wikijs-fork/controllers/admin.js

"use strict";

var express = require('express');
var router = express.Router();
const Promise = require('bluebird');
const validator = require('validator');
const _ = require('lodash');

/**
 * Admin
 */
router.get('/', (req, res) => {
	res.redirect('/admin/profile');
});

router.get('/profile', (req, res) => {

	if(res.locals.isGuest) {
		return res.render('error-forbidden');
	}

	res.render('pages/admin/profile', { adminTab: 'profile' });

});

router.post('/profile', (req, res) => {

	if(res.locals.isGuest) {
		return res.render('error-forbidden');
	}

	return db.User.findById(req.user.id).then((usr) => {
		usr.name = _.trim(req.body.name);
		if(usr.provider === 'local' && req.body.password !== '********') {
			let nPwd = _.trim(req.body.password);
			if(nPwd.length < 6) {
				return Promise.reject(new Error('New Password too short!'))
			} else {
				return db.User.hashPassword(nPwd).then((pwd) => {
					usr.password = pwd;
					return usr.save();
				});
			}
		} else {
			return usr.save();
		}
	}).then(() => {
		return res.json({ msg: 'OK' });
	}).catch((err) => {
		res.status(400).json({ msg: err.message });
	})

});

router.get('/stats', (req, res) => {

	if(res.locals.isGuest) {
		return res.render('error-forbidden');
	}

	Promise.all([
		db.Entry.count(),
		db.UplFile.count(),
		db.User.count()
	]).spread((totalEntries, totalUploads, totalUsers) => {
		return res.render('pages/admin/stats', {
			totalEntries, totalUploads, totalUsers,
			adminTab: 'stats'
		}) || true;
	}).catch((err) => {
		throw err;
	});

});

router.get('/users', (req, res) => {

	if(!res.locals.rights.manage) {
		return res.render('error-forbidden');
	}

	db.User.find({})
		.select('-password -rights')
		.sort('name email')
		.exec().then((usrs) => {
			res.render('pages/admin/users', { adminTab: 'users', usrs });
		});

});

router.get('/users/:id', (req, res) => {

	if(!res.locals.rights.manage) {
		return res.render('error-forbidden');
	}

	if(!validator.isMongoId(req.params.id)) {
		return res.render('error-forbidden');
	}

	db.User.findById(req.params.id)
		.select('-password -providerId')
		.exec().then((usr) => {

			let usrOpts = {
				canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),
				canChangeName: (usr.email !== 'guest'),
				canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),
				canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),
				canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))
			};

			res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts });
		});

});

router.post('/users/:id', (req, res) => {

	if(!res.locals.rights.manage) {
		return res.status(401).json({ msg: 'Unauthorized' });
	}

	if(!validator.isMongoId(req.params.id)) {
		return res.status(400).json({ msg: 'Invalid User ID' });
	}

	return db.User.findById(req.params.id).then((usr) => {
		usr.name = _.trim(req.body.name);
		usr.rights = JSON.parse(req.body.rights);
		if(usr.provider === 'local' && req.body.password !== '********') {
			let nPwd = _.trim(req.body.password);
			if(nPwd.length < 6) {
				return Promise.reject(new Error('New Password too short!'))
			} else {
				return db.User.hashPassword(nPwd).then((pwd) => {
					usr.password = pwd;
					return usr.save();
				});
			}
		} else {
			return usr.save();
		}
	}).then(() => {
		return res.json({ msg: 'OK' });
	}).catch((err) => {
		res.status(400).json({ msg: err.message });
	})

});

router.get('/settings', (req, res) => {

	if(!res.locals.rights.manage) {
		return res.render('error-forbidden');
	}

	res.render('pages/admin/settings', { adminTab: 'settings' });

});

module.exports = router;
Base server logic 2016-08-17 03:56:08 +00:00			`"use strict";`

			`var express = require('express');`
			`var router = express.Router();`
Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`const Promise = require('bluebird');`
Users list + Edit user interface 2017-01-04 05:07:15 +00:00			`const validator = require('validator');`
Added rights management + user edit 2017-01-28 00:12:25 +00:00			`const _ = require('lodash');`
Base server logic 2016-08-17 03:56:08 +00:00
			`/**`
			`* Admin`
			`*/`
			`router.get('/', (req, res) => {`
Account page 2016-11-02 03:02:11 +00:00			`res.redirect('/admin/profile');`
			`});`

			`router.get('/profile', (req, res) => {`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
			`if(res.locals.isGuest) {`
			`return res.render('error-forbidden');`
			`}`

Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`res.render('pages/admin/profile', { adminTab: 'profile' });`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`});`

Added own profile save + dependencies update 2017-01-31 00:43:37 +00:00			`router.post('/profile', (req, res) => {`

			`if(res.locals.isGuest) {`
			`return res.render('error-forbidden');`
			`}`

			`return db.User.findById(req.user.id).then((usr) => {`
			`usr.name = _.trim(req.body.name);`
			`if(usr.provider === 'local' && req.body.password !== '********') {`
			`let nPwd = _.trim(req.body.password);`
			`if(nPwd.length < 6) {`
			`return Promise.reject(new Error('New Password too short!'))`
			`} else {`
			`return db.User.hashPassword(nPwd).then((pwd) => {`
			`usr.password = pwd;`
			`return usr.save();`
			`});`
			`}`
			`} else {`
			`return usr.save();`
			`}`
			`}).then(() => {`
			`return res.json({ msg: 'OK' });`
			`}).catch((err) => {`
			`res.status(400).json({ msg: err.message });`
			`})`

			`});`

Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`router.get('/stats', (req, res) => {`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
			`if(res.locals.isGuest) {`
			`return res.render('error-forbidden');`
			`}`

Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`Promise.all([`
			`db.Entry.count(),`
			`db.UplFile.count(),`
			`db.User.count()`
			`]).spread((totalEntries, totalUploads, totalUsers) => {`
			`return res.render('pages/admin/stats', {`
			`totalEntries, totalUploads, totalUsers,`
			`adminTab: 'stats'`
			`}) \|\| true;`
			`}).catch((err) => {`
			`throw err;`
			`});`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`});`

			`router.get('/users', (req, res) => {`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
			`if(!res.locals.rights.manage) {`
			`return res.render('error-forbidden');`
			`}`

Users list + Edit user interface 2017-01-04 05:07:15 +00:00			`db.User.find({})`
			`.select('-password -rights')`
			`.sort('name email')`
			`.exec().then((usrs) => {`
			`res.render('pages/admin/users', { adminTab: 'users', usrs });`
			`});`

			`});`

			`router.get('/users/:id', (req, res) => {`

			`if(!res.locals.rights.manage) {`
			`return res.render('error-forbidden');`
			`}`

			`if(!validator.isMongoId(req.params.id)) {`
			`return res.render('error-forbidden');`
			`}`

			`db.User.findById(req.params.id)`
Edit User client logic + Delete User UI 2017-01-06 04:19:29 +00:00			`.select('-password -providerId')`
Users list + Edit user interface 2017-01-04 05:07:15 +00:00			`.exec().then((usr) => {`
Edit User client logic + Delete User UI 2017-01-06 04:19:29 +00:00
			`let usrOpts = {`
			`canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),`
			`canChangeName: (usr.email !== 'guest'),`
			`canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),`
			`canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),`
			`canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))`
			`};`

			`res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts });`
Users list + Edit user interface 2017-01-04 05:07:15 +00:00			`});`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`});`

Added rights management + user edit 2017-01-28 00:12:25 +00:00			`router.post('/users/:id', (req, res) => {`

			`if(!res.locals.rights.manage) {`
			`return res.status(401).json({ msg: 'Unauthorized' });`
			`}`

			`if(!validator.isMongoId(req.params.id)) {`
			`return res.status(400).json({ msg: 'Invalid User ID' });`
			`}`

			`return db.User.findById(req.params.id).then((usr) => {`
			`usr.name = _.trim(req.body.name);`
			`usr.rights = JSON.parse(req.body.rights);`
			`if(usr.provider === 'local' && req.body.password !== '********') {`
			`let nPwd = _.trim(req.body.password);`
			`if(nPwd.length < 6) {`
			`return Promise.reject(new Error('New Password too short!'))`
			`} else {`
			`return db.User.hashPassword(nPwd).then((pwd) => {`
			`usr.password = pwd;`
			`return usr.save();`
			`});`
			`}`
			`} else {`
			`return usr.save();`
			`}`
			`}).then(() => {`
			`return res.json({ msg: 'OK' });`
			`}).catch((err) => {`
			`res.status(400).json({ msg: err.message });`
			`})`

			`});`

Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`router.get('/settings', (req, res) => {`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
			`if(!res.locals.rights.manage) {`
			`return res.render('error-forbidden');`
			`}`

Integration to Requarks Core 2016-11-21 01:09:50 +00:00			`res.render('pages/admin/settings', { adminTab: 'settings' });`
Added access check for write and manage actions 2017-01-03 04:32:16 +00:00
Base server logic 2016-08-17 03:56:08 +00:00			`});`

			`module.exports = router;`