Admin freischaltung
This commit is contained in:
parent
c5c8eec27b
commit
5b0a65daaa
21
app.js
21
app.js
|
@ -224,14 +224,20 @@ app.post('/register', async (req, res) => {
|
|||
app.post('/login', async (req, res) => {
|
||||
const { username, password } = req.body;
|
||||
try {
|
||||
const userResult = await pool.query('SELECT * FROM users WHERE username = $1', [username]);
|
||||
const userResult = await pool.query("SELECT *, CASE WHEN admin_temp IS NOT NULL AND (now() - admin_temp) > interval '24 hours' THEN 'expired' ELSE 'valid' END AS admin_status FROM users WHERE username = $1", [ username]);
|
||||
console.log(userResult.rows[0]);
|
||||
if (userResult.rows.length > 0) {
|
||||
const user = userResult.rows[0];
|
||||
const match = await bcrypt.compare(password, user.password);
|
||||
if (match) {
|
||||
if (user.is_active) {
|
||||
req.session.userId = user.id;
|
||||
if (user.admin_status === 'expired') {
|
||||
await pool.query('UPDATE users SET role = $1, admin_temp = $2 WHERE id = $3', ['user', NULL , userId]);
|
||||
req.session.role='user';
|
||||
} else {
|
||||
req.session.role=user.role;
|
||||
}
|
||||
res.redirect('/training');
|
||||
} else {
|
||||
res.redirect('/freischaltung')
|
||||
|
@ -264,10 +270,17 @@ app.get('/logout', (req, res) => {
|
|||
});
|
||||
|
||||
// Benutzer freischalten (nur Admin)
|
||||
app.post('/activate', requireAuth, requireAdmin, async (req, res) => {
|
||||
const { userId } = req.body;
|
||||
app.post('/userrights', requireAuth, requireAdmin, async (req, res) => {
|
||||
const { userId, type } = req.body;
|
||||
try {
|
||||
if (type === 'activate'){
|
||||
await pool.query('UPDATE users SET is_active = TRUE WHERE id = $1', [userId]);
|
||||
} else if (type === 'admin') {
|
||||
await pool.query('UPDATE users SET role = $1 WHERE id = $2', ['admin', userId]);
|
||||
}
|
||||
else if (type === 'admint') {
|
||||
await pool.query('UPDATE users SET role = $1, admin_temp = $2 WHERE id = $3', ['admin', moment().toDate() , userId]);
|
||||
}
|
||||
res.redirect('/admin');
|
||||
} catch (error) {
|
||||
console.error('Error activating user:', error);
|
||||
|
@ -417,7 +430,7 @@ app.post('/update-leader', requireAuth , async (req, res) => {
|
|||
|
||||
// Admin-Seite
|
||||
app.get('/admin', requireAuth, requireAdmin, async (req, res) => {
|
||||
const usersResult = await pool.query('SELECT * FROM users WHERE is_active = FALSE');
|
||||
const usersResult = await pool.query('SELECT * FROM users');
|
||||
res.render('admin', { users: usersResult.rows, session: req.session }); // Stelle sicher, dass es eine admin.ejs gibt
|
||||
});
|
||||
|
||||
|
|
|
@ -32,18 +32,52 @@
|
|||
</div>
|
||||
<div class="tab-pane fade" id="cont-2" role="tabpanel" aria-labelledby="tab-2">
|
||||
<ul>
|
||||
<% if (users.length > 0) {%>
|
||||
<% users.forEach(user => { %>
|
||||
<li>
|
||||
<%= user.username %> - <%= user.email %>
|
||||
<form action="/activate" method="post" style="display: inline;">
|
||||
<% if (user.role === '0') { %>
|
||||
<form action="/userrights" method="post" style="display: inline;">
|
||||
<input type="hidden" name="type" value="activate">
|
||||
<input type="hidden" name="userId" value="<%= user.id %>">
|
||||
<button type="submit" class="btn btn-success">Activate</button>
|
||||
</form>
|
||||
</li>
|
||||
<% }) } else { %>
|
||||
<p>Keine User zum freischalten</p>
|
||||
<% } else if (user.role === 'user') { %>
|
||||
<button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#adminModal">
|
||||
Admin
|
||||
</button>
|
||||
|
||||
<div class="modal fade" id="adminModal" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true">
|
||||
<div class="modal-dialog">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h1 class="modal-title fs-5" id="staticBackdropLabel">Zum Admin machen?</h1>
|
||||
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/userrights" method="post" style="display: inline;">
|
||||
<input type="hidden" name="type" value="admin">
|
||||
<input type="hidden" name="userId" value="<%= user.id %>">
|
||||
<button type="submit" class="btn btn-success">Dauerhaft</button>
|
||||
</form>
|
||||
|
||||
<form action="/userrights" method="post" style="display: inline;">
|
||||
<input type="hidden" name="type" value="admint">
|
||||
<input type="hidden" name="userId" value="<%= user.id %>">
|
||||
<button type="submit" class="btn btn-success">Temporär (24h)</button>
|
||||
</form>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
<% } %>
|
||||
</li>
|
||||
<% }); %>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue