Skip to content

GitLab

Commit 86b69d04 authored by Robert Czechowski's avatar Robert Czechowski
Browse files

Admin pages: Require login for admin search page, show more detailed user and group data

parent 5a49b74a
Show whitespace changes
Inline Side-by-side
src/core.rs
View file @ 86b69d04
......@@ -48,12 +48,12 @@ type MedalValueResult = MedalResult<MedalValue>;
fn fill_user_data(session: &SessionUser, data: &mut json_val::Map<String, serde_json::Value>) {
if session.is_logged_in() {
data.insert("logged_in".to_string(), to_json(&true));
}
data.insert("username".to_string(), to_json(&session.username));
data.insert("firstname".to_string(), to_json(&session.firstname));
data.insert("lastname".to_string(), to_json(&session.lastname));
data.insert("teacher".to_string(), to_json(&session.is_teacher));
data.insert("csrf_token".to_string(), to_json(&session.csrf_token));
}
data.insert("parent".to_string(), to_json(&"base"));
}
......@@ -1030,6 +1030,19 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: &str, user_id:
Ok(result)
}
pub fn admin_index<T: MedalConnection>(conn: &T, session_token: &str)
-> MedalValueResult {
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if session.id != 1 {
return Err(MedalError::AccessDenied);
}
let data = json_val::Map::new();
Ok(("admin".to_string(), data))
}
pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
s_data: (Option<i32>,
......@@ -1062,6 +1075,9 @@ pub fn admin_show_user<T: MedalConnection>(conn: &T, user_id: i32, session_token
let (user, opt_group) = conn.get_user_and_group_by_id(user_id).ok_or(MedalError::AccessDenied)?;
fill_user_data(&user, &mut data);
data.insert("logincode".to_string(), to_json(&user.logincode));
data.insert("userid".to_string(), to_json(&user.id));
data.insert("oauthid".to_string(), to_json(&user.oauth_foreign_id));
data.insert("oauthprovider".to_string(), to_json(&user.oauth_provider));
if let Some(group) = opt_group {
data.insert("group_id".to_string(), to_json(&group.id));
......@@ -1119,6 +1135,10 @@ pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_tok
data.insert("groupname".to_string(), to_json(&gi.name));
data.insert("group_admin_id".to_string(), to_json(&group.admin));
let user = conn.get_user_by_id(group.admin).ok_or(MedalError::AccessDenied)?;
data.insert("group_admin_firstname".to_string(), to_json(&user.firstname));
data.insert("group_admin_lastname".to_string(), to_json(&user.lastname));
Ok(("admin_group".to_string(), data))
}
......
src/webfw_iron.rs
View file @ 86b69d04
......@@ -871,13 +871,17 @@ fn user_post<C>(req: &mut Request) -> IronResult<Response>
//old: Ok(Response::with((status::Found, Redirect(url_for!(req, "user", "userid" => format!("{}",user_id))))))
}
fn admin<C>(_req: &mut Request) -> IronResult<Response>
fn admin<C>(req: &mut Request) -> IronResult<Response>
where C: MedalConnection + std::marker::Send + 'static {
//let session_token = req.expect_session_token()?;
let session_token = req.expect_session_token()?;
let (template, data) = with_conn![core::admin_index,
C,
req,
&session_token].aug(req)?;
let data = json_val::Map::new();
let mut resp = Response::new();
resp.set_mut(Template::new("admin", data)).set_mut(status::Ok);
resp.set_mut(Template::new(&template, data)).set_mut(status::Ok);
Ok(resp)
}
......
templates/default/admin.hbs
View file @ 86b69d04
<h1>Suche</h1>
<h1>Admin-Suche</h1>
<p>Suche beachtet Groß-/Kleinschreibung. Das Prozentzeichen % ist ein Wildcart in der Namenssuche. Die Suche gibt nur bis zu 30 Ergebnisse aus, auch wenn es mehr gibt!</p>
<p>
......
templates/default/admin_group.hbs
View file @ 86b69d04
<h1>Gruppe: {{group.name}}</h1>
<h1>Gruppe: {{group.name}} ({{group.id}})</h1>
<p><a href="/admin/user/{{group_admin_id}}">Gruppen-Administrator: {{group_admin_id}}</a></p>
<p>Gruppencode: {{group.code}}<br>
Marker: {{group.tag}}</p>
<p>
Id: {{group.id}}<br>
Name: {{group.name}}<br>
Gruppencode: {{group.code}}<br>
Marker: {{group.tag}}
</p>
<p>Gruppen-Administrator: <a href="/admin/user/{{group_admin_id}}">{{group_admin_firstname}} {{group_admin_lastname}} ({{group_admin_id}})</a></p>
<h2>Mitglieder</h2>
<table>
<tr>
<th>Id</th>
<th>Name</th>
<th>Logincode</th>
<th>Jahrgangstufe</th>
......@@ -15,10 +19,10 @@
{{#each member}}
<tr>
<td><a href="/admin/user/{{id}}">{{id}}:</a></td>
<td><a href="/admin/user/{{id}}">{{firstname}} {{lastname}}</a></td>
<td>{{logincode}}</td>
<td>{{grade}}</td>
</tr>
{{/each}}
</table>
templates/default/admin_search_results.hbs
View file @ 86b69d04
<h1>Ergebnisse</h1>
<ul>
{{#each result}}
<li><a href="{{this.0}}">({{this.0}}) {{this.1}} {{this.2}}</li>
<li><a href="{{this.0}}">{{this.0}}: {{this.1}} {{this.2}}</li>
{{/each}}
</ul>
templates/default/admin_user.hbs
View file @ 86b69d04
<h1>Benutzer: {{firstname}} {{lastname}}</h1>
<h1>Benutzer {{firstname}} {{lastname}} ({{userid}})</h1>
Id: {{userid}}<br>
Vorname: {{firstname}}<br>
Nachname: {{lastname}}<br>
{{#if username}}Benutzername: {{username}}<br>{{/if}}
{{#if logincode}}Logincode: {{logincode}}<br>{{/if}}
{{#if oauthid}}OAuth-Login: {{oauthprovider}} ({{oauthprovider}}-id: {{oauthid}})<br>{{/if}}
{{#if teacher}}Ist Lehrer <br>{{/if}}
{{#if logged_id}}Ist eingeloggt <br>{{/if}}
<h2>Gruppen</h2>
{{#if group}}
<h3>Admin von</h3>
<ul>
<table>
<tr>
<th>Id</th>
<th>Name</th>
<th>Gruppencode</th>
<th>Marker</th>
</tr>
{{#each group}}
<li><a href="/admin/group/{{id}}">{{name}}</a>, {{code}}, {{tag}}</li>
<tr>
<td><a href="/admin/group/{{id}}">{{id}}:</a></td>
<td><a href="/admin/group/{{id}}">{{name}}</a></td>
<td>{{code}}</td>
<td>{{tag}}</td>
</tr>
{{/each}}
</ul>
</table>
{{/if}}
{{#if group_id }}
<h3>Mitglied von</h3>
<ul>
<li><a href="/admin/group/{{group_id}}">{{group_name}}</a></li>
<li><a href="/admin/group/{{group_id}}">{{group_id}}: {{group_name}}</a></li>
</ul>
{{/if}}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment