luke-else/WMGZON
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#10 Cleaned up user alteration code. Stopped user being able to add arbitrary roles. Stopped logged in user from changing when updaing a given user account.

Browse Source
This commit is contained in:
Luke Else
2024-02-14 22:13:34 +00:00
parent 3b8be99e15
commit bbb4ed50fc
4 changed files with 38 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
templates/user.html
View File

@ -2,26 +2,26 @@
<div id="form-wrapper">
<h2>Update User</h2>
{% if user != None %}
<form class="input-form" action="{{ url_for('main.users.update', id=user.id) }}" method="POST">
{% if updating_user != None %}
<form class="input-form" action="{{ url_for('main.users.update', id=updating_user.id) }}" method="POST">
<div class="form-row">
<input type="text" id="firstname" name="firstname" placeholder="First Name" value="{{user.firstName}}" required>
<input type="text" id="lastname" name="lastname" placeholder="Last Name" value="{{user.lastName}}" required>
<input type="text" id="firstname" name="firstname" placeholder="First Name" value="{{updating_user.firstName}}" required>
<input type="text" id="lastname" name="lastname" placeholder="Last Name" value="{{updating_user.lastName}}" required>
</div>
<div class="form-row">
<input type="text" id="username" name="username" placeholder="Username" value="{{user.username}}" required>
<input type="email" id="email" name="email" placeholder="Email Address" value="{{user.email}}" required>
<input type="text" id="username" name="username" placeholder="Username" value="{{updating_user.username}}" required>
<input type="email" id="email" name="email" placeholder="Email Address" value="{{updating_user.email}}" required>
</div>
<div class="form-row">
<input type="tel" id="phone" name="phone" placeholder="Telephone Number" value="{{user.phone}}" required>
<input type="tel" id="phone" name="phone" placeholder="Telephone Number" value="{{updating_user.phone}}" required>
</div>
<div class="form-row">
<select name="role" id="role">
{% for role in roles %}
{% if role == user.role %}
{% if role == updating_user.role %}
<option value="{{role}}" selected>{{role}}</option>
{% else %}
<option value="{{role}}">{{role}}</option>