2016-08-17 03:56:08 +00:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
var express = require('express');
|
|
|
|
var router = express.Router();
|
2016-11-21 01:09:50 +00:00
|
|
|
const Promise = require('bluebird');
|
2017-01-04 05:07:15 +00:00
|
|
|
const validator = require('validator');
|
2017-01-28 00:12:25 +00:00
|
|
|
const _ = require('lodash');
|
2016-08-17 03:56:08 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Admin
|
|
|
|
*/
|
|
|
|
router.get('/', (req, res) => {
|
2016-11-02 03:02:11 +00:00
|
|
|
res.redirect('/admin/profile');
|
|
|
|
});
|
|
|
|
|
|
|
|
router.get('/profile', (req, res) => {
|
2017-01-03 04:32:16 +00:00
|
|
|
|
|
|
|
if(res.locals.isGuest) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
res.render('pages/admin/profile', { adminTab: 'profile' });
|
2017-01-03 04:32:16 +00:00
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
});
|
|
|
|
|
2017-01-31 00:43:37 +00:00
|
|
|
router.post('/profile', (req, res) => {
|
|
|
|
|
|
|
|
if(res.locals.isGuest) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
|
|
|
return db.User.findById(req.user.id).then((usr) => {
|
|
|
|
usr.name = _.trim(req.body.name);
|
|
|
|
if(usr.provider === 'local' && req.body.password !== '********') {
|
|
|
|
let nPwd = _.trim(req.body.password);
|
|
|
|
if(nPwd.length < 6) {
|
|
|
|
return Promise.reject(new Error('New Password too short!'))
|
|
|
|
} else {
|
|
|
|
return db.User.hashPassword(nPwd).then((pwd) => {
|
|
|
|
usr.password = pwd;
|
|
|
|
return usr.save();
|
|
|
|
});
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return usr.save();
|
|
|
|
}
|
|
|
|
}).then(() => {
|
|
|
|
return res.json({ msg: 'OK' });
|
|
|
|
}).catch((err) => {
|
|
|
|
res.status(400).json({ msg: err.message });
|
|
|
|
})
|
|
|
|
|
|
|
|
});
|
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
router.get('/stats', (req, res) => {
|
2017-01-03 04:32:16 +00:00
|
|
|
|
|
|
|
if(res.locals.isGuest) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
Promise.all([
|
|
|
|
db.Entry.count(),
|
|
|
|
db.UplFile.count(),
|
|
|
|
db.User.count()
|
|
|
|
]).spread((totalEntries, totalUploads, totalUsers) => {
|
|
|
|
return res.render('pages/admin/stats', {
|
|
|
|
totalEntries, totalUploads, totalUsers,
|
|
|
|
adminTab: 'stats'
|
|
|
|
}) || true;
|
|
|
|
}).catch((err) => {
|
|
|
|
throw err;
|
|
|
|
});
|
2017-01-03 04:32:16 +00:00
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
router.get('/users', (req, res) => {
|
2017-01-03 04:32:16 +00:00
|
|
|
|
|
|
|
if(!res.locals.rights.manage) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
2017-01-04 05:07:15 +00:00
|
|
|
db.User.find({})
|
|
|
|
.select('-password -rights')
|
|
|
|
.sort('name email')
|
|
|
|
.exec().then((usrs) => {
|
|
|
|
res.render('pages/admin/users', { adminTab: 'users', usrs });
|
|
|
|
});
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
router.get('/users/:id', (req, res) => {
|
|
|
|
|
|
|
|
if(!res.locals.rights.manage) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!validator.isMongoId(req.params.id)) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
|
|
|
db.User.findById(req.params.id)
|
2017-01-06 04:19:29 +00:00
|
|
|
.select('-password -providerId')
|
2017-01-04 05:07:15 +00:00
|
|
|
.exec().then((usr) => {
|
2017-01-06 04:19:29 +00:00
|
|
|
|
|
|
|
let usrOpts = {
|
|
|
|
canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),
|
|
|
|
canChangeName: (usr.email !== 'guest'),
|
|
|
|
canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),
|
|
|
|
canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),
|
|
|
|
canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))
|
|
|
|
};
|
|
|
|
|
|
|
|
res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts });
|
2017-01-04 05:07:15 +00:00
|
|
|
});
|
2017-01-03 04:32:16 +00:00
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
});
|
|
|
|
|
2017-01-28 00:12:25 +00:00
|
|
|
router.post('/users/:id', (req, res) => {
|
|
|
|
|
|
|
|
if(!res.locals.rights.manage) {
|
|
|
|
return res.status(401).json({ msg: 'Unauthorized' });
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!validator.isMongoId(req.params.id)) {
|
|
|
|
return res.status(400).json({ msg: 'Invalid User ID' });
|
|
|
|
}
|
|
|
|
|
|
|
|
return db.User.findById(req.params.id).then((usr) => {
|
|
|
|
usr.name = _.trim(req.body.name);
|
|
|
|
usr.rights = JSON.parse(req.body.rights);
|
|
|
|
if(usr.provider === 'local' && req.body.password !== '********') {
|
|
|
|
let nPwd = _.trim(req.body.password);
|
|
|
|
if(nPwd.length < 6) {
|
|
|
|
return Promise.reject(new Error('New Password too short!'))
|
|
|
|
} else {
|
|
|
|
return db.User.hashPassword(nPwd).then((pwd) => {
|
|
|
|
usr.password = pwd;
|
|
|
|
return usr.save();
|
|
|
|
});
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return usr.save();
|
|
|
|
}
|
|
|
|
}).then(() => {
|
|
|
|
return res.json({ msg: 'OK' });
|
|
|
|
}).catch((err) => {
|
|
|
|
res.status(400).json({ msg: err.message });
|
|
|
|
})
|
|
|
|
|
|
|
|
});
|
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
router.get('/settings', (req, res) => {
|
2017-01-03 04:32:16 +00:00
|
|
|
|
|
|
|
if(!res.locals.rights.manage) {
|
|
|
|
return res.render('error-forbidden');
|
|
|
|
}
|
|
|
|
|
2016-11-21 01:09:50 +00:00
|
|
|
res.render('pages/admin/settings', { adminTab: 'settings' });
|
2017-01-03 04:32:16 +00:00
|
|
|
|
2016-08-17 03:56:08 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
module.exports = router;
|