parent
373f567773
commit
8d75b75af7
GPG key ID:
F92E51B86E07177E
6 changed files with 57 additions and 20 deletions
|
|
@ -91,8 +91,25 @@ func handleAccountsIdPOST(db *database.DB) http.Handler {
|
|||
action := r.FormValue("action")
|
||||
switch action {
|
||||
case "delete":
|
||||
errorResponse(w, r, http.StatusNotImplemented, nil)
|
||||
return
|
||||
if !page.Account.Deleted {
|
||||
page.Account.MarkForDeletion()
|
||||
success, err := db.SaveAccount(page.Account)
|
||||
if err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to save account: %w", err))
|
||||
return
|
||||
}
|
||||
if !success {
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to save account: this cannot happen"))
|
||||
return
|
||||
}
|
||||
if err := db.DeleteSessions(page.Account); err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to delete sessions: %w", err))
|
||||
return
|
||||
}
|
||||
}
|
||||
case "edit":
|
||||
page.Username = r.FormValue("username")
|
||||
isAdmin := r.FormValue("is-admin")
|
||||
|
|
@ -119,8 +136,13 @@ func handleAccountsIdPOST(db *database.DB) http.Handler {
|
|||
return
|
||||
}
|
||||
case "reset-password":
|
||||
if page.Account.Deleted {
|
||||
errorResponse(w, r, http.StatusBadRequest,
|
||||
fmt.Errorf("You cannot reset the password for this account because it is marked for deletion."))
|
||||
return
|
||||
}
|
||||
if err := page.Account.ResetPassword(); err != nil {
|
||||
errorResponse(w, r, http.StatusNotImplemented,
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to reset password: %w", err))
|
||||
return
|
||||
}
|
||||
|
|
@ -137,7 +159,7 @@ func handleAccountsIdPOST(db *database.DB) http.Handler {
|
|||
}
|
||||
if err := db.DeleteSessions(page.Account); err != nil {
|
||||
errorResponse(w, r, http.StatusInternalServerError,
|
||||
fmt.Errorf("failed to save account: %w", err))
|
||||
fmt.Errorf("failed to delete sessions: %w", err))
|
||||
return
|
||||
}
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -21,10 +21,12 @@
|
|||
<strong>{{ .Account.LastLogin }}</strong>.
|
||||
{{ end }}
|
||||
</p>
|
||||
{{ if .Account.IsAdmin }}
|
||||
{{ if .Account.Deleted }}
|
||||
<p>This accounts is <strong>marked for deletion</strong>!</p>
|
||||
{{ else if .Account.IsAdmin }}
|
||||
<p>This accounts has <strong>admin</strong> privileges on TfStated.</p>
|
||||
{{ end }}
|
||||
{{ if .Page.Session.Data.Account.IsAdmin }}
|
||||
{{ if and (not .Account.Deleted) .Page.Session.Data.Account.IsAdmin }}
|
||||
<h2>Operations</h2>
|
||||
<div class="flex-row">
|
||||
<form action="/accounts/{{ .Account.Id }}" method="post">
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ func handleLoginPOST(db *database.DB) http.Handler {
|
|||
fmt.Errorf("failed to load account by username %s: %w", username, err))
|
||||
return
|
||||
}
|
||||
if account == nil || !account.CheckPassword(password) {
|
||||
if account == nil || account.Deleted || !account.CheckPassword(password) {
|
||||
renderForbidden(w, r, username)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue