#10 Cleaned up user alteration code. Stopped user being able to add arbitrary roles. Stopped logged in user from changing when updaing a given user account.

2024-02-14 22:13:34 +00:00
parent 3b8be99e15
commit bbb4ed50fc
4 changed files with 38 additions and 16 deletions
--- a/controllers/database/user.py
+++ b/controllers/database/user.py
@ -63,9 +63,11 @@ class UserController(DatabaseController):

        return self.convert_type(self.get_one(query, params))

-    def read_all(self) -> list[User] | None:
-        params = []
-        query = """ SELECT * FROM Users """
+    def read_all(self, username: str = "") -> list[User] | None:
+        params = [
+            "%" + username + "%"
+        ]
+        query = """ SELECT * FROM Users WHERE Username like ? """

        return self.get_many(query, params)