Check for super user on user edit

2025-01-19 09:45:28 +01:00 · 2023-10-08 16:39:04 -04:00 · 2023-10-08 16:39:04 -04:00 · 6d9f930e71
commit 6d9f930e71
parent 612cac4ed2
2 changed files with 27 additions and 5 deletions
--- a/app/frontend/templates/panel/panel_config.html
+++ b/app/frontend/templates/panel/panel_config.html
@ -138,7 +138,7 @@
                              {% end %}
                            </ul>
                          </td>
-                          <td><a href="/panel/edit_user?id={{user.user_id}}"><i class="fas fa-pencil-alt"></i></a></td>
+                          <td><a class="edit_user" data-name="{{user.username}}" data-id="{{user.user_id}}"><i class="fa-solid fa-user"></i></a>&nbsp;&nbsp;<a class="edit_password" data-id="{{user.user_id}}"><i class="fa-solid fa-lock"></i></a>&nbsp;&nbsp;<a href="/panel/edit_user?id={{user.user_id}}"><i class="fas fa-pencil-alt"></i></a></td>
                        </tr>
                        {% end %}
                      </tbody>
--- a/app/frontend/templates/panel/panel_edit_user.html
+++ b/app/frontend/templates/panel/panel_edit_user.html
@ -409,10 +409,31 @@ data['lang']) }}{% end %}
          return;
        }
      const token = getCookie("_xsrf")
+
+      let userRes = await fetch(`/api/v2/users/@me`, {
+        method: "GET",
+        headers: {
+          'X-XSRFToken': token
+        },
+      });
+      let userData = await userRes.json();
+      let superuser = null;
+      if (userData.status === "ok") {
+        superuser = userData.data["superuser"];
+        edit_id = userData.data["user_id"];
+      } else {
+        bootbox.alert({
+          title: userData.error,
+          message: userData.error
+        });
+      }
+
      let userForm = document.getElementById("user_form");

      let disabled_flag = false;
-      let roles = $('.role_check').map(function() {
+      let roles = null;
+      if (superuser || userId != edit_id){
+        roles = $('.role_check').map(function() {
        if ($(this).attr("disabled")){
          disabled_flag = true;
        }
@ -420,7 +441,6 @@ data['lang']) }}{% end %}
          return $(this).val();
        }
      }).get();
-
      let avail_permissions = $('.perm-name').map(function() {
          return $(this).data("perm");
      }).get();
@ -429,22 +449,24 @@ data['lang']) }}{% end %}
      for(i=0; i < avail_permissions.length; i++){
        permissions.push({"name": avail_permissions[i], "quantity": $(`#quantity_${avail_permissions[i]}`).val(), "enabled": $(`#permission_${avail_permissions[i]}`).is(':checked')})
      }
-      console.log(permissions);
+      }

      let formData = new FormData(userForm);
      //Create an object from the form data entries
      let formDataObject = Object.fromEntries(formData.entries());
+      if (superuser || userId != edit_id){
      if (!disabled_flag){
        formDataObject.roles = roles;
      }
      if ($("#permissions").length){
        formDataObject.permissions = permissions;
      }
-      if (userId === null){
+      if(userId){
        if(typeof password === "string"){
        formDataObject.password = password;
      }
      }
+    }
      formDataObject.enabled = $("#enabled").is(":checked");
      if ($("#superuser").is(":enabled")){
        formDataObject.superuser = $("#superuser").is(":checked");