Commit 86b69d04 authored by Robert Czechowski's avatar Robert Czechowski
Browse files

Admin pages: Require login for admin search page, show more detailed user and group data

parent 5a49b74a
...@@ -48,12 +48,12 @@ type MedalValueResult = MedalResult<MedalValue>; ...@@ -48,12 +48,12 @@ type MedalValueResult = MedalResult<MedalValue>;
fn fill_user_data(session: &SessionUser, data: &mut json_val::Map<String, serde_json::Value>) { fn fill_user_data(session: &SessionUser, data: &mut json_val::Map<String, serde_json::Value>) {
if session.is_logged_in() { if session.is_logged_in() {
data.insert("logged_in".to_string(), to_json(&true)); data.insert("logged_in".to_string(), to_json(&true));
data.insert("username".to_string(), to_json(&session.username));
data.insert("firstname".to_string(), to_json(&session.firstname));
data.insert("lastname".to_string(), to_json(&session.lastname));
data.insert("teacher".to_string(), to_json(&session.is_teacher));
data.insert("csrf_token".to_string(), to_json(&session.csrf_token));
} }
data.insert("username".to_string(), to_json(&session.username));
data.insert("firstname".to_string(), to_json(&session.firstname));
data.insert("lastname".to_string(), to_json(&session.lastname));
data.insert("teacher".to_string(), to_json(&session.is_teacher));
data.insert("csrf_token".to_string(), to_json(&session.csrf_token));
data.insert("parent".to_string(), to_json(&"base")); data.insert("parent".to_string(), to_json(&"base"));
} }
...@@ -1030,6 +1030,19 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: &str, user_id: ...@@ -1030,6 +1030,19 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: &str, user_id:
Ok(result) Ok(result)
} }
pub fn admin_index<T: MedalConnection>(conn: &T, session_token: &str)
-> MedalValueResult {
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if session.id != 1 {
return Err(MedalError::AccessDenied);
}
let data = json_val::Map::new();
Ok(("admin".to_string(), data))
}
pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str, pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
s_data: (Option<i32>, s_data: (Option<i32>,
...@@ -1062,6 +1075,9 @@ pub fn admin_show_user<T: MedalConnection>(conn: &T, user_id: i32, session_token ...@@ -1062,6 +1075,9 @@ pub fn admin_show_user<T: MedalConnection>(conn: &T, user_id: i32, session_token
let (user, opt_group) = conn.get_user_and_group_by_id(user_id).ok_or(MedalError::AccessDenied)?; let (user, opt_group) = conn.get_user_and_group_by_id(user_id).ok_or(MedalError::AccessDenied)?;
fill_user_data(&user, &mut data); fill_user_data(&user, &mut data);
data.insert("logincode".to_string(), to_json(&user.logincode)); data.insert("logincode".to_string(), to_json(&user.logincode));
data.insert("userid".to_string(), to_json(&user.id));
data.insert("oauthid".to_string(), to_json(&user.oauth_foreign_id));
data.insert("oauthprovider".to_string(), to_json(&user.oauth_provider));
if let Some(group) = opt_group { if let Some(group) = opt_group {
data.insert("group_id".to_string(), to_json(&group.id)); data.insert("group_id".to_string(), to_json(&group.id));
...@@ -1119,6 +1135,10 @@ pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_tok ...@@ -1119,6 +1135,10 @@ pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_tok
data.insert("groupname".to_string(), to_json(&gi.name)); data.insert("groupname".to_string(), to_json(&gi.name));
data.insert("group_admin_id".to_string(), to_json(&group.admin)); data.insert("group_admin_id".to_string(), to_json(&group.admin));
let user = conn.get_user_by_id(group.admin).ok_or(MedalError::AccessDenied)?;
data.insert("group_admin_firstname".to_string(), to_json(&user.firstname));
data.insert("group_admin_lastname".to_string(), to_json(&user.lastname));
Ok(("admin_group".to_string(), data)) Ok(("admin_group".to_string(), data))
} }
......
...@@ -871,13 +871,17 @@ fn user_post<C>(req: &mut Request) -> IronResult<Response> ...@@ -871,13 +871,17 @@ fn user_post<C>(req: &mut Request) -> IronResult<Response>
//old: Ok(Response::with((status::Found, Redirect(url_for!(req, "user", "userid" => format!("{}",user_id)))))) //old: Ok(Response::with((status::Found, Redirect(url_for!(req, "user", "userid" => format!("{}",user_id))))))
} }
fn admin<C>(_req: &mut Request) -> IronResult<Response> fn admin<C>(req: &mut Request) -> IronResult<Response>
where C: MedalConnection + std::marker::Send + 'static { where C: MedalConnection + std::marker::Send + 'static {
//let session_token = req.expect_session_token()?; let session_token = req.expect_session_token()?;
let (template, data) = with_conn![core::admin_index,
C,
req,
&session_token].aug(req)?;
let data = json_val::Map::new();
let mut resp = Response::new(); let mut resp = Response::new();
resp.set_mut(Template::new("admin", data)).set_mut(status::Ok); resp.set_mut(Template::new(&template, data)).set_mut(status::Ok);
Ok(resp) Ok(resp)
} }
......
<h1>Suche</h1> <h1>Admin-Suche</h1>
<p>Suche beachtet Groß-/Kleinschreibung. Das Prozentzeichen % ist ein Wildcart in der Namenssuche. Die Suche gibt nur bis zu 30 Ergebnisse aus, auch wenn es mehr gibt!</p> <p>Suche beachtet Groß-/Kleinschreibung. Das Prozentzeichen % ist ein Wildcart in der Namenssuche. Die Suche gibt nur bis zu 30 Ergebnisse aus, auch wenn es mehr gibt!</p>
<p> <p>
......
<h1>Gruppe: {{group.name}}</h1> <h1>Gruppe: {{group.name}} ({{group.id}})</h1>
<p><a href="/admin/user/{{group_admin_id}}">Gruppen-Administrator: {{group_admin_id}}</a></p> <p>
Id: {{group.id}}<br>
<p>Gruppencode: {{group.code}}<br> Name: {{group.name}}<br>
Marker: {{group.tag}}</p> Gruppencode: {{group.code}}<br>
Marker: {{group.tag}}
</p>
<p>Gruppen-Administrator: <a href="/admin/user/{{group_admin_id}}">{{group_admin_firstname}} {{group_admin_lastname}} ({{group_admin_id}})</a></p>
<h2>Mitglieder</h2> <h2>Mitglieder</h2>
<table> <table>
<tr> <tr>
<th>Id</th>
<th>Name</th> <th>Name</th>
<th>Logincode</th> <th>Logincode</th>
<th>Jahrgangstufe</th> <th>Jahrgangstufe</th>
...@@ -15,10 +19,10 @@ ...@@ -15,10 +19,10 @@
{{#each member}} {{#each member}}
<tr> <tr>
<td><a href="/admin/user/{{id}}">{{id}}:</a></td>
<td><a href="/admin/user/{{id}}">{{firstname}} {{lastname}}</a></td> <td><a href="/admin/user/{{id}}">{{firstname}} {{lastname}}</a></td>
<td>{{logincode}}</td> <td>{{logincode}}</td>
<td>{{grade}}</td> <td>{{grade}}</td>
</tr> </tr>
{{/each}} {{/each}}
</table> </table>
<h1>Ergebnisse</h1> <h1>Ergebnisse</h1>
<ul> <ul>
{{#each result}} {{#each result}}
<li><a href="{{this.0}}">({{this.0}}) {{this.1}} {{this.2}}</li> <li><a href="{{this.0}}">{{this.0}}: {{this.1}} {{this.2}}</li>
{{/each}} {{/each}}
</ul> </ul>
<h1>Benutzer: {{firstname}} {{lastname}}</h1> <h1>Benutzer {{firstname}} {{lastname}} ({{userid}})</h1>
Id: {{userid}}<br>
Vorname: {{firstname}}<br>
Nachname: {{lastname}}<br>
{{#if username}}Benutzername: {{username}}<br>{{/if}} {{#if username}}Benutzername: {{username}}<br>{{/if}}
{{#if logincode}}Logincode: {{logincode}}<br>{{/if}} {{#if logincode}}Logincode: {{logincode}}<br>{{/if}}
{{#if oauthid}}OAuth-Login: {{oauthprovider}} ({{oauthprovider}}-id: {{oauthid}})<br>{{/if}}
{{#if teacher}}Ist Lehrer <br>{{/if}} {{#if teacher}}Ist Lehrer <br>{{/if}}
{{#if logged_id}}Ist eingeloggt <br>{{/if}} {{#if logged_id}}Ist eingeloggt <br>{{/if}}
<h2>Gruppen</h2> <h2>Gruppen</h2>
{{#if group}} {{#if group}}
<h3>Admin von</h3> <h3>Admin von</h3>
<ul> <table>
{{#each group}} <tr>
<li><a href="/admin/group/{{id}}">{{name}}</a>, {{code}}, {{tag}}</li> <th>Id</th>
{{/each}} <th>Name</th>
</ul> <th>Gruppencode</th>
<th>Marker</th>
</tr>
{{#each group}}
<tr>
<td><a href="/admin/group/{{id}}">{{id}}:</a></td>
<td><a href="/admin/group/{{id}}">{{name}}</a></td>
<td>{{code}}</td>
<td>{{tag}}</td>
</tr>
{{/each}}
</table>
{{/if}} {{/if}}
{{#if group_id }} {{#if group_id }}
<h3>Mitglied von</h3> <h3>Mitglied von</h3>
<ul> <ul>
<li><a href="/admin/group/{{group_id}}">{{group_name}}</a></li> <li><a href="/admin/group/{{group_id}}">{{group_id}}: {{group_name}}</a></li>
</ul> </ul>
{{/if}} {{/if}}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment