Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout in navbar, admin only edit users #18

Merged
merged 6 commits into from
Apr 25, 2023
Merged

Logout in navbar, admin only edit users #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a886481
routes/users/edit admin only now
MAPReiff Apr 23, 2023
e5ed3ba
Update linting for routes/users
MAPReiff Apr 23, 2023
f15d51d
Update view user page title
MAPReiff Apr 23, 2023
c534335
Update edit user page title
MAPReiff Apr 23, 2023
d1ec536
Removed unnecessary console.log
MAPReiff Apr 23, 2023
2c53452
Update login/register error rendering
MAPReiff Apr 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions routes/main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ router
}
}
} catch (e) {
res.status(400).render("login", { title: "Login", error: `${e}` });
res.status(400).render("login", { title: "Login", error: `${e}`, loginPage: true });
}
});

Expand Down Expand Up @@ -164,7 +164,7 @@ router
}
} catch (e) {
// render form with 400 code
res.status(400).render("register", { title: "Register", error: `${e}` });
res.status(400).render("register", { title: "Register", error: `${e}`, loginPage: true });
}
});

Expand Down
201 changes: 114 additions & 87 deletions routes/users.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import { Router } from "express";
const router = Router();
import {ticketData} from '../data/index.js';
import {userData} from '../data/index.js';
import { renderError } from '../helpers.js';
import { ticketData } from "../data/index.js";
import { userData } from "../data/index.js";
import { renderError } from "../helpers.js";

router
.route("/")
Expand All @@ -11,18 +11,18 @@ router

try {
users = await userData.getAll();
}catch(e) {
renderError(res, 404, 'Issue Retrieving users');
} catch (e) {
renderError(res, 404, "Issue Retrieving users");
}

try{
try {
res.status(200).render("allUsersView", {
title: "Users View",
users: users,
query: ""
query: "",
});
}catch(e) {
renderError(res, 500, 'Internal Server Error');
} catch (e) {
renderError(res, 500, "Internal Server Error");
}
})
.post(async (req, res) => {
Expand All @@ -31,18 +31,18 @@ router

try {
users = await userData.search(search);
}catch(e) {
renderError(res, 404, 'User(s) not found');
} catch (e) {
renderError(res, 404, "User(s) not found");
}

try{
try {
res.status(200).render("allUsersView", {
title: "Users View",
users: users,
query: search
query: search,
});
}catch(e) {
renderError(res, 500, 'Internal Server Error');
} catch (e) {
renderError(res, 500, "Internal Server Error");
}
});

Expand All @@ -51,20 +51,25 @@ router.route("/view/:id").get(async (req, res) => {
let user = await userData.get(req.params.id);
const name = `${user.firstName} ${user.lastName}`;
res.status(200).render("userView", {
title: `View User - ${name}`,
id: user._id,
name: name,
username: user.username,
email: user.email,
role: user.role,
title: user.title,
createdTickets: await ticketData.getMultiple(user.createdTickets.map((ticket) => {
return ticket.toString();
})),
ownedTickets: await ticketData.getMultiple(user.ticketsBeingWorkedOn.map((ticket) => {
return ticket.toString();
})),
jobTitle: user.title,
createdTickets: await ticketData.getMultiple(
user.createdTickets.map((ticket) => {
return ticket.toString();
})
),
ownedTickets: await ticketData.getMultiple(
user.ticketsBeingWorkedOn.map((ticket) => {
return ticket.toString();
})
),
commentsLeft: user.commentsLeft,
admin: (req.session.user.role.toLowerCase() === "admin"),
admin: req.session.user.role.toLowerCase() === "admin",
});
} catch (e) {
console.log(e);
Expand All @@ -79,74 +84,96 @@ router.route("/view/:id").get(async (req, res) => {

router
.route("/edit/:id")
.get(async (req, res) => {

let user;
try {
user = await userData.get(req.params.id);
}catch(e) {
renderError(res, 404, 'User not found');
}
.get(
(req, res, next) => {
if (req.session.user.role.toLowerCase() !== "admin") {
return renderError(res, 403, "Forbidden - Only admins can edit users");
} else {
req.method = "GET";
next();
}
},
async (req, res) => {
let user;
try {
user = await userData.get(req.params.id);
} catch (e) {
renderError(res, 404, "User not found");
}

try {
let user = await userData.get(req.params.id);
let adminUser = req.session.user;
const name = `${user.firstName} ${user.lastName}`;
res.status(200).render("userEdit", {
id: user._id,
name: name,
username: user.username,
email: user.email,
role: user.role,
title: user.title,
createdTickets: await ticketData.getMultiple(user.createdTickets.map((ticket) => {
return ticket.toString();
})),
ownedTickets: await ticketData.getMultiple(user.ticketsBeingWorkedOn.map((ticket) => {
return ticket.toString();
})),
commentsLeft: user.commentsLeft,
adminID: adminUser._id,
});
} catch (e) {
console.log(e);
res.status(404).render("404", {
title: "404 User not found",
msg: "Error 404: User ID Not Found",
});
try {
let user = await userData.get(req.params.id);
let adminUser = req.session.user;
const name = `${user.firstName} ${user.lastName}`;
res.status(200).render("userEdit", {
title: `Edit User - ${name}`,
id: user._id,
name: name,
username: user.username,
email: user.email,
role: user.role,
jobTitle: user.title,
createdTickets: await ticketData.getMultiple(
user.createdTickets.map((ticket) => {
return ticket.toString();
})
),
ownedTickets: await ticketData.getMultiple(
user.ticketsBeingWorkedOn.map((ticket) => {
return ticket.toString();
})
),
commentsLeft: user.commentsLeft,
adminID: adminUser._id,
});
} catch (e) {
res.status(404).render("404", {
title: "404 User not found",
msg: "Error 404: User ID Not Found",
});
}
}
})
.post(async (req, res) => {
try {
if (
req.body.hasOwnProperty("roleInput") &&
req.body.hasOwnProperty("titleInput") &&
req.body.hasOwnProperty("userIDInput") &&
req.body.hasOwnProperty("adminIDInput")
) {
let adminUser = await userData.get(req.body.adminIDInput);
if (adminUser.role.toLowerCase() === "admin") {
await userData.editUserRoleTitle(
req.body.userIDInput,
req.session.user._id,
req.body.roleInput,
req.body.titleInput
);
res.status(200).redirect(`/users/view/${req.body.userIDInput}`);
} else {
res.status(403).render("403", {
title: "403 Forbidden",
msg: "Error 403: Forbidden",
});
)
.post(
(req, res, next) => {
if (req.session.user.role.toLowerCase() !== "admin") {
return res
.status(403)
.json({ error: "Forbidden - Only admins can edit users" });
} else {
req.method = "GET";
next();
}
},
async (req, res) => {
try {
if (
req.body.hasOwnProperty("roleInput") &&
req.body.hasOwnProperty("titleInput") &&
req.body.hasOwnProperty("userIDInput") &&
req.body.hasOwnProperty("adminIDInput")
) {
let adminUser = await userData.get(req.body.adminIDInput);
if (adminUser.role.toLowerCase() === "admin") {
await userData.editUserRoleTitle(
req.body.userIDInput,
req.session.user._id,
req.body.roleInput,
req.body.titleInput
);
res.status(200).redirect(`/users/view/${req.body.userIDInput}`);
} else {
renderError(res, 403, "Forbidden");
}
}
} catch (e) {
console.log(e);
res.status(404).render("404", {
title: "404 User not found",
msg: "Error 404: User ID Not Found",
});
}
} catch (e) {
console.log(e);
res.status(404).render("404", {
title: "404 User not found",
msg: "Error 404: User ID Not Found",
});
}
});
);

export default router;
2 changes: 1 addition & 1 deletion views/userEdit.handlebars
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<p>Current settings for {{name}}</p>
<ul>
<li>Role: {{role}}</li>
<li>Title: {{title}}</li>
<li>Title: {{jobTitle}}</li>
</ul>

<br>
Expand Down
17 changes: 11 additions & 6 deletions views/userView.handlebars
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,33 @@
<section>
<h1 class="display-4 fw-normal pageHeader">{{name}}</h1>
{{#if admin}}
<p class="lead info"><a class="badge link-clean text-bg-primary rounded-pill" href="/users/edit/{{id}}">Edit User</a></p>
<p class="lead info"><a class="badge link-clean text-bg-primary rounded-pill" href="/users/edit/{{id}}">Edit User</a>
</p>
{{/if}}
<p class="lead info">Username: {{username}}</p>
<p class="lead info">Email: <a class="badge link-clean text-bg-primary rounded-pill" href="mailto:{{email}}">{{email}}</a></p>
<p class="lead info">Email: <a class="badge link-clean text-bg-primary rounded-pill"
href="mailto:{{email}}">{{email}}</a></p>
<p class="lead info">Role: {{role}}</p>
<p class="lead info">Title: {{title}}</p>
<p class="lead info">Title: {{jobTitle}}</p>
<p class="lead info">Tickets Created:</p>
<ul>
{{#each createdTickets}}
<li class="badge text-bg-primary rounded-pill"><a class="badge link-clean text-bg-primary rounded-pill" href="/tickets/view/{{this._id}}">{{this.name}}</a></li>
<li class="badge text-bg-primary rounded-pill"><a class="badge link-clean text-bg-primary rounded-pill"
href="/tickets/view/{{this._id}}">{{this.name}}</a></li>
{{/each}}
</ul>
<p class="lead info">Tickets Owned:</p>
<ul>
{{#each ownedTickets}}
<li class="badge text-bg-primary rounded-pill"><a class="badge link-clean text-bg-primary rounded-pill" href="/tickets/view/{{this._id}}">{{this.name}}</a></li>
<li class="badge text-bg-primary rounded-pill"><a class="badge link-clean text-bg-primary rounded-pill"
href="/tickets/view/{{this._id}}">{{this.name}}</a></li>
{{/each}}
</ul>
<p class="lead info">Comments Left:</p>
<ul>
{{#each commentsLeft}}
<li class="badge text-bg-primary rounded-pill"><a class="badge link-clean text-bg-primary rounded-pill" href="/users/{{this._id}}">{{this.name}}</a></li>
<li class="badge text-bg-primary rounded-pill"><a class="badge link-clean text-bg-primary rounded-pill"
href="/users/{{this._id}}">{{this.name}}</a></li>
{{/each}}
</ul>
</section>