Patrick
/
Stundenaufzeichnung
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Patrick:147628972246afafe1d8e5898967703b8eeccdf0
Branches Tags
Patrick:main
Patrick:dev
..
compare: Patrick:15ba32095d1bffe851e3c9448020485cd92fe353
Branches Tags
Patrick:main
Patrick:dev

No commits in common. "147628972246afafe1d8e5898967703b8eeccdf0" and "15ba32095d1bffe851e3c9448020485cd92fe353" have entirely different histories.
1476289722 ... 15ba32095d

3 changed files with 14 additions and 31 deletions
Show Stats Expand all files Collapse all files

4
src/hooks.server.ts
View File

@ -8,8 +8,6 @@ import { init_db, close_db, create_user, do_users_exist } from "$lib/server/data
import Logs from "$lib/server/log"; import Logs from "$lib/server/log";
import Permissions from "$lib/permissions"
let local_setup: {user_setup: (() => void) | ((username: string, password: string) => void) }= { let local_setup: {user_setup: (() => void) | ((username: string, password: string) => void) }= {
user_setup: async () => {} user_setup: async () => {}
} }
@ -33,7 +31,7 @@ async function init() {
local_setup.user_setup = async (username: string, password: string) => { local_setup.user_setup = async (username: string, password: string) => {
Logs.user.info("Creating first user") Logs.user.info("Creating first user")
await create_user({ name: "", gender: "", address: "", username: username, password: password, permissions: Permissions.ALL(Permissions.USERADMIN) }); await create_user({name: "name", gender: "x", address: "home", username: username, password: password });
local_setup.user_setup = async () => {} local_setup.user_setup = async () => {}
} }

12
src/lib/server/database.ts
View File

@ -73,9 +73,6 @@ const USER_DATABASE_SETUP: string[] = [
const USER_DATABASE_ADD_USER: string = const USER_DATABASE_ADD_USER: string =
"INSERT INTO users (name, gender, address, username, password) VALUES ($name, $gender, $address, $username, $password);"; "INSERT INTO users (name, gender, address, username, password) VALUES ($name, $gender, $address, $username, $password);";
const USER_DATABASE_ADD_USER_WITH_PERMISSIONS: string =
"INSERT INTO users (name, gender, address, username, password, permissions) VALUES ($name, $gender, $address, $username, $password, $permissions);";
const USER_DATABASE_GET_ALL_USER: string = const USER_DATABASE_GET_ALL_USER: string =
"SELECT id, username, name FROM users;"; "SELECT id, username, name FROM users;";
@ -121,7 +118,7 @@ const ENTRY_DATABASE_SETUP: string[] = [
record_id INTEGER NOT NULL, record_id INTEGER NOT NULL,
date VARCHAR(10), date VARCHAR(10),
start VARCHAR(5), start VARCHAR(5),
end VARCHAR(5), end V<F52>ARCHAR(5),
comment TEXT, comment TEXT,
modified DATETIME DEFAULT CURRENT_TIMESTAMP NOT NULL, modified DATETIME DEFAULT CURRENT_TIMESTAMP NOT NULL,
FOREIGN KEY(record_id) REFERENCES records(id) FOREIGN KEY(record_id) REFERENCES records(id)
@ -425,14 +422,11 @@ export function close_db() {
} }
} }
export async function create_user(user: { name: string, gender: string, address: string, username: string, password: string, permissions?: number }): Promise<number | bigint> { export async function create_user(user: { name: string, gender: string, address: string, username: string, password: string }): Promise<number | bigint> {
user.password = await Bun.password.hash(user.password, { algorithm: "bcrypt", cost: 11}); user.password = await Bun.password.hash(user.password, { algorithm: "bcrypt", cost: 11});
const statement = user.permissions != null
? user_database.query(USER_DATABASE_ADD_USER_WITH_PERMISSIONS)
: user_database.query(USER_DATABASE_ADD_USER);
const statement = user_database.query(USER_DATABASE_ADD_USER);
const result = statement.run(user); const result = statement.run(user);
return result.lastInsertRowid; return result.lastInsertRowid;

29
src/routes/user/+page.server.ts
View File

@ -81,15 +81,6 @@ export const actions = {
if (isNaN(id) || name == null || gender == null || address == null || username == null || ua_permissions.some((permission) => isNaN(permission))) { if (isNaN(id) || name == null || gender == null || address == null || username == null || ua_permissions.some((permission) => isNaN(permission))) {
return fail(400, { message: "invalid request" }) return fail(400, { message: "invalid request" })
} }
let permissions = null
if (ua_permissions.length > 0) {
permissions = ua_permissions.reduce((pv, cv) => pv | cv)
if (locals.user.id == id && locals.user.permissions != permissions) {
return fail(403, { message: "Cannot modify permissions for oneself" })
}
}
if (id == -1) { if (id == -1) {
if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.CREATE)) { if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.CREATE)) {
@ -110,11 +101,7 @@ export const actions = {
let new_user: number | bigint = -1 let new_user: number | bigint = -1
try { try {
if (permissions && Permissions.has(locals.user.permissions, Permissions.USERADMIN.ADMIN)) { new_user = await create_user({ name, gender, address, username, password: password1 })
new_user = await create_user({ name, gender, address, username, password: password1, permissions: permissions})
} else {
new_user = await create_user({ name, gender, address, username, password: password1 })
}
} catch (e) { } catch (e) {
if (e instanceof SQLiteError && e.code == "SQLITE_CONSTRAINT_UNIQUE") { if (e instanceof SQLiteError && e.code == "SQLITE_CONSTRAINT_UNIQUE") {
return fail(400, { message: "Benutzername ist bereits vergeben" }) return fail(400, { message: "Benutzername ist bereits vergeben" })
@ -144,13 +131,17 @@ export const actions = {
return fail(500, { message: "Database failure"}) return fail(500, { message: "Database failure"})
} }
} }
let permissions = null
if (ua_permissions.length > 0) {
permissions = ua_permissions.reduce((pv, cv) => pv | cv)
let updated_user if (locals.user.id == id && locals.user.permissions != permissions) {
if (permissions) { return fail(403, { message: "Cannot modify permissions for oneself" })
updated_user = updateUser({ id, name, gender, address, username, permissions}) }
} else {
updated_user = updateUser({ id, name, gender, address, username })
} }
const updated_user = updateUser({id, name, gender, address, username, permissions})
SessionStore.reload_user_data(updated_user ?? locals.user) SessionStore.reload_user_data(updated_user ?? locals.user)
return { message: "Erfolgreich gespeichert" } return { message: "Erfolgreich gespeichert" }