closes #721, admins can edit other users from their edit page

v1.18.x
Baris Soner Usakli 11 years ago
parent 1861273d45
commit bb59158bbc

@ -25,31 +25,35 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
}; };
socket.emit('user.updateProfile', userData, function(err, data) { socket.emit('user.updateProfile', userData, function(err, data) {
if (data.success) { if(err) {
app.alertSuccess('Your profile has been updated successfully!'); return app.alertError(err.message);
if (data.picture) { }
$('#user-current-picture').attr('src', data.picture);
$('#user_label img').attr('src', data.picture);
}
if (data.gravatarpicture) { if (!data || !data.success) {
$('#user-gravatar-picture').attr('src', data.gravatarpicture); return app.alertError('There was an error updating your profile! ' + err.message);
gravatarPicture = data.gravatarpicture; }
}
if(data.userslug) { app.alertSuccess('Your profile has been updated successfully!');
var oldslug = $('.account-username-box').attr('data-userslug'); if (data.picture) {
$('.account-username-box a').each(function(index) { $('#user-current-picture').attr('src', data.picture);
$(this).attr('href', $(this).attr('href').replace(oldslug, data.userslug)); $('#user_label img').attr('src', data.picture);
}); }
$('.account-username-box').attr('data-userslug', data.userslug); if (data.gravatarpicture) {
$('#user-gravatar-picture').attr('src', data.gravatarpicture);
gravatarPicture = data.gravatarpicture;
}
$('#user-profile-link').attr('href', config.relative_path + '/user/' + data.userslug); if(data.userslug) {
$('#user-profile-link span').html(' ' + userData.username); var oldslug = $('.account-username-box').attr('data-userslug');
} $('.account-username-box a').each(function(index) {
} else { $(this).attr('href', $(this).attr('href').replace(oldslug, data.userslug));
app.alertError('There was an error updating your profile! ' + err.message); });
$('.account-username-box').attr('data-userslug', data.userslug);
$('#user-profile-link').attr('href', config.relative_path + '/user/' + data.userslug);
$('#user-profile-link span').html(' ' + userData.username);
} }
}); });
return false; return false;

@ -45,6 +45,10 @@ define(function() {
settingsLink.hide(); settingsLink.hide();
favouritesLink.hide(); favouritesLink.hide();
} }
if(app.isAdmin) {
editLink.show();
}
} }
function selectActivePill() { function selectActivePill() {

@ -34,7 +34,7 @@
<i class='fa fa-pencil'></i> <i class='fa fa-pencil'></i>
<span id='postcount'>{users.postcount}</span> <span id='postcount'>{users.postcount}</span>
</div> </div>
<div> <div>
<a href="#" class="btn btn-default admin-btn">Make Admin</a> <a href="#" class="btn btn-default admin-btn">Make Admin</a>
</div> </div>
<div> <div>

@ -77,23 +77,41 @@ var fs = require('fs'),
createRoute('/:userslug/favourites', '/favourites', 'favourites'); createRoute('/:userslug/favourites', '/favourites', 'favourites');
createRoute('/:userslug/posts', '/posts', 'accountposts'); createRoute('/:userslug/posts', '/posts', 'accountposts');
app.get('/:userslug/edit', function (req, res) { app.get('/:userslug/edit', function (req, res, next) {
if (!req.user) { if (!req.user) {
return res.redirect('/403'); return res.redirect('/403');
} }
console.log('epic fail', req.user);
user.getUserField(req.user.uid, 'userslug', function (err, userslug) { user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
if (req.params.userslug && userslug === req.params.userslug) { function done() {
app.build_header({ app.build_header({
req: req, req: req,
res: res res: res
}, function (err, header) { }, function (err, header) {
res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']); res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']);
}); });
} else {
return res.redirect('/404');
} }
if(err || !userslug) {
return next(err);
}
if (userslug === req.params.userslug) {
return done();
}
user.isAdministrator(req.user.uid, function(err, isAdmin) {
if(err) {
return next(err);
}
if(!isAdmin) {
return res.redirect('/403');
}
done();
});
}); });
}); });
@ -221,10 +239,14 @@ var fs = require('fs'),
} }
app.get('/api/user/:userslug/following', function (req, res) { app.get('/api/user/:userslug/following', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if (userData) { if (userData) {
user.getFollowing(userData.uid, function (followingData) { user.getFollowing(userData.uid, function (followingData) {
userData.following = followingData; userData.following = followingData;
@ -240,10 +262,14 @@ var fs = require('fs'),
}); });
}); });
app.get('/api/user/:userslug/followers', function (req, res) { app.get('/api/user/:userslug/followers', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if (userData) { if (userData) {
user.getFollowers(userData.uid, function (followersData) { user.getFollowers(userData.uid, function (followersData) {
userData.followers = followersData; userData.followers = followersData;
@ -258,10 +284,19 @@ var fs = require('fs'),
}); });
}); });
app.get('/api/user/:userslug/edit', function (req, res) { app.get('/api/user/:userslug/edit', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { if(!parseInt(callerUID, 10)) {
return res.json(403, {
error: 'Not allowed!'
});
}
getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
res.json(userData); res.json(userData);
}); });
}); });
@ -393,7 +428,11 @@ var fs = require('fs'),
app.get('/api/user/:userslug', function (req, res, next) { app.get('/api/user/:userslug', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if(!userData) { if(!userData) {
return res.json(404, { return res.json(404, {
error: 'User not found!' error: 'User not found!'
@ -534,62 +573,74 @@ var fs = require('fs'),
} }
function getUserDataByUserSlug(userslug, callerUID, callback) { function getUserDataByUserSlug(userslug, callerUID, callback) {
user.getUidByUserslug(userslug, function (err, uid) { var userData;
async.waterfall([
function(next) {
user.getUidByUserslug(userslug, next);
},
function(uid, next) {
if (!uid) {
return next(new Error('invalid-user'));
}
if (uid === null) { user.getUserData(uid, next);
callback(null); },
return; function(data, next) {
userData = data;
if (!userData) {
return callback(new Error('invalid-user'));
}
user.isAdministrator(callerUID, next);
}
], function(err, isAdmin) {
if(err) {
return callback(err);
} }
user.getUserData(uid, function (err, data) { userData.joindate = utils.toISOString(userData.joindate);
if (data) { if(userData.lastonline) {
data.joindate = utils.toISOString(data.joindate); userData.lastonline = utils.toISOString(userData.lastonline);
if(data.lastonline) { } else {
data.lastonline = utils.toISOString(data.lastonline); userData.lastonline = userData.joindate;
} else { }
data.lastonline = data.joindate;
}
if (!data.birthday) { if (!userData.birthday) {
data.age = ''; userData.age = '';
} else { } else {
data.age = Math.floor((new Date().getTime() - new Date(data.birthday).getTime()) / 31536000000); userData.age = Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000);
} }
function canSeeEmail() { function canSeeEmail() {
return callerUID == uid || (data.email && (data.showemail && parseInt(data.showemail, 10) === 1)); return isAdmin || callerUID == userData.uid || (userData.email && (userData.showemail && parseInt(userData.showemail, 10) === 1));
} }
if (!canSeeEmail()) { if (!canSeeEmail()) {
data.email = ""; userData.email = "";
} }
if (callerUID == uid && (!data.showemail || parseInt(data.showemail, 10) === 0)) { if (callerUID == userData.uid && (!userData.showemail || parseInt(userData.showemail, 10) === 0)) {
data.emailClass = ""; userData.emailClass = "";
} else { } else {
data.emailClass = "hide"; userData.emailClass = "hide";
} }
data.websiteName = data.website.replace('http://', '').replace('https://', ''); userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
data.banned = parseInt(data.banned, 10) === 1; userData.banned = parseInt(userData.banned, 10) === 1;
data.uid = uid; userData.uid = userData.uid;
data.yourid = callerUID; userData.yourid = callerUID;
data.theirid = uid; userData.theirid = userData.uid;
data.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1; userData.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
user.getFollowingCount(uid, function (followingCount) { user.getFollowingCount(userData.uid, function (followingCount) {
user.getFollowerCount(uid, function (followerCount) { user.getFollowerCount(userData.uid, function (followerCount) {
data.followingCount = followingCount; userData.followingCount = followingCount;
data.followerCount = followerCount; userData.followerCount = followerCount;
callback(data); callback(null, userData);
}); });
});
} else {
callback(null);
}
}); });
}); });
} }

@ -84,14 +84,10 @@ Sockets.init = function(server) {
async.parallel({ async.parallel({
username: function(next) { username: function(next) {
user.getUserField(uid, 'username', function(err, username) { user.getUserField(uid, 'username', next);
next(err, username);
});
}, },
isAdmin: function(next) { isAdmin: function(next) {
user.isAdministrator(uid, function(err, isAdmin) { user.isAdministrator(uid, next);
next(err, isAdmin);
});
} }
}, function(err, userData) { }, function(err, userData) {
socket.emit('event:connect', { socket.emit('event:connect', {
@ -108,9 +104,13 @@ Sockets.init = function(server) {
}); });
} else { } else {
socket.broadcast.emit('user.anonConnect'); socket.broadcast.emit('user.anonConnect');
socket.emit('event:connect', {
status: 1,
username: 'Anonymous',
isAdmin: false,
uid: 0
});
} }
}); });
}); });

@ -80,9 +80,24 @@ SocketUser.changePassword = function(socket, data, callback) {
}; };
SocketUser.updateProfile = function(socket, data, callback) { SocketUser.updateProfile = function(socket, data, callback) {
if(data) { if(!data || !data.uid) {
user.updateProfile(socket.uid, data, callback); return callback(new Error('invalid-data'));
}
if(socket.uid === parseInt(data.uid, 10)) {
return user.updateProfile(socket.uid, data, callback);
} }
user.isAdministrator(socket.uid, function(err, isAdmin) {
if(err) {
return callback(err);
}
if(!isAdmin) {
return callback(new Error('not allowed!'))
}
user.updateProfile(data.uid, data, callback);
});
}; };
SocketUser.changePicture = function(socket, data, callback) { SocketUser.changePicture = function(socket, data, callback) {

@ -301,73 +301,73 @@ var bcrypt = require('bcryptjs'),
}); });
function updateField(field, next) { function updateField(field, next) {
if (data[field] !== undefined && typeof data[field] === 'string') { if (!(data[field] !== undefined && typeof data[field] === 'string')) {
data[field] = data[field].trim(); return next();
data[field] = sanitize(data[field]).escape(); }
if (field === 'email') {
User.getUserFields(uid, ['email', 'picture', 'uploadedpicture'], function(err, userData) {
if (err) {
return next(err);
}
if(userData.email === data.email) { data[field] = data[field].trim();
return next(); data[field] = sanitize(data[field]).escape();
}
var gravatarpicture = User.createGravatarURLFromEmail(data.email); if (field === 'email') {
User.setUserField(uid, 'gravatarpicture', gravatarpicture); User.getUserFields(uid, ['email', 'picture', 'uploadedpicture'], function(err, userData) {
if (err) {
return next(err);
}
db.deleteObjectField('email:uid', userData.email); if(userData.email === data.email) {
db.setObjectField('email:uid', data.email, uid); return next();
User.setUserField(uid, 'email', data.email); }
if (userData.picture !== userData.uploadedpicture) {
returnData.picture = gravatarpicture;
User.setUserField(uid, 'picture', gravatarpicture);
}
returnData.gravatarpicture = gravatarpicture;
events.logEmailChange(uid, userData.email, data.email); var gravatarpicture = User.createGravatarURLFromEmail(data.email);
next(); User.setUserField(uid, 'gravatarpicture', gravatarpicture);
});
return;
} else if (field === 'username') {
User.getUserFields(uid, ['username', 'userslug'], function(err, userData) { db.deleteObjectField('email:uid', userData.email);
var userslug = utils.slugify(data.username); db.setObjectField('email:uid', data.email, uid);
User.setUserField(uid, 'email', data.email);
if (userData.picture !== userData.uploadedpicture) {
returnData.picture = gravatarpicture;
User.setUserField(uid, 'picture', gravatarpicture);
}
returnData.gravatarpicture = gravatarpicture;
if(data.username !== userData.username) { events.logEmailChange(uid, userData.email, data.email);
User.setUserField(uid, 'username', data.username); next();
db.deleteObjectField('username:uid', userData.username); });
db.setObjectField('username:uid', data.username, uid); return;
events.logUsernameChange(uid, userData.username, data.username); } else if (field === 'username') {
}
if(userslug !== userData.userslug) { User.getUserFields(uid, ['username', 'userslug'], function(err, userData) {
User.setUserField(uid, 'userslug', userslug); var userslug = utils.slugify(data.username);
db.deleteObjectField('userslug:uid', userData.userslug);
db.setObjectField('userslug:uid', userslug, uid);
returnData.userslug = userslug;
}
next(); if(data.username !== userData.username) {
}); User.setUserField(uid, 'username', data.username);
db.deleteObjectField('username:uid', userData.username);
db.setObjectField('username:uid', data.username, uid);
events.logUsernameChange(uid, userData.username, data.username);
}
return; if(userslug !== userData.userslug) {
} else if (field === 'signature') { User.setUserField(uid, 'userslug', userslug);
data[field] = S(data[field]).stripTags().s; db.deleteObjectField('userslug:uid', userData.userslug);
} else if (field === 'website') { db.setObjectField('userslug:uid', userslug, uid);
if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') { returnData.userslug = userslug;
data[field] = 'http://' + data[field];
} }
}
User.setUserField(uid, field, data[field]); next();
});
next(); return;
} else { } else if (field === 'signature') {
next(); data[field] = S(data[field]).stripTags().s;
} else if (field === 'website') {
if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') {
data[field] = 'http://' + data[field];
}
} }
User.setUserField(uid, field, data[field]);
next();
} }
}; };

Loading…
Cancel
Save