Skip to content

Commit

Permalink
Safer way to changing user roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@DogukanUrker
DogukanUrker committed Jan 20, 2024
1 parent cc35721 commit 9555ce2
Show file tree
Hide file tree
Showing 6 changed files with 58 additions and 56 deletions.
2 changes: 0 additions & 2 deletions app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
from routes.verifyUser import verifyUserBlueprint
from routes.adminPanel import adminPanelBlueprint
from routes.createPost import createPostBlueprint
from routes.setUserRole import setUserRoleBlueprint
from routes.passwordReset import passwordResetBlueprint
from routes.changeUserName import changeUserNameBlueprint
from routes.changePassword import changePasswordBlueprint
Expand Down Expand Up @@ -180,7 +179,6 @@ def csrfError(e):
app.register_blueprint(adminPanelBlueprint)
app.register_blueprint(createPostBlueprint)
app.register_blueprint(verifyUserBlueprint)
app.register_blueprint(setUserRoleBlueprint)
app.register_blueprint(passwordResetBlueprint)
app.register_blueprint(changeUserNameBlueprint)
app.register_blueprint(changePasswordBlueprint)
Expand Down
28 changes: 28 additions & 0 deletions helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,3 +134,31 @@ def getProfilePicture(userName):
[(userName.lower())],
)
return cursor.fetchone()[0]


def changeUserRole(userName):
userName = userName.lower()
connection = sqlite3.connect(DB_USERS_ROOT)
cursor = connection.cursor()
cursor.execute(
"""select role from users where lower(userName) = ? """,
[(userName)],
)
role = cursor.fetchone()[0]
match role:
case "admin":
newRole = "user"
case "user":
newRole = "admin"
cursor.execute(
"""update users set role = ? where lower(userName) = ? """,
[(newRole), (userName)],
)
message(
"2",
f'ADMIN: "{session["userName"]}" CHANGED USER: "{userName}"s ROLE TO "{newRole}" ',
)
connection.commit()
match session["userName"].lower() == userName:
case True:
return redirect("/")
4 changes: 4 additions & 0 deletions routes/adminPanelUsers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
redirect,
Blueprint,
DB_USERS_ROOT,
changeUserRole,
render_template,
)
from delete import deleteUser
Expand All @@ -29,6 +30,9 @@ def adminPanelUsers():
match "userDeleteButton" in request.form:
case True:
deleteUser(request.form["userName"])
match "userRoleChangeButton" in request.form:
case True:
changeUserRole(request.form["userName"])
match role == "admin":
case True:
connection = sqlite3.connect(DB_USERS_ROOT)
Expand Down
32 changes: 0 additions & 32 deletions routes/setUserRole.py
View file

This file was deleted.

21 changes: 12 additions & 9 deletions templates/standardUI/adminPanelUsers.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,15 +40,18 @@ <h1 class="textCenter">Users</h1>
delete user
</button>
</form>
{% if user[5] == "admin" %}
<a href="/setuserrole/{{user[1].lower()}}/user" class="textPrimary"
>set user role to user</a
>
{% else %}
<a href="/setuserrole/{{user[1].lower()}}/admin" class="textPrimary"
>set user role to admin</a
>
{% endif %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
<input type="hidden" name="userName" value="{{user[1]}}" />
<button
type="submit"
name="userRoleChangeButton"
class="textPrimary deleteUserButton"
>
{% if user[5] == "admin" %} set user role to user {% else %} set user
role to admin {% endif %}
</button>
</form>
</section>
</div>
{% endfor %}
Expand Down
27 changes: 14 additions & 13 deletions templates/tailwindUI/adminPanelUsers.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,19 +59,20 @@ <h1 class="my-4 text-4xl font-medium select-none">Users</h1>
delete user
</button>
</form>
{% if user[5] == "admin" %}
<a
href="/setuserrole/{{user[1].lower()}}/user"
class="flex items-center hover:text-rose-500 duration-150 font-medium select-none"
><i class="ti ti-user-down mr-1 text-xl"></i> set user role to user</a
>
{% else %}
<a
href="/setuserrole/{{user[1].lower()}}/admin"
class="flex items-center hover:text-rose-500 duration-150 font-medium select-none"
><i class="ti ti-user-up mr-1 text-xl"></i>set user role to admin</a
>
{% endif %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
<input type="hidden" name="userName" value="{{user[1]}}" />
<button
type="submit"
name="userRoleChangeButton"
class="flex items-center hover:text-rose-500 duration-150 font-medium select-none"
>
{% if user[5] == "admin" %}
<i class="ti ti-user-down mr-1 text-xl"></i> set user role to user {%
else %} <i class="ti ti-user-up mr-1 text-xl"></i> set user role to
admin {% endif %}
</button>
</form>
</section>
</div>
{% endfor %}
Expand Down

0 comments on commit 9555ce2

Please sign in to comment.