Patrick
/
Stundenaufzeichnung
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented permissions and user administration #2

Merged
Patrick merged 17 commits from dev into main 2025-08-25 17:33:06 +02:00
Conversation 0 Commits 17 Files Changed 12 +14 -5
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b1787cda4e - Show all commits

14
src/routes/user/+page.server.ts
View File

@ -36,6 +36,10 @@ export const load: PageServerLoad = ({ locals, url }) => {
if (user == null) { if (user == null) {
return fail(404, { message: `User ${user_id} not found` }) return fail(404, { message: `User ${user_id} not found` })
} }
if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT_PASSWORD)) {
user.permissions = 0
}
} }
return { return {
@ -84,10 +88,14 @@ export const actions = {
return fail(500, { message: "Database failure"}) return fail(500, { message: "Database failure"})
} }
} }
let permissions = null
if (ua_permissions.length > 0) {
permissions = ua_permissions.reduce((pv, cv) => pv | cv)
let permissions = ua_permissions.reduce((pv, cv) => pv | cv) if (locals.user.id == id && locals.user.permissions != permissions) {
if (locals.user.id == id && locals.user.permissions != permissions) { return fail(403, { message: "Cannot modify permissions for oneself" })
return fail(403, { message: "Cannot modify permissions for oneself" }) }
} }
const updated_user = updateUser({id, name, gender, address, username, permissions}) const updated_user = updateUser({id, name, gender, address, username, permissions})

5
src/routes/user/+page.svelte
View File

@ -71,6 +71,7 @@
</table> </table>
{#if data.user?.id == data.loggedInAs.id || Permissions.has(data.loggedInAs.permissions ?? 0, Permissions.USERADMIN.EDIT_PASSWORD)} {#if data.user?.id == data.loggedInAs.id || Permissions.has(data.loggedInAs.permissions ?? 0, Permissions.USERADMIN.EDIT_PASSWORD)}
{@const disabled = data.user?.id == data.loggedInAs.id}
<table> <table>
<colgroup> <colgroup>
<col class="leader2" /> <col class="leader2" />
@ -86,15 +87,15 @@
<td>Benutzerverwaltung</td> <td>Benutzerverwaltung</td>
<td> <td>
<div class="permission-selector"> <div class="permission-selector">
<input type=hidden name="USERADMIN" value="0" disabled={disabled} />
{#each Permissions.iterate(Permissions.USERADMIN) as permission} {#each Permissions.iterate(Permissions.USERADMIN) as permission}
<label> <label>
<input <input
type="checkbox" type="checkbox"
id={permission.value}
name="USERADMIN" name="USERADMIN"
value={permission.value} value={permission.value}
checked={Permissions.has(data.user.permissions, permission.value)} checked={Permissions.has(data.user.permissions, permission.value)}
disabled={data.user?.id == data.loggedInAs.id} disabled={disabled}
data-bits={Permissions.deconstruct(permission.value).join(" ")} data-bits={Permissions.deconstruct(permission.value).join(" ")}
onclick={(event) => { onclick={(event) => {
const target = event.target as HTMLInputElement const target = event.target as HTMLInputElement