Added user rudimentary admin page and ability to view other users

2025-08-05 17:53:44 +02:00 · 2025-08-05 17:53:44 +02:00 · 243612ebbc
parent 9d00b1b76c
commit 243612ebbc
5 changed files with 110 additions and 6 deletions
--- a/src/lib/server/database.ts
+++ b/src/lib/server/database.ts
@ -4,6 +4,8 @@ import { Database, SQLiteError } from "bun:sqlite";
 import type { UserEntry, RecordEntry, EstimatesEntry } from "$lib/db_types";
 import { calculateDuration, parseDate, toInt, isTimeValidHHMM } from "$lib/util";

+import Logs from "$lib/server/log"
+
 const DATABASES_PATH: string = (process.env.APP_USER_DATA_PATH ?? ".") + "/databases/";
 const USER_DATABASE_PATH: string = DATABASES_PATH + "users.sqlite";

@ -51,6 +53,9 @@ const USER_DATABASE_ADD_USER: string =
 const USER_DATABASE_GET_ALL_USER: string =
 	"SELECT id, username, name FROM users;";

+const USER_DATABASE_GET_USER_BY_ID: string =
+	"SELECT * FROM users WHERE id = $id;"
+
 const USER_DATABASE_GET_USER_BY_NAME: string =
 	"SELECT * FROM users WHERE username = $username;"

@ -409,6 +414,20 @@ export function get_all_user(): { id: number, username: string, name: string }[]
 	}
 }

+export function get_user_entry_by_id(id: number): UserEntry | null {
+
+	try {
+		const query = user_database.query(USER_DATABASE_GET_USER_BY_ID)
+		const user = query.get({ id: id }) as UserEntry | null;
+
+		return user
+	} catch (e) {
+		Logs.db.error(`Encountered exception when retrievieng user ${id} from database: ${e.message}`)
+	}
+	
+	return null
+}
+
 export function get_user_by_name(username: string): User | null {
 	
 	try {
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@ -12,7 +12,7 @@
 		
 		<li class="separator"></li>
 		<li><a href="/user">Account</a></li>
-		<li>Benutzerverwaltung</li>
+		<li><a href="/useradmin">Benutzerverwaltung</a></li>
 		<li>
 			<form method="POST" action="/login?/logout">
 				<button type="submit">Logout</button>
--- a/src/routes/user/+page.server.ts
+++ b/src/routes/user/+page.server.ts
@ -1,22 +1,44 @@
 import type { PageServerLoad, Actions } from "./$types"

-import { fail } from "@sveltejs/kit"
+import type { UserEntry } from "$lib/db_types"
+
+import { fail, redirect } from "@sveltejs/kit"

 import Permissions from "$lib/permissions"
 import { toInt } from "$lib/util"

 import SessionStore from "$lib/server/session_store"
-import { updateUser } from "$lib/server/database"
+import { get_user_entry_by_id, updateUser } from "$lib/server/database"
 import { change_password } from "$lib/server/auth"

 export const load: PageServerLoad = ({ locals, url }) => {
 	
 	if (locals.user == null) {
-		return fail(403, { message: "Unauthorized user" })
+		return fail(401, { message: "Unauthorized user" })
 	}

+	let user: UserEntry|null = locals.user.toUserEntry()
+
+	if (url.searchParams.has("user")) {
+		if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.VIEW)) {
+			//return fail(403, { message: "Insufficient Permissions" })
+		}
+
+		let user_id = toInt(url.searchParams.get("user") ?? "")
+
+		if (isNaN(user_id)) {
+			return fail(400, { message: `Invalid user id: ${url.searchParams.get("user")}`})
+		}
+
+		user = get_user_entry_by_id(user_id)
+
+		if (user == null) {
+			return fail(404, { message: `User ${user_id} not found` })
+		}
+	} 
+	
 	return {
-		user: locals.user.toUserEntry()
+		user: user
 	}
 }

@ -26,7 +48,7 @@ export const actions = {
 		
 		if (locals.user == null) {
 			Logs.route.warn("An unauthorized user tried to edit an user")
-			return fail(403, { message: "Unauthorized user" })
+			return fail(401, { message: "Unauthorized user" })
 		}

 		const data = await request.formData();
--- a/src/routes/useradmin/+page.server.ts
+++ b/src/routes/useradmin/+page.server.ts
@ -0,0 +1,26 @@
+import type { PageServerLoad, Actions } from "./$types"
+
+import { fail } from "@sveltejs/kit"
+
+import Permissions from "$lib/permissions";
+
+import { get_all_user } from "$lib/server/database"
+
+export const load: PageServerLoad = ({ locals }) => {
+	if (locals.user == null) {
+		return fail(403, { message: "Unauthorized user" })
+	}
+	
+	if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.VIEW)) {
+		//return fail(403, { message: "No permission" })
+	}
+
+	const user = get_all_user()
+
+	return {
+		user: user
+	}
+}
+
+export const actions = {
+} satisfies Actions
--- a/src/routes/useradmin/+page.svelte
+++ b/src/routes/useradmin/+page.svelte
@ -0,0 +1,37 @@
+<script lang="ts">
+
+	import type { PageProps } from "./$types"
+	import { enhance } from "$app/forms";
+
+	const { data }: PageProps = $props();
+
+	console.log(data)
+
+</script>
+
+<form method="GET" id="form_manage_user" action="user"></form>
+
+<div>
+	<h1>Benutzerverwaltung</h1>
+
+	<select form="form_manage_user" name="user" size="10" required>
+		{#each data.user as user (user.id)}
+			<option value={user.id}>{user.username} | {user.name}</option>
+		{/each}
+	</select>
+	<button type="submit" form="form_manage_user">Edit</button>
+</div>
+
+<style>
+	div {
+		position: absolute;
+		top: 33%;
+		left: 50%;
+		transform: translate(-50%, -50%);
+	}
+
+	select {
+		width: 100%;
+	}
+
+</style>