|
|
|
@ -166,6 +166,62 @@
|
|
|
|
|
(progn (utils:set-alert "You are not logged in.") |
|
|
|
|
(redirect "/login")))) |
|
|
|
|
|
|
|
|
|
(defroute ("/site-settings" :method :GET) () |
|
|
|
|
(hermetic:auth (:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(let ((alert (utils:get-and-reset-alert))) |
|
|
|
|
(render #P"user/site-settings.html" |
|
|
|
|
(append (auth:auth-user-data) |
|
|
|
|
`(:alert ,alert)))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn |
|
|
|
|
(utils:set-alert "You are not authorised to view this page.") |
|
|
|
|
(redirect "/")))) |
|
|
|
|
|
|
|
|
|
(defroute ("/users" :method :GET) () |
|
|
|
|
(hermetic:auth (:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(let ((alert (utils:get-and-reset-alert))) |
|
|
|
|
(render #P"user/index.html" |
|
|
|
|
(append (auth:auth-user-data) |
|
|
|
|
`(:alert ,alert |
|
|
|
|
:users ,(nera:get-all-users))))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn |
|
|
|
|
(utils:set-alert "You are not authorised to view this page.") |
|
|
|
|
(redirect "/login")))) |
|
|
|
|
|
|
|
|
|
(defroute ("/user/admin/create" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key username display-name password password-check |
|
|
|
|
authenticity-token &allow-other-keys) |
|
|
|
|
(utils:request-params |
|
|
|
|
(lack.request:request-body-parameters ningle:*request*)) |
|
|
|
|
(cond ((not (string= authenticity-token (auth:csrf-token))) |
|
|
|
|
`(,+forbidden+ (:content-type "text/plain") ("Denied"))) |
|
|
|
|
((not (string= password password-check)) |
|
|
|
|
(utils:set-alert "Passwords don't match.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
((find t (mapcar |
|
|
|
|
#'utils:string-is-nil-or-empty? |
|
|
|
|
`(,username ,display-name ,password))) |
|
|
|
|
(utils:set-alert "Incomplete form. Please fill out every section.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
((not (null (nera:get-user username))) |
|
|
|
|
(utils:set-alert "Username already taken.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
(t (hermetic:auth |
|
|
|
|
(:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(progn |
|
|
|
|
(nera-db:create-user username display-name password +false+) |
|
|
|
|
(utils:set-alert "Account created.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn |
|
|
|
|
(utils:set-alert "You are not authorised to view that page.") |
|
|
|
|
(redirect "/"))))))) |
|
|
|
|
|
|
|
|
|
(defroute ("/user/edit" :method :GET) () |
|
|
|
|
(hermetic:auth (:logged-in) |
|
|
|
|
;; Authorised |
|
|
|
|