diff options
author | Sebastian Reichel <sre@ring0.de> | 2016-04-10 22:57:06 +0200 |
---|---|---|
committer | Sebastian Reichel <sre@ring0.de> | 2016-04-10 22:57:06 +0200 |
commit | 2d77a9832112852500c7320f1e5311999720ecad (patch) | |
tree | 3108467268008446bfa32812eb36d5ce6c894c74 | |
parent | 0f369549ab9744f310f4783c97037d3009b54002 (diff) | |
download | serial-barcode-scanner-2d77a9832112852500c7320f1e5311999720ecad.tar.bz2 |
web: admins can change permissions of users
-rw-r--r-- | src/web/web.vala | 61 | ||||
-rw-r--r-- | templates/products/entry.html | 10 | ||||
-rw-r--r-- | templates/users/entry.html | 70 |
3 files changed, 128 insertions, 13 deletions
diff --git a/src/web/web.vala b/src/web/web.vala index cec12ed..ee6e71a 100644 --- a/src/web/web.vala +++ b/src/web/web.vala @@ -72,6 +72,11 @@ public class WebServer { case "stats": handler_todo(server, msg, path, query, client); break; + case "toggle_auth_products": + case "toggle_auth_cashbox": + case "toggle_auth_users": + handler_user_toggle_auth(server, msg, path, query, client, id, pathparts[3]); + break; default: handler_404(server, msg, path, query, client); break; @@ -266,6 +271,46 @@ public class WebServer { } } + void handler_user_toggle_auth(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client, int id, string action) { + try { + var l = new WebSession(server, msg, path, query, client); + + if(!l.superuser) { + handler_403(server, msg, path, query, client); + return; + } + + var olduserauth = db.get_user_auth(id); + + switch(action) { + case "toggle_auth_products": + olduserauth.auth_products = !olduserauth.auth_products; + break; + case "toggle_auth_cashbox": + olduserauth.auth_cashbox = !olduserauth.auth_cashbox; + break; + case "toggle_auth_users": + olduserauth.auth_users = !olduserauth.auth_users; + break; + } + + db.set_user_auth(olduserauth); + + var newuserauth = db.get_user_auth(id); + + var auth_products = newuserauth.auth_products ? "true" : "false"; + var auth_cashbox = newuserauth.auth_cashbox ? "true" : "false"; + var auth_users = newuserauth.auth_users ? "true" : "false"; + + msg.set_response("application/json", Soup.MemoryUse.COPY, @"{ \"products\": \"$auth_products\", \"cashbox\": \"$auth_cashbox\", \"users\": \"$auth_users\" }".data); + msg.set_status(200); + } catch(DatabaseError e) { + handler_400(server, msg, path, query, client, e.message); + } catch(IOError e) { + handler_400(server, msg, path, query, client, e.message); + } + } + void handler_user_entry(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client, int id) { try { var session = new WebSession(server, msg, path, query, client); @@ -292,9 +337,19 @@ public class WebServer { var userauth = db.get_user_auth(id); t.replace("DISABLED", userauth.disabled ? "true" : "false"); t.replace("ISSUPERUSER", userauth.superuser ? "true" : "false"); - t.replace("HAS_AUTH_PRODUCTS", userauth.auth_products ? "true" : "false"); - t.replace("HAS_AUTH_CASHBOX", userauth.auth_cashbox ? "true" : "false"); - t.replace("HAS_AUTH_USERS", userauth.auth_users ? "true" : "false"); + t.replace("HAS_AUTH_PRODUCTS", userauth.auth_products ? "Yes" : "No"); + t.replace("HAS_AUTH_CASHBOX", userauth.auth_cashbox ? "Yes" : "No"); + t.replace("HAS_AUTH_USERS", userauth.auth_users ? "Yes" : "No"); + + t.replace("BTN_AUTH_PRODUCTS", userauth.auth_products ? "btn-success" : "btn-danger"); + t.replace("BTN_AUTH_CASHBOX", userauth.auth_cashbox ? "btn-success" : "btn-danger"); + t.replace("BTN_AUTH_USERS", userauth.auth_users ? "btn-success" : "btn-danger"); + + if(session.superuser) { + t.replace("ISADMIN2", ""); + } else { + t.replace("ISADMIN2", "disabled=\"disabled\""); + } var postdata = Soup.Form.decode_multipart(msg, null, null, null, null); if(postdata != null && postdata.contains("password1") && postdata.contains("password2")) { diff --git a/templates/products/entry.html b/templates/products/entry.html index 83d98b8..05c1dce 100644 --- a/templates/products/entry.html +++ b/templates/products/entry.html @@ -1,11 +1,11 @@ <h2>Product Information</h2> <p> <table class="table table-bordered table-nonfluid"> - <th>EAN</th><td>{{{EAN}}}</td></tr> - <th>Name</th><td>{{{NAME}}}</td></tr> - <th>Category</th><td>{{{CATEGORY}}}</td></tr> - <th>Amount</th><td>{{{AMOUNT}}}</td></tr> - <th>State</th><td><button id="statebutton" type="button" class="btn {{{BTNSTATE}}}" {{{ISADMIN2}}}>{{{STATE}}}</button></td></tr> + <tr><th>EAN</th><td>{{{EAN}}}</td></tr> + <tr><th>Name</th><td>{{{NAME}}}</td></tr> + <tr><th>Category</th><td>{{{CATEGORY}}}</td></tr> + <tr><th>Amount</th><td>{{{AMOUNT}}}</td></tr> + <tr><th>State</th><td><button id="statebutton" type="button" class="btn {{{BTNSTATE}}}" {{{ISADMIN2}}}>{{{STATE}}}</button></td></tr> </table> </p></p> diff --git a/templates/users/entry.html b/templates/users/entry.html index ad20b70..03594cb 100644 --- a/templates/users/entry.html +++ b/templates/users/entry.html @@ -25,9 +25,9 @@ <tr><th colspan="2">Administrative Information</th></tr> <tr><th>Disabled</th><td>{{{DISABLED}}}</td></tr> <tr><th>Superuser</th><td>{{{ISSUPERUSER}}}</td></tr> - <tr><th>Auth Products</th><td>{{{HAS_AUTH_PRODUCTS}}}</td></tr> - <tr><th>Auth Cashbox</th><td>{{{HAS_AUTH_CASHBOX}}}</td></tr> - <tr><th>Auth Users</th><td>{{{HAS_AUTH_USERS}}}</td></tr> + <tr><th>Auth Products</th><td><button id="authproductsbutton" type="button" class="btn {{{BTN_AUTH_PRODUCTS}}}" {{{ISADMIN2}}}>{{{HAS_AUTH_PRODUCTS}}}</button></td></tr> + <tr><th>Auth Cashbox</th><td><button id="authcashboxbutton" type="button" class="btn {{{BTN_AUTH_CASHBOX}}}" {{{ISADMIN2}}}>{{{HAS_AUTH_CASHBOX}}}</button></td></tr> + <tr><th>Auth Users</th><td><button id="authusersbutton" type="button" class="btn {{{BTN_AUTH_USERS}}}" {{{ISADMIN2}}}>{{{HAS_AUTH_USERS}}}</button></td></tr> <tr><th>Invoices</th><td><a href="./{{{UID}}}/invoice">Show</a></td></tr> <tr><th rowspan="3">Password</th><td><input name="password1" placeholder="New Password" type="password" /></td></tr> <tr><td><input name="password2" placeholder="New Password (again)" type="password" /></td></tr> @@ -36,6 +36,66 @@ </form> <script language="JavaScript"> - code39_init(); - code39_draw("USER {{{UID}}}", true); +code39_init(); +code39_draw("USER {{{UID}}}", true); + +$('#authproductsbutton').on('click', function (e) { + var req = $.getJSON( + "/users/{{{UID}}}/toggle_auth_products", + function( data ) { + if(data["products"] == "false") { + $('#authproductsbutton').html("No") + $('#authproductsbutton').addClass("btn-danger") + $('#authproductsbutton').removeClass("btn-success") + } else if(data["products"] == "true") { + $('#authproductsbutton').html("Yes") + $('#authproductsbutton').addClass("btn-success") + $('#authproductsbutton').removeClass("btn-danger") + } else { + console.error("unknown state") + console.info(data) + } + } + ); +}); + +$('#authcashboxbutton').on('click', function (e) { + var req = $.getJSON( + "/users/{{{UID}}}/toggle_auth_cashbox", + function( data ) { + if(data["cashbox"] == "false") { + $('#authcashboxbutton').html("No") + $('#authcashboxbutton').addClass("btn-danger") + $('#authcashboxbutton').removeClass("btn-success") + } else if(data["cashbox"] == "true") { + $('#authcashboxbutton').html("Yes") + $('#authcashboxbutton').addClass("btn-success") + $('#authcashboxbutton').removeClass("btn-danger") + } else { + console.error("unknown state") + console.info(data) + } + } + ); +}); + +$('#authusersbutton').on('click', function (e) { + var req = $.getJSON( + "/users/{{{UID}}}/toggle_auth_users", + function( data ) { + if(data["users"] == "false") { + $('#authusersbutton').html("No") + $('#authusersbutton').addClass("btn-danger") + $('#authusersbutton').removeClass("btn-success") + } else if(data["users"] == "true") { + $('#authusersbutton').html("Yes") + $('#authusersbutton').addClass("btn-success") + $('#authusersbutton').removeClass("btn-danger") + } else { + console.error("unknown state") + console.info(data) + } + } + ); +}); </script> |