-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the ability to add and remove users from the webui #307
base: master
Are you sure you want to change the base?
Changes from all commits
1dfcae0
e50a4db
eba6741
19a372a
0675d4a
ac304d2
bc3164a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,8 +21,8 @@ defmodule TeiserverWeb.Admin.UserController do | |
user: {Teiserver.Account.AuthLib, :current_user} | ||
) | ||
|
||
plug(:add_breadcrumb, name: 'Admin', url: '/teiserver/admin') | ||
plug(:add_breadcrumb, name: 'Users', url: '/teiserver/admin/user') | ||
plug(:add_breadcrumb, name: "Admin", url: "/teiserver/admin") | ||
plug(:add_breadcrumb, name: "Users", url: "/teiserver/admin/user") | ||
|
||
@spec index(Plug.Conn.t(), map) :: Plug.Conn.t() | ||
def index(conn, params) do | ||
|
@@ -210,6 +210,57 @@ defmodule TeiserverWeb.Admin.UserController do | |
|> render("new.html") | ||
end | ||
|
||
@spec create_form(Plug.Conn.t(), map) :: Plug.Conn.t() | ||
def create_form(conn, _) do | ||
if allow?(conn, "Server") do | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ... but "Server" here. I recommend using "Server" in both. |
||
conn | ||
|> render("create_form.html") | ||
else | ||
conn | ||
|> put_flash(:info, "No permission") | ||
|> redirect(to: ~p"/teiserver/admin/user") | ||
end | ||
end | ||
|
||
@spec create_post(Plug.Conn.t(), map) :: Plug.Conn.t() | ||
def create_post(conn, params \\ %{}) do | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You should add a guard to these functions first, that checks the user has indeed the correct permissions to perform that. Currently, the only check is done in the template rendering, but that is trivially bypassable. def create_post(conn, _) when not Teiserver.Account.Authlib.allow?(conn, "Server") do
# flash + redirect elsewhere
end
def create_post(conn, params \\ %{}) do
# your function
end There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This idea did not compile. I used the other approach mentioned further down. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah yes indeed, because the guards must be macros since they generate special bytecode for dispatch. |
||
if is_nil(params["name"]) or String.trim(params["name"]) == "" do | ||
conn | ||
|> put_flash(:danger, "Invalid user name") | ||
|> redirect(to: ~p"/teiserver/admin/user") | ||
else | ||
if allow?(conn, "Server") do | ||
do_create_post(conn, params) | ||
else | ||
conn | ||
|> put_flash(:danger, "No access.") | ||
|> redirect(to: ~p"/teiserver/admin/user") | ||
end | ||
end | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This if is_nil(params["name"]) do
...
else
do_create_post(conn, params)
end
defp do_create_post(conn, params) do
# do the actual logic here.
end There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks for the hint. I now implemented it that way. |
||
end | ||
|
||
@spec do_create_post(Plug.Conn.t(), map) :: Plug.Conn.t() | ||
defp do_create_post(conn, params) do | ||
password = Map.get(params, "password", "password") | ||
email = Map.get(params, "email", UUID.uuid1()) | ||
|
||
case Teiserver.CacheUser.register_user(params["name"], email, password) do | ||
:success -> | ||
conn | ||
|> put_flash(:info, "User created successfully.") | ||
|> redirect(to: ~p"/teiserver/admin/user") | ||
|
||
{:failure, str} -> | ||
conn | ||
|> put_flash(:error, "Problem creating user: " <> str) | ||
|> redirect(to: ~p"/teiserver/admin/user") | ||
|
||
_ -> | ||
conn | ||
|> redirect(to: ~p"/teiserver/admin/user") | ||
end | ||
end | ||
|
||
@spec create(Plug.Conn.t(), map) :: Plug.Conn.t() | ||
def create(conn, %{"user" => user_params}) do | ||
user_params = | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
<% bsname = view_colour() %> | ||
|
||
<%= render( | ||
TeiserverWeb.Admin.GeneralView, | ||
"sub_menu.html", | ||
Map.merge(assigns, %{active: "users"}) | ||
) %> | ||
|
||
<div class="row section-menu"> | ||
<div class="col-md-12"> | ||
<div class={"card border-#{bsname}"}> | ||
<div class="card-body"> | ||
<%= render( | ||
TeiserverWeb.Admin.UserView, | ||
"section_menu.html", | ||
Map.merge(assigns, %{ | ||
quick_search: "", | ||
show_search: false, | ||
active: "add_user" | ||
}) | ||
) %> | ||
|
||
<hr /> | ||
|
||
<div class="row mt-4"> | ||
<div class="col-sm-12 col-md-8 offset-md-2 col-lg-6 offset-lg-3 col-xl-4 offset-xl-4"> | ||
<h4>Create with default values:</h4> | ||
<h5>(random name; random email; password = "password")</h5> | ||
<form method="post" action={Routes.ts_admin_user_path(@conn, :create_post)} class=""> | ||
<% random_name = "User#{:rand.uniform(899_999_999) + 100_000_000}" %> | ||
<input type="hidden" name="_csrf_token" value={get_csrf_token()} /> | ||
<input type="hidden" name="_method" value="POST" /> | ||
<input type="hidden" name="name" value={random_name} /> | ||
|
||
<button type="submit" class={"btn btn-#{bsname}2 btn-block"}> | ||
Create: <%= random_name %> | ||
</button> | ||
</form> | ||
|
||
<br /> | ||
<hr /> | ||
<br /> | ||
|
||
<h4>Create with chosen values:</h4> | ||
<form method="post" action={Routes.ts_admin_user_path(@conn, :create_post)} class=""> | ||
<input type="hidden" name="_csrf_token" value={get_csrf_token()} /> | ||
<input type="hidden" name="_method" value="POST" /> | ||
|
||
<div class="row mt-2"> | ||
<label for="name" class="col-sm-2 control-label">User name:</label> | ||
<div class="col-sm-10"> | ||
<input | ||
type="text" | ||
name="name" | ||
id="name" | ||
value="" | ||
class="form-control" | ||
autofocus="autofocus" | ||
/> | ||
</div> | ||
</div> | ||
<div class="row mt-2"> | ||
<label for="email" class="col-sm-2 control-label">Email:</label> | ||
<div class="col-sm-10"> | ||
<input | ||
type="text" | ||
name="email" | ||
id="email" | ||
value="" | ||
class="form-control" | ||
autofocus="autofocus" | ||
/> | ||
</div> | ||
</div> | ||
<div class="row mt-2"> | ||
<label for="password" class="col-sm-2 control-label">Password:</label> | ||
<div class="col-sm-10"> | ||
<input | ||
type="password" | ||
name="password" | ||
id="password" | ||
value="" | ||
class="form-control" | ||
autofocus="autofocus" | ||
/> | ||
</div> | ||
</div> | ||
|
||
<div class="row mt-4"> | ||
<div class="col-md-6"> | ||
<a href={~p"/teiserver/admin/user/"} class="btn btn-secondary btn-block"> | ||
Cancel | ||
</a> | ||
</div> | ||
<div class="col-md-6"> | ||
<button type="submit" class={"btn btn-#{bsname} btn-block"}> | ||
Create | ||
</button> | ||
</div> | ||
</div> | ||
</form> | ||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
</div> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,6 +40,17 @@ | |
) %> | ||
<% end %> | ||
|
||
<%= if allow?(@current_user, "admin") do %> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You check for "admin" here... |
||
<%= central_component("section_menu_button", | ||
name: "add_user", | ||
label: "Add user", | ||
active: @active, | ||
icon: "fa-regular fa-plus", | ||
bsname: bsname, | ||
url: ~p"/teiserver/admin/users/create_form" | ||
) %> | ||
<% end %> | ||
|
||
<%= if @active == "show" do %> | ||
<%= central_component("section_menu_button", | ||
name: "show", | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should ensure your setup is correct first. There are some guide in the repo, and you might be interested in postgres setup
I have the telemetry tables locally and I didn't recall doing anything fancy to get them.
The main problem with swapping
query!/3
forquery/3
is that it doesn't raise an error and returns the exception as a value, but that doesn't fix the underlying problem.If anything, one thing to fix here would be to wrap all the deletes inside a transaction, but that's irrelevant for your changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did recreate my setup with the guide once again to make sure I did not miss anything.
However, the some columns still do not exist.
I observed that all
telemetry_\*_event_types
only have["id", "name"]
.That makes sense, considering they only define the event types, not when events happen to users.
The
telemetry_\*_events
contain theuser_id
, therefore I think this was originally meant.I also changed some queries, because the columns are named differently.
I don't have any problem using
query!
nowTo look at the columns I used something like this: