expressCart/routes/user.js

204 lines
7.0 KiB
JavaScript
Raw Normal View History

2018-02-05 23:20:44 +10:00
const express = require('express');
const common = require('../lib/common');
2018-02-05 23:20:44 +10:00
const colors = require('colors');
const bcrypt = require('bcryptjs');
2018-02-06 04:33:40 +10:00
const url = require('url');
2018-02-05 23:20:44 +10:00
const router = express.Router();
2018-02-06 04:33:40 +10:00
router.get('/admin/users', common.restrict, (req, res) => {
2018-02-05 23:20:44 +10:00
const db = req.app.db;
db.users.find({}).toArray((err, users) => {
if(err){
console.info(err.stack);
}
res.render('users', {
title: 'Users',
users: users,
admin: true,
2018-02-23 03:41:24 +10:00
config: req.app.config,
2018-02-05 23:20:44 +10:00
isAdmin: req.session.isAdmin,
helpers: req.handlebars.helpers,
session: req.session,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType')
});
});
});
// edit user
2018-02-06 04:33:40 +10:00
router.get('/admin/user/edit/:id', common.restrict, (req, res) => {
2018-02-05 23:20:44 +10:00
const db = req.app.db;
db.users.findOne({_id: common.getId(req.params.id)}, (err, user) => {
if(err){
console.info(err.stack);
}
// if the user we want to edit is not the current logged in user and the current user is not
// an admin we render an access denied message
2018-02-06 07:28:04 +10:00
if(user.userEmail !== req.session.user && req.session.isAdmin === false){
2018-02-05 23:20:44 +10:00
req.session.message = 'Access denied';
req.session.messageType = 'danger';
res.redirect('/Users/');
return;
}
res.render('user_edit', {
title: 'User edit',
user: user,
admin: true,
session: req.session,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config
2018-02-05 23:20:44 +10:00
});
});
});
// users new
2018-02-06 04:33:40 +10:00
router.get('/admin/user/new', common.restrict, (req, res) => {
2018-02-05 23:20:44 +10:00
res.render('user_new', {
title: 'User - New',
admin: true,
session: req.session,
helpers: req.handlebars.helpers,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
2018-02-23 03:41:24 +10:00
config: req.app.config
2018-02-05 23:20:44 +10:00
});
});
// delete user
2018-02-06 04:33:40 +10:00
router.get('/admin/user/delete/:id', common.restrict, (req, res) => {
2018-02-05 23:20:44 +10:00
const db = req.app.db;
2018-02-06 07:28:04 +10:00
if(req.session.isAdmin === true){
2018-02-05 23:20:44 +10:00
db.users.remove({_id: common.getId(req.params.id)}, {}, (err, numRemoved) => {
if(err){
console.info(err.stack);
}
req.session.message = 'User deleted.';
req.session.messageType = 'success';
res.redirect('/admin/users');
});
}else{
req.session.message = 'Access denied.';
req.session.messageType = 'danger';
res.redirect('/admin/users');
}
});
// update a user
2018-02-06 04:33:40 +10:00
router.post('/admin/user/update', common.restrict, (req, res) => {
2018-02-05 23:20:44 +10:00
const db = req.app.db;
2018-02-06 07:28:04 +10:00
let isAdmin = req.body.user_admin === 'on';
2018-02-05 23:20:44 +10:00
// get the user we want to update
db.users.findOne({_id: common.getId(req.body.userId)}, (err, user) => {
if(err){
console.info(err.stack);
}
// If the current user changing own account ensure isAdmin retains existing
if(user.userEmail === req.session.user){
isAdmin = user.isAdmin;
}
2018-02-05 23:20:44 +10:00
// if the user we want to edit is not the current logged in user and the current user is not
// an admin we render an access denied message
2018-02-06 07:28:04 +10:00
if(user.userEmail !== req.session.user && req.session.isAdmin === false){
2018-02-05 23:20:44 +10:00
req.session.message = 'Access denied';
req.session.messageType = 'danger';
res.redirect('/admin/users/');
return;
}
// create the update doc
let updateDoc = {};
updateDoc.isAdmin = isAdmin;
updateDoc.usersName = req.body.usersName;
if(req.body.userPassword){
updateDoc.userPassword = bcrypt.hashSync(req.body.userPassword);
}
db.users.update({_id: common.getId(req.body.userId)},
{
$set: updateDoc
}, {multi: false}, (err, numReplaced) => {
if(err){
console.error(colors.red('Failed updating user: ' + err));
req.session.message = 'Failed to update user';
req.session.messageType = 'danger';
res.redirect('/admin/user/edit/' + req.body.userId);
}else{
// show the view
req.session.message = 'User account updated.';
req.session.messageType = 'success';
res.redirect('/admin/user/edit/' + req.body.userId);
}
});
});
});
// insert a user
2018-02-06 04:33:40 +10:00
router.post('/admin/user/insert', common.restrict, (req, res) => {
2018-02-05 23:20:44 +10:00
const db = req.app.db;
// set the account to admin if using the setup form. Eg: First user account
let urlParts = url.parse(req.header('Referer'));
2018-02-06 07:28:04 +10:00
let isAdmin = false;
2018-02-05 23:20:44 +10:00
if(urlParts.path === '/admin/setup'){
2018-02-06 07:28:04 +10:00
isAdmin = true;
2018-02-05 23:20:44 +10:00
}
let doc = {
usersName: req.body.usersName,
userEmail: req.body.userEmail,
userPassword: bcrypt.hashSync(req.body.userPassword, 10),
isAdmin: isAdmin
};
// check for existing user
db.users.findOne({'userEmail': req.body.userEmail}, (err, user) => {
if(user){
// user already exists with that email address
console.error(colors.red('Failed to insert user, possibly already exists: ' + err));
req.session.message = 'A user with that email address already exists';
req.session.messageType = 'danger';
res.redirect('/admin/user/new');
return;
}
// email is ok to be used.
db.users.insert(doc, (err, doc) => {
// show the view
if(err){
if(doc){
console.error(colors.red('Failed to insert user: ' + err));
req.session.message = 'User exists';
req.session.messageType = 'danger';
res.redirect('/admin/user/edit/' + doc._id);
return;
}
console.error(colors.red('Failed to insert user: ' + err));
req.session.message = 'New user creation failed';
req.session.messageType = 'danger';
res.redirect('/admin/user/new');
return;
}
req.session.message = 'User account inserted';
req.session.messageType = 'success';
// if from setup we add user to session and redirect to login.
// Otherwise we show users screen
if(urlParts.path === '/admin/setup'){
req.session.user = req.body.userEmail;
res.redirect('/admin/login');
return;
}
res.redirect('/admin/users');
});
});
});
module.exports = router;