added changing permisisons to database
This commit is contained in:
parent
98570a1e5f
commit
23752001e7
|
|
@ -463,12 +463,13 @@ export function do_users_exist(): any {
|
|||
return (answer as any)?.[USER_DATABASE_EMPTY.slice(7, -1)];
|
||||
}
|
||||
|
||||
export function updateUser(data: {id: number, gender?: string, name?: string, address?: string, username?: string }) {
|
||||
export function updateUser(data: {id: number, gender?: string, name?: string, address?: string, username?: string, permissions?: number }) {
|
||||
let changed: Array<string> = []
|
||||
if (data.gender) changed.push("gender=$gender")
|
||||
if (data.name) changed.push("name=$name")
|
||||
if (data.address) changed.push("address=$address")
|
||||
if (data.username) changed.push("username=$username")
|
||||
if (data.permissions) changed.push("permissions=$permissions")
|
||||
|
||||
const update_query = "UPDATE users SET " + changed.join(", ") + " WHERE id=$id;"
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import { fail, redirect } from "@sveltejs/kit"
|
|||
import Permissions from "$lib/permissions"
|
||||
import { toInt } from "$lib/util"
|
||||
|
||||
import Logs from "$lib/server/log"
|
||||
import SessionStore from "$lib/server/session_store"
|
||||
import { get_user_entry_by_id, updateUser } from "$lib/server/database"
|
||||
import { change_password } from "$lib/server/auth"
|
||||
|
|
@ -19,7 +20,7 @@ export const load: PageServerLoad = ({ locals, url }) => {
|
|||
|
||||
let user: UserEntry|null = locals.user.toUserEntry()
|
||||
|
||||
if (url.searchParams.has("user")) {
|
||||
if (locals.user.id != (toInt(url.searchParams.get("user") ?? locals.user.id.toFixed(0)))) {
|
||||
if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.VIEW)) {
|
||||
return fail(403, { message: "Insufficient Permissions" })
|
||||
}
|
||||
|
|
@ -62,7 +63,9 @@ export const actions = {
|
|||
const password1 = data.get("password1") as string|null
|
||||
const password2 = data.get("password2") as string|null
|
||||
|
||||
if (isNaN(id) || name == null || gender == null || address == null || username == null) {
|
||||
const ua_permissions = (data.getAll("USERADMIN") as string[]).map((value) => toInt(value))
|
||||
|
||||
if (isNaN(id) || name == null || gender == null || address == null || username == null || ua_permissions.some((permission) => isNaN(permission))) {
|
||||
return fail(400, { message: "invalid request" })
|
||||
}
|
||||
|
||||
|
|
@ -81,8 +84,11 @@ export const actions = {
|
|||
return fail(500, { message: "Database failure"})
|
||||
}
|
||||
}
|
||||
|
||||
let permissions = null
|
||||
permissions = ua_permissions.reduce((pv, cv) => pv | cv)
|
||||
|
||||
const updated_user = updateUser({id, name, gender, address, username})
|
||||
const updated_user = updateUser({id, name, gender, address, username, permissions})
|
||||
SessionStore.reload_user_data(updated_user ?? locals.user)
|
||||
|
||||
return { message: "Erfolgreich gespeichert" }
|
||||
|
|
|
|||
Loading…
Reference in New Issue