From 97da2b80af9b6724aa8c7eece3528d546d291289 Mon Sep 17 00:00:00 2001
From: Akif9748 <akif9748@gmail.com>
Date: Thu, 11 Aug 2022 03:48:35 +0300
Subject: [PATCH] making admin is complated with user

---
 README.md                  |  6 +-----
 routes/.js                 |  1 -
 routes/admin.js            | 29 +++--------------------------
 routes/api/index.js        | 22 ----------------------
 routes/api/routes/users.js | 17 +++++++++++++++++
 util/APIDOCS.md            |  5 ++++-
 util/admin.js              |  3 +--
 views/admin.ejs            | 24 ++++++++++++++++++------
 views/user.ejs             | 20 +++++++++++---------
 9 files changed, 55 insertions(+), 72 deletions(-)

diff --git a/README.md b/README.md
index e45fdfb..7e08b5d 100644
--- a/README.md
+++ b/README.md
@@ -19,10 +19,6 @@ And, you can learn about API in `util/APIDOCS.md`.
 * [Akif9748](https://github.com/Akif9748) - Project mainteiner, main developer
 * [Camroku](https://github.com/Camroku) - Made stylesheets
 
-## To do (Backend, bug fixes) 
-- We will use "alert" for errors with fetch api. this added for messages and reactions...
-- the forum will only use api path... this added for messages and reactions...
-
 ## Roadmap
 ### User
 | To do | Is done? | Priority |
@@ -71,7 +67,7 @@ And, you can learn about API in `util/APIDOCS.md`.
 | Multi-theme support | 🔴 | LOW |
 | Search | 🔴 | MEDIUM |
 | Better view | 🟢 | MEDIUM |
-| Sending message etc. will use fetch API | 🟡 | HIGH |
+| Sending message etc. will use fetch API | 🟢 | HIGH |
 
 ## Screenshot
 ![akf-forum](https://user-images.githubusercontent.com/70021050/160255959-ef216cba-1348-4d4b-9347-fe67e21348e7.png)
diff --git a/routes/.js b/routes/.js
index 0b77495..16af02e 100644
--- a/routes/.js
+++ b/routes/.js
@@ -14,5 +14,4 @@ app.get("/", async (req, res) => {
 
 })
 
-
 module.exports = app;
\ No newline at end of file
diff --git a/routes/admin.js b/routes/admin.js
index 67228b6..f0bda0e 100644
--- a/routes/admin.js
+++ b/routes/admin.js
@@ -1,40 +1,17 @@
-const { UserModel } = require("../models")
-
 const { Router } = require("express")
 
 const app = Router();
 
-app.use((rq,rs,n)=>{
-    if (!rq.session.userid) return rs.redirect('/login');
-    n();
-});
-
 app.get("/", async (req, res) => {
+    if (!req.session.userid) return res.redirect('/login');
+
     const user = req.user;
 
-    if (!user.admin) return res.error(  403, "You have not got permissions for view to this page.");
+    if (!user?.admin) return res.error(  403, "You have not got permissions for view to this page.");
 
     res.render("admin", { user, user2: false })
 });
 
-app.post("/", async (req, res) => {
 
-    const user = req.user;
-
-    if (!user.admin) return res.error(403, "You have not got permissions for view to this page.");
-    const user2 = await UserModel.get(req.body.userid);
-
-    if (!user2)
-        return res.error( 404, "We have not got this user in all of the forum. Vesselam.");
-
-    else {
-        user2.admin = true;
-        await user2.save()
-    }
-
-    res.render("admin", { user, user2 })
-
-
-});
 
 module.exports = app;
diff --git a/routes/api/index.js b/routes/api/index.js
index 19fe9be..dc46bef 100644
--- a/routes/api/index.js
+++ b/routes/api/index.js
@@ -1,31 +1,9 @@
 const { Router } = require("express")
 const app = Router();
 const bcrypt = require("bcrypt");
-
 const { request, response } = require("express");
 const { SecretModel, UserModel } = require("../../models")
 
-/**
- * AUTH TYPE:
- 
- headers: 
-    {
-        username: "Username for client",
-        password: "Password of selected username for client"
-    }
-
-*/
-
-/**
-  * REQUEST TYPE:
-  * GET /api/action/id 
-  * 
-  * @example message action:
-  * GET /api/message/0
-  *  
-  */
-
-
 /**
  * Auth checker
  * @param {request} req 
diff --git a/routes/api/routes/users.js b/routes/api/routes/users.js
index c64291a..a5fe064 100644
--- a/routes/api/routes/users.js
+++ b/routes/api/routes/users.js
@@ -29,5 +29,22 @@ app.post("/:id/delete/", async (req, res) => {
 
     res.complate(member);
 });
+app.post("/:id/admin/", async (req, res) => {
 
+    const user = req.user;
+
+    if (!user.admin) return res.error(403, "You have not got permissions for view to this page.");
+    const user2 = await UserModel.get(req.params.id);
+
+    if (!user2)
+        return res.error(404, "This user is not available.");
+
+    else {
+        user2.admin = true;
+        await user2.save()
+    }
+
+    res.complate(user2);
+
+});
 module.exports = app;
\ No newline at end of file
diff --git a/util/APIDOCS.md b/util/APIDOCS.md
index a46f4c7..5b4f338 100644
--- a/util/APIDOCS.md
+++ b/util/APIDOCS.md
@@ -19,9 +19,12 @@ You need this headers for send request to API:
 ### Request types:
 - GET `/api/users/:id` for fetch user.
 - POST `/api/users/:id/delete` for delete user.
-- POST `/api/threads` for create thread.
+- POST `/api/users/:id/admin` for give admin permissions for a user.
+
 - GET `/api/threads/:id` for fetch thread.
+- POST `/api/threads` for create thread.
 - POST `/api/threads/:id/delete` for delete thread.
+
 - GET `/api/messages/:id` for fetch message.
 - POST `/api/messages` for create message.
 - POST `/api/messages/:id/delete` for delete message.
diff --git a/util/admin.js b/util/admin.js
index 44f6bf9..aea3873 100644
--- a/util/admin.js
+++ b/util/admin.js
@@ -7,9 +7,8 @@ const { UserModel } = require("../models");
 (async () => {
 
   const member= await UserModel.get(0);
-  console.log(member);
   member.admin = true;
-  member.save();
+  console.log(await member.save());
 })();
 
 
diff --git a/views/admin.ejs b/views/admin.ejs
index edc4195..be0bdf0 100644
--- a/views/admin.ejs
+++ b/views/admin.ejs
@@ -9,20 +9,32 @@
 
             <h1>Welcome to the admin panel of the forum, <%= user.name %>!</h1>
 
-            <form action="/admin/" method="POST">
+            <form>
                 <h2>Write an ID to give someone admin permissions:</h2>
                 <input name="userid"></input>
                 <hr>
                 <button class="buyuk" type="submit">Give admin permissions!</button>
             </form>
 
-            <script>
-                if (<%= user2.admin %>)
-                alert("Making admin of '<%= user2.name %>' is success");
+            <script type="module">
+
+                import request from "../../js/request.js";
+
+                document.addEventListener("submit", async e => {
+                    e.preventDefault();
+
+                    const response = await request("/api/users/" + e.target[0].value + "/admin");
+
+                    if (response.result.admin) 
+                        alert("Making admin of "+response.result.name+" is success!");
+                    
+                });
+
+
             </script>
 
-            <%- include("extra/footer") %>
+        <%- include("extra/footer") %>
 
     </body>
 
-</html>
+</html>
\ No newline at end of file
diff --git a/views/user.ejs b/views/user.ejs
index 9fff418..5afcc5f 100644
--- a/views/user.ejs
+++ b/views/user.ejs
@@ -41,10 +41,8 @@
       </ul>
 
       <% if (user?.admin && !member.deleted) {%>
-        <form action="/admin/" method="POST">
-          <input name="userid" type="hidden" value="<%= member.id %>"></input>
+        <form id="admin">
           <button class="buyuk" type="submit">Give admin permissions!</button>
-
         </form>
 
         <form id="delete">
@@ -56,17 +54,21 @@
           import request from "../../js/request.js";
 
           document.addEventListener("submit", async e => {
-
-            if (e.target.id !== "delete") return
             e.preventDefault();
+
+            if (e.target.id == "admin") {
+
+              const response = await request("/api/users/<%= member.id %>/admin");
+
+              if (response.result.admin) 
+                return alert("Making admin of "+response.result.name+" is success!");
+            } 
          
             const response = await request("/api/users/<%= member.id %>/delete");
 
-            if (response.result.deleted) {
+            if (response.result.deleted) 
               alert("User Deleted");
-              window.location.href = "/users";
-            }
-
+            
           });