Admin freischaltung

This commit is contained in:
Klaas 2024-05-29 19:57:45 +02:00
parent c5c8eec27b
commit 5b0a65daaa
2 changed files with 57 additions and 10 deletions

21
app.js
View File

@ -224,14 +224,20 @@ app.post('/register', async (req, res) => {
app.post('/login', async (req, res) => { app.post('/login', async (req, res) => {
const { username, password } = req.body; const { username, password } = req.body;
try { try {
const userResult = await pool.query('SELECT * FROM users WHERE username = $1', [username]); const userResult = await pool.query("SELECT *, CASE WHEN admin_temp IS NOT NULL AND (now() - admin_temp) > interval '24 hours' THEN 'expired' ELSE 'valid' END AS admin_status FROM users WHERE username = $1", [ username]);
console.log(userResult.rows[0]);
if (userResult.rows.length > 0) { if (userResult.rows.length > 0) {
const user = userResult.rows[0]; const user = userResult.rows[0];
const match = await bcrypt.compare(password, user.password); const match = await bcrypt.compare(password, user.password);
if (match) { if (match) {
if (user.is_active) { if (user.is_active) {
req.session.userId = user.id; req.session.userId = user.id;
if (user.admin_status === 'expired') {
await pool.query('UPDATE users SET role = $1, admin_temp = $2 WHERE id = $3', ['user', NULL , userId]);
req.session.role='user';
} else {
req.session.role=user.role; req.session.role=user.role;
}
res.redirect('/training'); res.redirect('/training');
} else { } else {
res.redirect('/freischaltung') res.redirect('/freischaltung')
@ -264,10 +270,17 @@ app.get('/logout', (req, res) => {
}); });
// Benutzer freischalten (nur Admin) // Benutzer freischalten (nur Admin)
app.post('/activate', requireAuth, requireAdmin, async (req, res) => { app.post('/userrights', requireAuth, requireAdmin, async (req, res) => {
const { userId } = req.body; const { userId, type } = req.body;
try { try {
if (type === 'activate'){
await pool.query('UPDATE users SET is_active = TRUE WHERE id = $1', [userId]); await pool.query('UPDATE users SET is_active = TRUE WHERE id = $1', [userId]);
} else if (type === 'admin') {
await pool.query('UPDATE users SET role = $1 WHERE id = $2', ['admin', userId]);
}
else if (type === 'admint') {
await pool.query('UPDATE users SET role = $1, admin_temp = $2 WHERE id = $3', ['admin', moment().toDate() , userId]);
}
res.redirect('/admin'); res.redirect('/admin');
} catch (error) { } catch (error) {
console.error('Error activating user:', error); console.error('Error activating user:', error);
@ -417,7 +430,7 @@ app.post('/update-leader', requireAuth , async (req, res) => {
// Admin-Seite // Admin-Seite
app.get('/admin', requireAuth, requireAdmin, async (req, res) => { app.get('/admin', requireAuth, requireAdmin, async (req, res) => {
const usersResult = await pool.query('SELECT * FROM users WHERE is_active = FALSE'); const usersResult = await pool.query('SELECT * FROM users');
res.render('admin', { users: usersResult.rows, session: req.session }); // Stelle sicher, dass es eine admin.ejs gibt res.render('admin', { users: usersResult.rows, session: req.session }); // Stelle sicher, dass es eine admin.ejs gibt
}); });

View File

@ -32,18 +32,52 @@
</div> </div>
<div class="tab-pane fade" id="cont-2" role="tabpanel" aria-labelledby="tab-2"> <div class="tab-pane fade" id="cont-2" role="tabpanel" aria-labelledby="tab-2">
<ul> <ul>
<% if (users.length > 0) {%>
<% users.forEach(user => { %> <% users.forEach(user => { %>
<li> <li>
<%= user.username %> - <%= user.email %> <%= user.username %> - <%= user.email %>
<form action="/activate" method="post" style="display: inline;"> <% if (user.role === '0') { %>
<form action="/userrights" method="post" style="display: inline;">
<input type="hidden" name="type" value="activate">
<input type="hidden" name="userId" value="<%= user.id %>"> <input type="hidden" name="userId" value="<%= user.id %>">
<button type="submit" class="btn btn-success">Activate</button> <button type="submit" class="btn btn-success">Activate</button>
</form> </form>
</li> <% } else if (user.role === 'user') { %>
<% }) } else { %> <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#adminModal">
<p>Keine User zum freischalten</p> Admin
</button>
<div class="modal fade" id="adminModal" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h1 class="modal-title fs-5" id="staticBackdropLabel">Zum Admin machen?</h1>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<form action="/userrights" method="post" style="display: inline;">
<input type="hidden" name="type" value="admin">
<input type="hidden" name="userId" value="<%= user.id %>">
<button type="submit" class="btn btn-success">Dauerhaft</button>
</form>
<form action="/userrights" method="post" style="display: inline;">
<input type="hidden" name="type" value="admint">
<input type="hidden" name="userId" value="<%= user.id %>">
<button type="submit" class="btn btn-success">Temporär (24h)</button>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<% } %> <% } %>
</li>
<% }); %>
</ul> </ul>
</div> </div>
</div> </div>