2017-11-20 06:10:04 +01:00
|
|
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package controller
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"github.com/miniflux/miniflux2/model"
|
|
|
|
"github.com/miniflux/miniflux2/server/core"
|
|
|
|
"github.com/miniflux/miniflux2/server/ui/form"
|
|
|
|
"log"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (c *Controller) ShowUsers(ctx *core.Context, request *core.Request, response *core.Response) {
|
|
|
|
user := ctx.GetLoggedUser()
|
|
|
|
|
|
|
|
if !user.IsAdmin {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Forbidden()
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
args, err := c.getCommonTemplateArgs(ctx)
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
users, err := c.store.GetUsers()
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("users", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"users": users,
|
|
|
|
"menu": "settings",
|
|
|
|
}))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) CreateUser(ctx *core.Context, request *core.Request, response *core.Response) {
|
|
|
|
user := ctx.GetLoggedUser()
|
|
|
|
|
|
|
|
if !user.IsAdmin {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Forbidden()
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
args, err := c.getCommonTemplateArgs(ctx)
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("create_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"form": &form.UserForm{},
|
|
|
|
}))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) SaveUser(ctx *core.Context, request *core.Request, response *core.Response) {
|
|
|
|
user := ctx.GetLoggedUser()
|
|
|
|
|
|
|
|
if !user.IsAdmin {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Forbidden()
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
args, err := c.getCommonTemplateArgs(ctx)
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:14:45 +01:00
|
|
|
userForm := form.NewUserForm(request.Request())
|
2017-11-20 06:10:04 +01:00
|
|
|
if err := userForm.ValidateCreation(); err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("create_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"form": userForm,
|
|
|
|
"errorMessage": err.Error(),
|
|
|
|
}))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.store.UserExists(userForm.Username) {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("create_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"form": userForm,
|
|
|
|
"errorMessage": "This user already exists.",
|
|
|
|
}))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
newUser := userForm.ToUser()
|
|
|
|
if err := c.store.CreateUser(newUser); err != nil {
|
|
|
|
log.Println(err)
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("edit_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"form": userForm,
|
|
|
|
"errorMessage": "Unable to create this user.",
|
|
|
|
}))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
response.Redirect(ctx.GetRoute("users"))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) EditUser(ctx *core.Context, request *core.Request, response *core.Response) {
|
|
|
|
user := ctx.GetLoggedUser()
|
|
|
|
|
|
|
|
if !user.IsAdmin {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Forbidden()
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
args, err := c.getCommonTemplateArgs(ctx)
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
selectedUser, err := c.getUserFromURL(ctx, request, response)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("edit_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"selected_user": selectedUser,
|
|
|
|
"form": &form.UserForm{
|
|
|
|
Username: selectedUser.Username,
|
|
|
|
IsAdmin: selectedUser.IsAdmin,
|
|
|
|
},
|
|
|
|
}))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) UpdateUser(ctx *core.Context, request *core.Request, response *core.Response) {
|
|
|
|
user := ctx.GetLoggedUser()
|
|
|
|
|
|
|
|
if !user.IsAdmin {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Forbidden()
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
args, err := c.getCommonTemplateArgs(ctx)
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
selectedUser, err := c.getUserFromURL(ctx, request, response)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:14:45 +01:00
|
|
|
userForm := form.NewUserForm(request.Request())
|
2017-11-20 06:10:04 +01:00
|
|
|
if err := userForm.ValidateModification(); err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("edit_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"selected_user": selectedUser,
|
|
|
|
"form": userForm,
|
|
|
|
"errorMessage": err.Error(),
|
|
|
|
}))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.store.AnotherUserExists(selectedUser.ID, userForm.Username) {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("edit_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"selected_user": selectedUser,
|
|
|
|
"form": userForm,
|
|
|
|
"errorMessage": "This user already exists.",
|
|
|
|
}))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
userForm.Merge(selectedUser)
|
|
|
|
if err := c.store.UpdateUser(selectedUser); err != nil {
|
|
|
|
log.Println(err)
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Render("edit_user", args.Merge(tplParams{
|
2017-11-20 06:10:04 +01:00
|
|
|
"menu": "settings",
|
|
|
|
"selected_user": selectedUser,
|
|
|
|
"form": userForm,
|
|
|
|
"errorMessage": "Unable to update this user.",
|
|
|
|
}))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
response.Redirect(ctx.GetRoute("users"))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) RemoveUser(ctx *core.Context, request *core.Request, response *core.Response) {
|
|
|
|
user := ctx.GetLoggedUser()
|
|
|
|
if !user.IsAdmin {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().Forbidden()
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
selectedUser, err := c.getUserFromURL(ctx, request, response)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := c.store.RemoveUser(selectedUser.ID); err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
response.Redirect(ctx.GetRoute("users"))
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Controller) getUserFromURL(ctx *core.Context, request *core.Request, response *core.Response) (*model.User, error) {
|
2017-11-22 03:14:45 +01:00
|
|
|
userID, err := request.IntegerParam("userID")
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().BadRequest(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
user, err := c.store.GetUserById(userID)
|
|
|
|
if err != nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().ServerError(err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2017-11-22 03:30:16 +01:00
|
|
|
response.HTML().NotFound()
|
2017-11-20 06:10:04 +01:00
|
|
|
return nil, errors.New("User not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
return user, nil
|
|
|
|
}
|