Browse Source

add admin. functions for 'users' section and create /site-settings.

The site's admin. can now create and delete accounts of all other
users. The admin. can, also, change the other passwords of the other
users.
stable
Craig Oates 2 years ago
parent
commit
793c5d544b
  1. 56
      src/web.lisp

56
src/web.lisp

@ -166,6 +166,62 @@
(progn (utils:set-alert "You are not logged in.")
(redirect "/login"))))
(defroute ("/site-settings" :method :GET) ()
(hermetic:auth (:administrator)
;; Authorised
(let ((alert (utils:get-and-reset-alert)))
(render #P"user/site-settings.html"
(append (auth:auth-user-data)
`(:alert ,alert))))
;; Not Authorised
(progn
(utils:set-alert "You are not authorised to view this page.")
(redirect "/"))))
(defroute ("/users" :method :GET) ()
(hermetic:auth (:administrator)
;; Authorised
(let ((alert (utils:get-and-reset-alert)))
(render #P"user/index.html"
(append (auth:auth-user-data)
`(:alert ,alert
:users ,(nera:get-all-users)))))
;; Not Authorised
(progn
(utils:set-alert "You are not authorised to view this page.")
(redirect "/login"))))
(defroute ("/user/admin/create" :method :POST) ()
(destructuring-bind
(&key username display-name password password-check
authenticity-token &allow-other-keys)
(utils:request-params
(lack.request:request-body-parameters ningle:*request*))
(cond ((not (string= authenticity-token (auth:csrf-token)))
`(,+forbidden+ (:content-type "text/plain") ("Denied")))
((not (string= password password-check))
(utils:set-alert "Passwords don't match.")
(redirect "/users"))
((find t (mapcar
#'utils:string-is-nil-or-empty?
`(,username ,display-name ,password)))
(utils:set-alert "Incomplete form. Please fill out every section.")
(redirect "/users"))
((not (null (nera:get-user username)))
(utils:set-alert "Username already taken.")
(redirect "/users"))
(t (hermetic:auth
(:administrator)
;; Authorised
(progn
(nera-db:create-user username display-name password +false+)
(utils:set-alert "Account created.")
(redirect "/users"))
;; Not Authorised
(progn
(utils:set-alert "You are not authorised to view that page.")
(redirect "/")))))))
(defroute ("/user/edit" :method :GET) ()
(hermetic:auth (:logged-in)
;; Authorised

Loading…
Cancel
Save