@ -32,12 +32,14 @@
;; Routing rules
( defroute "/" ( )
( let ( ( alert ( utils:get-and-reset-alert ) ) )
( hermetic:auth ( :logged-in )
( render #P"index.html"
( append ( auth:auth-user-data )
` ( :alert , alert ) ) )
( render #P"index.html" ` ( :alert , alert ) ) ) ) )
( render #P"index.html"
( append ( if ( hermetic:logged-in-p )
( auth:auth-user-data ) )
` ( :alert , ( utils:get-and-reset-alert )
:content , ( storage:open-text-file
"" "pages"
( site-settings::home-page-of
( nera:get-site-settings ) ) ) ) ) ) )
( defroute "/setup" ( )
;; If there is no database, there is no user, hence no more checks.
@ -172,14 +174,57 @@
( defroute ( "/site-settings" :method :GET ) ( )
( hermetic:auth ( :administrator )
;; Authorised
( let ( ( alert ( utils:get-and-reset-alert ) ) )
( render #P"user/site-settings.html"
( append ( auth:auth-user-data )
` ( :alert , alert ) ) ) )
( render #P"user/site-settings.html"
( append ( auth:auth-user-data )
` ( :alert , ( utils:get-and-reset-alert )
:pages , ( storage:get-file-names
( storage:get-files-in-directory
"" "pages" ) )
:settings , ( nera:get-site-settings ) ) ) )
;; Not Authorised
( progn
( utils:set-alert "You are not authorised to view this page." )
( redirect "/" ) ) ) )
( redirect "/login" ) ) ) )
( defroute ( "/site-settings/sign-up" :method :POST ) ( )
( destructuring-bind
( &key enable-sign-up authenticity-token &allow-other-keys )
( utils:request-params
( lack.request:request-body-parameters ningle:*request* ) )
( if ( not ( string= authenticity-token ( auth:csrf-token ) ) )
` ( , +forbidden+ ( :content-type "text/plain" ) ( "Denied" ) )
( hermetic:auth ( :administrator )
;; Authorised
( progn
( nera:update-enable-sign-on-settings enable-sign-up )
( utils:set-alert "Enable Sign-Up setting saved." )
( redirect "/site-settings" ) )
;; Not Authorised
( progn
( utils:set-alert "You are not authorised to view this page." )
( redirect "/login" ) ) ) ) ) )
( defroute ( "/site-settings/home-page" :method :POST ) ( )
( destructuring-bind
( &key set-home-page authenticity-token &allow-other-keys )
( utils:request-params
( lack.request:request-body-parameters ningle:*request* ) )
( if ( not ( string= authenticity-token ( auth:csrf-token ) ) )
` ( , +forbidden+ ( :content-type "text/plain" ) ( "Denied" ) )
( hermetic:auth ( :administrator )
;; Authorised
( cond ( ( or ( string= set-home-page "Select Page" )
( utils:string-is-nil-or-empty? set-home-page ) )
( utils:set-alert "No value provided. Home page not changed." )
( redirect "/site-settings" ) )
( t
( nera:set-home-page set-home-page )
( utils:set-alert "Home page set." )
( redirect "/site-settings" ) ) )
;; Not Authorised
( progn
( utils:set-alert "You are not authorised to view this page." )
( redirect "/login" ) ) ) ) ) )
( defroute ( "/users" :method :GET ) ( )
( hermetic:auth ( :administrator )