#10 Cleaned up user alteration code. Stopped user being able to add arbitrary roles. Stopped logged in user from changing when updaing a given user account.
This commit is contained in:
parent
3b8be99e15
commit
bbb4ed50fc
@ -63,9 +63,11 @@ class UserController(DatabaseController):
|
|||||||
|
|
||||||
return self.convert_type(self.get_one(query, params))
|
return self.convert_type(self.get_one(query, params))
|
||||||
|
|
||||||
def read_all(self) -> list[User] | None:
|
def read_all(self, username: str = "") -> list[User] | None:
|
||||||
params = []
|
params = [
|
||||||
query = """ SELECT * FROM Users """
|
"%" + username + "%"
|
||||||
|
]
|
||||||
|
query = """ SELECT * FROM Users WHERE Username like ? """
|
||||||
|
|
||||||
return self.get_many(query, params)
|
return self.get_many(query, params)
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
in the web app
|
in the web app
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from flask import render_template, Blueprint, redirect, url_for, flash
|
from flask import render_template, Blueprint, redirect, url_for, flash, request
|
||||||
|
|
||||||
from controllers.database.user import UserController
|
from controllers.database.user import UserController
|
||||||
from controllers.database.product import ProductController
|
from controllers.database.product import ProductController
|
||||||
@ -34,7 +34,14 @@ def users():
|
|||||||
""" Endpoint responsible for managing a users permissions """
|
""" Endpoint responsible for managing a users permissions """
|
||||||
# Get all users to create admin table on frontend
|
# Get all users to create admin table on frontend
|
||||||
db = UserController()
|
db = UserController()
|
||||||
users = db.read_all()
|
|
||||||
|
search = request.args.get('search')
|
||||||
|
|
||||||
|
# Don't try submitting a None Type
|
||||||
|
if not search:
|
||||||
|
search = ""
|
||||||
|
|
||||||
|
users = db.read_all(search)
|
||||||
|
|
||||||
return render_template("index.html", content="admin.html", users=users)
|
return render_template("index.html", content="admin.html", users=users)
|
||||||
|
|
||||||
@ -44,9 +51,14 @@ def products():
|
|||||||
""" Endpoint responsible for managing products on the site """
|
""" Endpoint responsible for managing products on the site """
|
||||||
# Get all products to create admin table on frontend
|
# Get all products to create admin table on frontend
|
||||||
db = ProductController()
|
db = ProductController()
|
||||||
products = db.read_all()
|
|
||||||
|
|
||||||
print(len(products))
|
search = request.args.get('search')
|
||||||
|
|
||||||
|
# Don't try submitting a None Type
|
||||||
|
if not search:
|
||||||
|
search = ""
|
||||||
|
|
||||||
|
products = db.read_all("", search)
|
||||||
|
|
||||||
return render_template(
|
return render_template(
|
||||||
"index.html",
|
"index.html",
|
||||||
|
@ -68,7 +68,7 @@ def display_update(id: int):
|
|||||||
db = UserController()
|
db = UserController()
|
||||||
user = db.read_id(id)
|
user = db.read_id(id)
|
||||||
|
|
||||||
return render_template('index.html', content="user.html", user=user)
|
return render_template('index.html', content="user.html", updating_user=user)
|
||||||
|
|
||||||
|
|
||||||
@blueprint.post('/update/<int:id>')
|
@blueprint.post('/update/<int:id>')
|
||||||
@ -101,6 +101,14 @@ def update(id: int):
|
|||||||
)
|
)
|
||||||
return redirect(url_for('main.users.display_update', id=id))
|
return redirect(url_for('main.users.display_update', id=id))
|
||||||
|
|
||||||
|
# Invalid role submitted
|
||||||
|
if user.role not in ROLES:
|
||||||
|
flash(
|
||||||
|
f"Selected role, {user.role}, is not valid!",
|
||||||
|
"warning"
|
||||||
|
)
|
||||||
|
return redirect(url_for('main.users.display_update', id=id))
|
||||||
|
|
||||||
db.update(user)
|
db.update(user)
|
||||||
|
|
||||||
return redirect(url_for('main.admin.users'))
|
return redirect(url_for('main.admin.users'))
|
||||||
|
@ -2,26 +2,26 @@
|
|||||||
|
|
||||||
<div id="form-wrapper">
|
<div id="form-wrapper">
|
||||||
<h2>Update User</h2>
|
<h2>Update User</h2>
|
||||||
{% if user != None %}
|
{% if updating_user != None %}
|
||||||
<form class="input-form" action="{{ url_for('main.users.update', id=user.id) }}" method="POST">
|
<form class="input-form" action="{{ url_for('main.users.update', id=updating_user.id) }}" method="POST">
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<input type="text" id="firstname" name="firstname" placeholder="First Name" value="{{user.firstName}}" required>
|
<input type="text" id="firstname" name="firstname" placeholder="First Name" value="{{updating_user.firstName}}" required>
|
||||||
<input type="text" id="lastname" name="lastname" placeholder="Last Name" value="{{user.lastName}}" required>
|
<input type="text" id="lastname" name="lastname" placeholder="Last Name" value="{{updating_user.lastName}}" required>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<input type="text" id="username" name="username" placeholder="Username" value="{{user.username}}" required>
|
<input type="text" id="username" name="username" placeholder="Username" value="{{updating_user.username}}" required>
|
||||||
<input type="email" id="email" name="email" placeholder="Email Address" value="{{user.email}}" required>
|
<input type="email" id="email" name="email" placeholder="Email Address" value="{{updating_user.email}}" required>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<input type="tel" id="phone" name="phone" placeholder="Telephone Number" value="{{user.phone}}" required>
|
<input type="tel" id="phone" name="phone" placeholder="Telephone Number" value="{{updating_user.phone}}" required>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-row">
|
<div class="form-row">
|
||||||
<select name="role" id="role">
|
<select name="role" id="role">
|
||||||
{% for role in roles %}
|
{% for role in roles %}
|
||||||
{% if role == user.role %}
|
{% if role == updating_user.role %}
|
||||||
<option value="{{role}}" selected>{{role}}</option>
|
<option value="{{role}}" selected>{{role}}</option>
|
||||||
{% else %}
|
{% else %}
|
||||||
<option value="{{role}}">{{role}}</option>
|
<option value="{{role}}">{{role}}</option>
|
||||||
|
Loading…
Reference in New Issue
Block a user