1 package server
2
3 import (
4 "fmt"
5 "net/http"
6 "strings"
7
8 "codeberg.org/tslocum/sriracha/internal/database"
9 . "codeberg.org/tslocum/sriracha/model"
10 . "codeberg.org/tslocum/sriracha/util"
11 )
12
13 func (s *Server) loadAccountForm(db *database.DB, r *http.Request, a *Account) {
14 a.Username = FormString(r, "username")
15 a.Role = FormRange(r, "role", RoleSuperAdmin, RoleDisabled)
16 }
17
18 func (s *Server) serveAccount(data *templateData, db *database.DB, w http.ResponseWriter, r *http.Request) {
19 if data.forbidden(w, RoleSuperAdmin) {
20 return
21 }
22 data.Template = "manage_account"
23
24 accountID := PathInt(r, "/sriracha/account/")
25 if accountID > 0 {
26 data.Manage.Account = db.AccountByID(accountID)
27
28 if data.Manage.Account != nil && r.Method == http.MethodPost {
29 oldAccount := *data.Manage.Account
30 oldUsername := data.Manage.Account.Username
31 s.loadAccountForm(db, r, data.Manage.Account)
32
33 err := data.Manage.Account.Validate()
34 if err != nil {
35 data.ManageError(err.Error())
36 return
37 }
38
39 if data.Account.ID == data.Manage.Account.ID && data.Manage.Account.Role != RoleSuperAdmin {
40 data.ManageError("You may not change the role of your own account.")
41 return
42 }
43
44 if data.Manage.Account.Username != oldUsername {
45 match := db.AccountByUsername(data.Manage.Account.Username)
46 if match != nil {
47 data.ManageError("New username already taken")
48 return
49 }
50
51 db.UpdateAccountUsername(data.Manage.Account)
52 }
53
54 db.UpdateAccountRole(data.Manage.Account)
55
56 password := r.FormValue("password")
57 if strings.TrimSpace(password) != "" {
58 db.UpdateAccountPassword(data.Manage.Account.ID, password)
59 }
60
61 changes := printChanges(oldAccount, *data.Manage.Account)
62 s.log(db, data.Account, nil, fmt.Sprintf("Updated >>/account/%d", data.Manage.Account.ID), changes)
63
64 http.Redirect(w, r, "/sriracha/account/", http.StatusFound)
65 return
66 }
67 return
68 }
69
70 if r.Method == http.MethodPost {
71 a := &Account{}
72 s.loadAccountForm(db, r, a)
73
74 err := a.Validate()
75 if err != nil {
76 data.ManageError(err.Error())
77 return
78 }
79
80 password := r.FormValue("password")
81 if strings.TrimSpace(password) == "" {
82 data.ManageError("A password is required")
83 return
84 }
85
86 db.AddAccount(a, password)
87
88 s.log(db, data.Account, nil, fmt.Sprintf("Added >>/account/%d", a.ID), "")
89
90 http.Redirect(w, r, "/sriracha/account/", http.StatusFound)
91 return
92 }
93
94 data.Manage.Accounts = db.AllAccounts()
95 }
96
View as plain text