?updated=1"+se, http.StatusSeeOther)
} }
return nil return nil
} }
@ -175,7 +180,6 @@ func UsersAvatarSubmit(w http.ResponseWriter, r *http.Request, user c.User, suid
if err != nil { if err != nil {
return c.LocalError("The provided UserID is not a valid number.", w, r, user) return c.LocalError("The provided UserID is not a valid number.", w, r, user)
} }
targetUser, err := c.Users.Get(uid) targetUser, err := c.Users.Get(uid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user) return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user)
@ -190,19 +194,21 @@ func UsersAvatarSubmit(w http.ResponseWriter, r *http.Request, user c.User, suid
if ferr != nil { if ferr != nil {
return ferr return ferr
} }
ferr = c.ChangeAvatar("."+ext, w, r, *targetUser) ferr = c.ChangeAvatar("."+ext, w, r, *targetUser)
if ferr != nil { if ferr != nil {
return ferr return ferr
} }
// TODO: Only schedule a resize if the avatar isn't tiny // TODO: Only schedule a resize if the avatar isn't tiny
err = targetUser.ScheduleAvatarResize() err = targetUser.ScheduleAvatarResize()
if err != nil { if err != nil {
return c.InternalError(err, w, r) return c.InternalError(err, w, r)
} }
http.Redirect(w, r, "/panel/users/edit/"+strconv.Itoa(targetUser.ID)+"?updated=1", http.StatusSeeOther) var se string
if r.PostFormValue("show-email") == "1" {
se = "&show-email=1"
}
http.Redirect(w, r, "/panel/users/edit/"+strconv.Itoa(targetUser.ID)+"?updated=1"+se, http.StatusSeeOther)
return nil return nil
} }
@ -219,7 +225,6 @@ func UsersAvatarRemoveSubmit(w http.ResponseWriter, r *http.Request, user c.User
if err != nil { if err != nil {
return c.LocalError("The provided UserID is not a valid number.", w, r, user) return c.LocalError("The provided UserID is not a valid number.", w, r, user)
} }
targetUser, err := c.Users.Get(uid) targetUser, err := c.Users.Get(uid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user) return c.LocalError("The user you're trying to edit doesn't exist.", w, r, user)
@ -229,12 +234,15 @@ func UsersAvatarRemoveSubmit(w http.ResponseWriter, r *http.Request, user c.User
if targetUser.IsAdmin && !user.IsAdmin { if targetUser.IsAdmin && !user.IsAdmin {
return c.LocalError("Only administrators can edit the account of other administrators.", w, r, user) return c.LocalError("Only administrators can edit the account of other administrators.", w, r, user)
} }
ferr = c.ChangeAvatar("", w, r, *targetUser) ferr = c.ChangeAvatar("", w, r, *targetUser)
if ferr != nil { if ferr != nil {
return ferr return ferr
} }
http.Redirect(w, r, "/panel/users/edit/"+strconv.Itoa(targetUser.ID)+"?updated=1", http.StatusSeeOther) var se string
if r.PostFormValue("show-email") == "1" {
se = "&show-email=1"
}
http.Redirect(w, r, "/panel/users/edit/"+strconv.Itoa(targetUser.ID)+"?updated=1"+se, http.StatusSeeOther)
return nil return nil
} }

23
templates/panel_user_edit.html
View File

@ -2,39 +2,42 @@
<div class="rowitem"><h1>{{lang "panel_user_head"}}</h1></div> <div class="rowitem"><h1>{{lang "panel_user_head"}}</h1></div>
</div> </div>
<div id="panel_user" class="colstack_item the_form"> <div id="panel_user" class="colstack_item the_form">
<form id="user_form" action="/panel/users/edit/submit/{{.Something.ID}}?s={{.CurrentUser.Session}}" method="post"></form> <form id="user_form" action="/panel/users/edit/submit/{{.User.ID}}?s={{.CurrentUser.Session}}" method="post"></form>
<form id="avatar_form" enctype="multipart/form-data" action="/panel/users/avatar/submit/{{.Something.ID}}?s={{.CurrentUser.Session}}" method="post"></form> <form id="avatar_form" enctype="multipart/form-data" action="/panel/users/avatar/submit/{{.User.ID}}?s={{.CurrentUser.Session}}" method="post"></form>
<form id="remove_avatar_form" action="/panel/users/avatar/remove/submit/{{.Something.ID}}?s={{.CurrentUser.Session}}" method="post"></form> <form id="remove_avatar_form" action="/panel/users/avatar/remove/submit/{{.User.ID}}?s={{.CurrentUser.Session}}" method="post"></form>
<div class="formrow"> <div class="formrow">
<div class="formitem formlabel"><a>{{lang "panel_user_avatar"}}</a></div> <div class="formitem formlabel"><a>{{lang "panel_user_avatar"}}</a></div>
<div class="formitem avataritem"> <div class="formitem avataritem">
{{if .Something.RawAvatar}}<img src="{{.Something.Avatar}}" height=56 width=56 />{{end}} {{if .User.RawAvatar}}<img src="{{.User.Avatar}}" height=56 width=56 />{{end}}
<div class="avatarbuttons"> <div class="avatarbuttons">
<input form="avatar_form" id="select_avatar" name="avatar_file" type="file" required class="auto_hide" /> <input form="avatar_form" id="select_avatar" name="avatar_file" type="file" required class="auto_hide" />
<label for="select_avatar" class="formbutton">{{lang "panel_user_avatar_select"}}</label> <label for="select_avatar" class="formbutton">{{lang "panel_user_avatar_select"}}</label>
<button form="avatar_form" name="avatar_action" value=0>{{lang "panel_user_avatar_upload"}}</button> <button form="avatar_form" name="avatar_action" value=0>{{lang "panel_user_avatar_upload"}}</button>
{{if .Something.RawAvatar}}<button form="remove_avatar_form" name="avatar_action" value=1>{{lang "panel_user_avatar_remove"}}</button>{{end}} {{if .User.RawAvatar}}<button form="remove_avatar_form" name="avatar_action" value=1>{{lang "panel_user_avatar_remove"}}</button>{{end}}
</div> </div>
</div> </div>
</div> </div>
<div class="formrow"> <div class="formrow">
<div class="formitem formlabel"><a>{{lang "panel_user_name"}}</a></div> <div class="formitem formlabel"><a>{{lang "panel_user_name"}}</a></div>
<div class="formitem"><input form="user_form" name="user-name" type="text" value="{{.Something.Name}}" placeholder="{{lang "panel_user_name_placeholder"}}" autocomplete="off" /></div> <div class="formitem"><input form="user_form" name="name" type="text" value="{{.User.Name}}" placeholder="{{lang "panel_user_name_placeholder"}}" autocomplete="off" /></div>
</div> </div>
{{if .CurrentUser.Perms.EditUserPassword}}<div class="formrow"> {{if .CurrentUser.Perms.EditUserPassword}}<div class="formrow">
<div class="formitem formlabel"><a>{{lang "panel_user_password"}}</a></div> <div class="formitem formlabel"><a>{{lang "panel_user_password"}}</a></div>
<div class="formitem"><input form="user_form" name="user-password" type="password" placeholder="*****" autocomplete="off" /></div> <div class="formitem"><input form="user_form" name="password" type="password" placeholder="*****" autocomplete="off" /></div>
</div>{{end}} </div>{{end}}
{{if .CurrentUser.Perms.EditUserEmail}}<div class="formrow"> {{if .CurrentUser.Perms.EditUserEmail}}<div class="formrow">
<div class="formitem formlabel"><a>{{lang "panel_user_email"}}</a></div> <div class="formitem formlabel"><a>{{lang "panel_user_email"}}</a></div>
<div class="formitem"><input form="user_form" name="user-email" type="email" value="{{.Something.Email}}" placeholder="example@localhost" /></div> <div class="formitem">
{{if .ShowEmail}}<input form="user_form" name="show-email" value=1 type="hidden" />
<input form="user_form" name="email" type="email" value="{{.User.Email}}" placeholder="example@localhost"/>{{else}}<input form="user_form" name="email" value="-1" type="hidden"/><a href="/panel/users/edit/{{.User.ID}}?show-email=1"><button>{{lang "panel_user_show_email"}}</button></a>{{end}}
</div>
</div>{{end}} </div>{{end}}
{{if .CurrentUser.Perms.EditUserGroup}} {{if .CurrentUser.Perms.EditUserGroup}}
<div class="formrow"> <div class="formrow">
<div class="formitem formlabel"><a>{{lang "panel_user_group"}}</a></div> <div class="formitem formlabel"><a>{{lang "panel_user_group"}}</a></div>
<div class="formitem"> <div class="formitem">
<select form="user_form" name="user-group"> <select form="user_form" name="group">
{{range .ItemList}}<option{{if eq .ID $.Something.Group}} selected{{end}} value="{{.ID}}">{{.Name}}</option>{{end}} {{range .Groups}}<option{{if eq .ID $.User.Group}} selected{{end}} value={{.ID}}>{{.Name}}</option>{{end}}
</select> </select>
</div> </div>
</div>{{end}} </div>{{end}}