Admin freischaltung

2024-05-29 19:57:45 +02:00 · 2024-05-29 19:57:45 +02:00 · 5b0a65daaa
parent c5c8eec27b
commit 5b0a65daaa
2 changed files with 57 additions and 10 deletions
--- a/app.js
+++ b/app.js
@ -224,14 +224,20 @@ app.post('/register', async (req, res) => {
 app.post('/login', async (req, res) => {
  const { username, password } = req.body;
  try {
-    const userResult = await pool.query('SELECT * FROM users WHERE username = $1', [username]);
+    const userResult = await pool.query("SELECT *, CASE WHEN admin_temp IS NOT NULL AND (now() - admin_temp) > interval '24 hours' THEN 'expired' ELSE 'valid' END AS admin_status FROM users WHERE username = $1", [ username]);
+    console.log(userResult.rows[0]);
    if (userResult.rows.length > 0) {
      const user = userResult.rows[0];
      const match = await bcrypt.compare(password, user.password);
      if (match) {
        if (user.is_active) {
          req.session.userId = user.id;
-          req.session.role=user.role;
+          if (user.admin_status === 'expired') {
+              await pool.query('UPDATE users SET role = $1, admin_temp = $2 WHERE id = $3', ['user', NULL , userId]);
+              req.session.role='user';    
+            } else {
+              req.session.role=user.role;
+            }          
          res.redirect('/training');
        }  else {
          res.redirect('/freischaltung')
@ -264,10 +270,17 @@ app.get('/logout', (req, res) => {
 });

 // Benutzer freischalten (nur Admin)
-app.post('/activate', requireAuth, requireAdmin, async (req, res) => {
-  const { userId } = req.body;
+app.post('/userrights', requireAuth, requireAdmin, async (req, res) => {
+  const { userId, type } = req.body;
  try {
+    if (type === 'activate'){
    await pool.query('UPDATE users SET is_active = TRUE WHERE id = $1', [userId]);
+  } else if (type === 'admin') {
+    await pool.query('UPDATE users SET role = $1 WHERE id = $2', ['admin', userId]);
+  }
+  else if (type === 'admint') {
+    await pool.query('UPDATE users SET role = $1, admin_temp = $2 WHERE id = $3', ['admin', moment().toDate() , userId]);
+  }
    res.redirect('/admin');
  } catch (error) {
    console.error('Error activating user:', error);
@ -417,7 +430,7 @@ app.post('/update-leader', requireAuth , async (req, res) => {

 // Admin-Seite
 app.get('/admin', requireAuth, requireAdmin, async (req, res) => {
-  const usersResult = await pool.query('SELECT * FROM users WHERE is_active = FALSE');
+  const usersResult = await pool.query('SELECT * FROM users');
  res.render('admin', { users: usersResult.rows, session: req.session }); // Stelle sicher, dass es eine admin.ejs gibt
 });

--- a/views/admin.ejs
+++ b/views/admin.ejs
@ -32,18 +32,52 @@
  </div>
  <div class="tab-pane fade" id="cont-2" role="tabpanel" aria-labelledby="tab-2">
    <ul>
-      <% if (users.length > 0) {%>
      <% users.forEach(user => { %>
        <li>
          <%= user.username %> - <%= user.email %>
-          <form action="/activate" method="post" style="display: inline;">
+          <% if (user.role === '0') { %>
+          <form action="/userrights" method="post" style="display: inline;">
+            <input type="hidden" name="type" value="activate">
            <input type="hidden" name="userId" value="<%= user.id %>">
            <button type="submit" class="btn btn-success">Activate</button>
          </form>
+        <% } else if (user.role === 'user') { %>
+          <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#adminModal">
+            Admin
+          </button>
+
+          <div class="modal fade" id="adminModal" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="staticBackdropLabel" aria-hidden="true">
+            <div class="modal-dialog">
+              <div class="modal-content">
+                <div class="modal-header">
+                  <h1 class="modal-title fs-5" id="staticBackdropLabel">Zum Admin machen?</h1>
+                  <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <div class="modal-body">
+                  <form action="/userrights" method="post" style="display: inline;">
+                    <input type="hidden" name="type" value="admin">
+                    <input type="hidden" name="userId" value="<%= user.id %>">
+                    <button type="submit" class="btn btn-success">Dauerhaft</button>
+                  </form>
+        
+                  <form action="/userrights" method="post" style="display: inline;">
+                    <input type="hidden" name="type" value="admint">
+                    <input type="hidden" name="userId" value="<%= user.id %>">
+                    <button type="submit" class="btn btn-success">Temporär (24h)</button>
+                  </form>
+                </div>
+                <div class="modal-footer">
+                  <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+                </div>
+              </div>
+            </div>
+          </div>
+
+
+
+        <% } %>
        </li>
-      <% }) } else { %>
-        <p>Keine User zum freischalten</p>
-      <% } %>
+        <% }); %>
    </ul>
  </div>
 </div>