#10 Cleaned up user alteration code. Stopped user being able to add arbitrary roles. Stopped logged in user from changing when updaing a given user account.

2024-02-14 22:13:34 +00:00
parent 3b8be99e15
commit bbb4ed50fc
4 changed files with 38 additions and 16 deletions
--- a/controllers/web/admin.py
+++ b/controllers/web/admin.py
@ -2,7 +2,7 @@
    in the web app
 """

-from flask import render_template, Blueprint, redirect, url_for, flash
+from flask import render_template, Blueprint, redirect, url_for, flash, request

 from controllers.database.user import UserController
 from controllers.database.product import ProductController
@ -34,7 +34,14 @@ def users():
    """ Endpoint responsible for managing a users permissions """
    # Get all users to create admin table on frontend
    db = UserController()
-    users = db.read_all()
+
+    search = request.args.get('search')
+
+    # Don't try submitting a None Type
+    if not search:
+        search = ""
+
+    users = db.read_all(search)

    return render_template("index.html", content="admin.html", users=users)

@ -44,9 +51,14 @@ def products():
    """ Endpoint responsible for managing products on the site """
    # Get all products to create admin table on frontend
    db = ProductController()
-    products = db.read_all()

-    print(len(products))
+    search = request.args.get('search')
+
+    # Don't try submitting a None Type
+    if not search:
+        search = ""
+
+    products = db.read_all("", search)

    return render_template(
        "index.html",
--- a/controllers/web/user.py
+++ b/controllers/web/user.py
@ -68,7 +68,7 @@ def display_update(id: int):
    db = UserController()
    user = db.read_id(id)

-    return render_template('index.html', content="user.html", user=user)
+    return render_template('index.html', content="user.html", updating_user=user)


@blueprint.post('/update/<int:id>')
@ -100,6 +100,14 @@ def update(id: int):
            "warning"
        )
        return redirect(url_for('main.users.display_update', id=id))
+    
+    # Invalid role submitted
+    if user.role not in ROLES:
+        flash(
+            f"Selected role, {user.role}, is not valid!",
+            "warning"
+        )
+        return redirect(url_for('main.users.display_update', id=id))

    db.update(user)