liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added rights management + user edit

Browse Source
This commit is contained in:
NGPixel 2017-01-27 19:12:25 -05:00
parent f8161f2e7a
commit 7dfd5a041a
7 changed files with 75 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"eslint.enable": false
}

2
assets/css/app.css
View File

File diff suppressed because one or more lines are too long

2
assets/js/app.js
View File

File diff suppressed because one or more lines are too long

36
client/js/pages/admin.js
View File

@ -17,14 +17,38 @@ if($('#page-type-admin-users').length) {
}, },
methods: { methods: {
addRightsRow: (ev) => { addRightsRow: (ev) => {
vueEditUser.rights.push({}); vueEditUser.rights.push({
role: 'write',
path: '/',
exact: false,
deny: false
});
}, },
removeRightsRow: (ev) => { removeRightsRow: (idx) => {
_.pullAt(vueEditUser.rights, idx)
vueEditUser.$forceUpdate()
}, },
saveUser: (ev) => { saveUser: (ev) => {
let formattedRights = _.cloneDeep(vueEditUser.rights)
switch(vueEditUser.roleoverride) {
case 'admin':
formattedRights.push({
role: 'admin',
path: '/',
exact: false,
deny: false
})
break;
}
$.post(window.location.href, {
password: vueEditUser.password,
name: vueEditUser.name,
rights: JSON.stringify(formattedRights)
}).done((resp) => {
alerts.pushSuccess('Saved successfully', 'Changes have been applied.');
}).fail((jqXHR, txtStatus, resp) => {
alerts.pushError('Error', resp);
})
} }
}, },
created: function() { created: function() {
@ -33,8 +57,6 @@ if($('#page-type-admin-users').length) {
this.email = usrData.email; this.email = usrData.email;
this.name = usrData.name; this.name = usrData.name;
console.log(_.find(usrData.rights, { role: 'admin' }));
if(_.find(usrData.rights, { role: 'admin' })) { if(_.find(usrData.rights, { role: 'admin' })) {
this.rights = _.reject(usrData.rights, ['role', 'admin']); this.rights = _.reject(usrData.rights, ['role', 'admin']);
this.roleoverride = 'admin'; this.roleoverride = 'admin';

35
controllers/admin.js
View File

@ -4,6 +4,7 @@ var express = require('express');
var router = express.Router(); var router = express.Router();
const Promise = require('bluebird'); const Promise = require('bluebird');
const validator = require('validator'); const validator = require('validator');
const _ = require('lodash');
/** /**
* Admin * Admin
@ -85,6 +86,40 @@ router.get('/users/:id', (req, res) => {
}); });
router.post('/users/:id', (req, res) => {
if(!res.locals.rights.manage) {
return res.status(401).json({ msg: 'Unauthorized' });
}
if(!validator.isMongoId(req.params.id)) {
return res.status(400).json({ msg: 'Invalid User ID' });
}
return db.User.findById(req.params.id).then((usr) => {
usr.name = _.trim(req.body.name);
usr.rights = JSON.parse(req.body.rights);
if(usr.provider === 'local' && req.body.password !== '********') {
let nPwd = _.trim(req.body.password);
if(nPwd.length < 6) {
return Promise.reject(new Error('New Password too short!'))
} else {
return db.User.hashPassword(nPwd).then((pwd) => {
usr.password = pwd;
return usr.save();
});
}
} else {
return usr.save();
}
}).then(() => {
return res.json({ msg: 'OK' });
}).catch((err) => {
res.status(400).json({ msg: err.message });
})
});
router.get('/settings', (req, res) => { router.get('/settings', (req, res) => {
if(!res.locals.rights.manage) { if(!res.locals.rights.manage) {

4
views/common/alerts.pug
View File

@ -2,8 +2,8 @@
ul ul
template(v-for="aItem in children", track-by='_uid') template(v-for="aItem in children", track-by='_uid')
li(v-bind:class='aItem.class') li(v-bind:class='aItem.class')
button.delete(v-on:click='acknowledge(aItem._uid)') button(v-on:click='acknowledge(aItem._uid)')
h3 {{ aItem.title }} strong {{ aItem.title }}
span {{ aItem.message }} span {{ aItem.message }}
if appflash.length > 0 if appflash.length > 0

8
views/pages/admin/users-edit.pug
View File

@ -64,10 +64,10 @@ block adminContent
th(style={width: '150px'}) Access th(style={width: '150px'}) Access
th(style={width: '50px'}) th(style={width: '50px'})
tbody tbody
tr(v-for='right in rights', v-cloak) tr(v-for='(right, idx) in rights', v-cloak)
td.is-icon td.is-icon
i.icon-marquee-plus.is-green(v-if='!right.deny') i.icon-marquee-plus.is-green(v-if='right.deny === false || right.deny === "false"')
i.icon-marquee-minus.is-red(v-if='right.deny') i.icon-marquee-minus.is-red(v-if='right.deny === true || right.deny === "true"')
td td
p.control.is-fullwidth p.control.is-fullwidth
select(v-model='right.role') select(v-model='right.role')
@ -89,7 +89,7 @@ block adminContent
option(value='false') Allow option(value='false') Allow
option(value='true') Deny option(value='true') Deny
td.is-centered.has-action-icons td.is-centered.has-action-icons
i.icon-delete.is-red(v-on:click='removeRightsRow(right._id)') i.icon-delete.is-red(v-on:click='removeRightsRow(idx)')
tr(v-if='rights.length < 1', v-cloak) tr(v-if='rights.length < 1', v-cloak)
td.is-icon td.is-icon
td.is-centered(colspan='3'): em No additional access rights td.is-centered(colspan='3'): em No additional access rights