making admin is complated with user

This commit is contained in:
Akif9748 2022-08-11 03:48:35 +03:00
parent 2bc5d2eda4
commit 97da2b80af
9 changed files with 55 additions and 72 deletions

View file

@ -19,10 +19,6 @@ And, you can learn about API in `util/APIDOCS.md`.
* [Akif9748](https://github.com/Akif9748) - Project mainteiner, main developer
* [Camroku](https://github.com/Camroku) - Made stylesheets
## To do (Backend, bug fixes)
- We will use "alert" for errors with fetch api. this added for messages and reactions...
- the forum will only use api path... this added for messages and reactions...
## Roadmap
### User
| To do | Is done? | Priority |
@ -71,7 +67,7 @@ And, you can learn about API in `util/APIDOCS.md`.
| Multi-theme support | 🔴 | LOW |
| Search | 🔴 | MEDIUM |
| Better view | 🟢 | MEDIUM |
| Sending message etc. will use fetch API | 🟡 | HIGH |
| Sending message etc. will use fetch API | 🟢 | HIGH |
## Screenshot
![akf-forum](https://user-images.githubusercontent.com/70021050/160255959-ef216cba-1348-4d4b-9347-fe67e21348e7.png)

View file

@ -14,5 +14,4 @@ app.get("/", async (req, res) => {
})
module.exports = app;

View file

@ -1,40 +1,17 @@
const { UserModel } = require("../models")
const { Router } = require("express")
const app = Router();
app.use((rq,rs,n)=>{
if (!rq.session.userid) return rs.redirect('/login');
n();
});
app.get("/", async (req, res) => {
if (!req.session.userid) return res.redirect('/login');
const user = req.user;
if (!user.admin) return res.error( 403, "You have not got permissions for view to this page.");
if (!user?.admin) return res.error( 403, "You have not got permissions for view to this page.");
res.render("admin", { user, user2: false })
});
app.post("/", async (req, res) => {
const user = req.user;
if (!user.admin) return res.error(403, "You have not got permissions for view to this page.");
const user2 = await UserModel.get(req.body.userid);
if (!user2)
return res.error( 404, "We have not got this user in all of the forum. Vesselam.");
else {
user2.admin = true;
await user2.save()
}
res.render("admin", { user, user2 })
});
module.exports = app;

View file

@ -1,31 +1,9 @@
const { Router } = require("express")
const app = Router();
const bcrypt = require("bcrypt");
const { request, response } = require("express");
const { SecretModel, UserModel } = require("../../models")
/**
* AUTH TYPE:
headers:
{
username: "Username for client",
password: "Password of selected username for client"
}
*/
/**
* REQUEST TYPE:
* GET /api/action/id
*
* @example message action:
* GET /api/message/0
*
*/
/**
* Auth checker
* @param {request} req

View file

@ -29,5 +29,22 @@ app.post("/:id/delete/", async (req, res) => {
res.complate(member);
});
app.post("/:id/admin/", async (req, res) => {
const user = req.user;
if (!user.admin) return res.error(403, "You have not got permissions for view to this page.");
const user2 = await UserModel.get(req.params.id);
if (!user2)
return res.error(404, "This user is not available.");
else {
user2.admin = true;
await user2.save()
}
res.complate(user2);
});
module.exports = app;

View file

@ -19,9 +19,12 @@ You need this headers for send request to API:
### Request types:
- GET `/api/users/:id` for fetch user.
- POST `/api/users/:id/delete` for delete user.
- POST `/api/threads` for create thread.
- POST `/api/users/:id/admin` for give admin permissions for a user.
- GET `/api/threads/:id` for fetch thread.
- POST `/api/threads` for create thread.
- POST `/api/threads/:id/delete` for delete thread.
- GET `/api/messages/:id` for fetch message.
- POST `/api/messages` for create message.
- POST `/api/messages/:id/delete` for delete message.

View file

@ -7,9 +7,8 @@ const { UserModel } = require("../models");
(async () => {
const member= await UserModel.get(0);
console.log(member);
member.admin = true;
member.save();
console.log(await member.save());
})();

View file

@ -9,19 +9,31 @@
<h1>Welcome to the admin panel of the forum, <%= user.name %>!</h1>
<form action="/admin/" method="POST">
<form>
<h2>Write an ID to give someone admin permissions:</h2>
<input name="userid"></input>
<hr>
<button class="buyuk" type="submit">Give admin permissions!</button>
</form>
<script>
if (<%= user2.admin %>)
alert("Making admin of '<%= user2.name %>' is success");
<script type="module">
import request from "../../js/request.js";
document.addEventListener("submit", async e => {
e.preventDefault();
const response = await request("/api/users/" + e.target[0].value + "/admin");
if (response.result.admin)
alert("Making admin of "+response.result.name+" is success!");
});
</script>
<%- include("extra/footer") %>
<%- include("extra/footer") %>
</body>

View file

@ -41,10 +41,8 @@
</ul>
<% if (user?.admin && !member.deleted) {%>
<form action="/admin/" method="POST">
<input name="userid" type="hidden" value="<%= member.id %>"></input>
<form id="admin">
<button class="buyuk" type="submit">Give admin permissions!</button>
</form>
<form id="delete">
@ -56,16 +54,20 @@
import request from "../../js/request.js";
document.addEventListener("submit", async e => {
if (e.target.id !== "delete") return
e.preventDefault();
if (e.target.id == "admin") {
const response = await request("/api/users/<%= member.id %>/admin");
if (response.result.admin)
return alert("Making admin of "+response.result.name+" is success!");
}
const response = await request("/api/users/<%= member.id %>/delete");
if (response.result.deleted) {
if (response.result.deleted)
alert("User Deleted");
window.location.href = "/users";
}
});