Browse Source

Improve user permissions.

master
Syfaro 1 year ago
parent
commit
07df4079d9
3 changed files with 132 additions and 48 deletions
  1. +118
    -46
      index.php
  2. +6
    -0
      templates/_main.html
  3. +8
    -2
      templates/admin/login.html

+ 118
- 46
index.php View File

@@ -166,17 +166,35 @@ $klein->respond(function ($request, $response, $service, $app) {
}
});

$app->register('twig', function () use ($app) {
$app->register('twig', function () use ($service, $app) {
$loader = new Twig_Loader_Filesystem(__DIR__ . '/templates');
$twig = new Twig_Environment($loader);

$twig->addGlobal('user', $app->user);
$twig->addGlobal('flashes', $service->flashes());

$twig->addGlobal('session', $_SESSION);
$twig->addGlobal('server', $_SERVER);

return $twig;
});
});

function hasBeenInstalled()
{
try {
$user = User::find_one();
if (!$user) return false;
} catch (Exception $ex) {
return false;
}

return true;
}

$klein->respond('GET', '/', function ($request, $response, $service, $app) {
if (!hasBeenInstalled()) return $response->redirect('/admin/setup');

return $app->twig->render('index.html');
});

@@ -184,7 +202,9 @@ $klein->with('/admin', function () use ($klein) {
$klein->respond('GET', '', function ($request, $response, $service, $app) {
if (!$app->user) return $response->redirect('/admin/login');

$questions = Question::find_many();
$questions = Question::where('user_id', $app->user->id)
->order_by_asc('id')
->find_many();

return $app->twig->render('admin/index.html', [
'questions' => $questions,
@@ -192,25 +212,13 @@ $klein->with('/admin', function () use ($klein) {
});

$klein->respond('GET', '/setup', function ($request, $response, $service, $app) {
try {
$user = User::find_one();
if ($user) {
return $response->redirect('/admin');
}
} catch (Exception $ex) {
}
if (hasBeenInstalled()) return $response->redirect('/admin');

return $app->twig->render('admin/setup.html');
});

$klein->respond('POST', '/setup', function ($request, $response, $service, $app) {
try {
$user = User::find_one();
if ($user) {
return $response->redirect('/admin');
}
} catch (Exception $ex) {
}
if (hasBeenInstalled()) return $response->redirect('/admin');

$service->validateParam('username')->isLen(3, 24)->isChars('a-zA-Z0-9-');
$service->validateParam('password')->isLen(10, 128);
@@ -234,24 +242,30 @@ $klein->with('/admin', function () use ($klein) {
});

$klein->respond('GET', '/login', function ($request, $response, $service, $app) {
try {
$user = User::find_one();
if (!$user) {
return $response->redirect('/admin/setup');
}
} catch (Exception $ex) {
return $response->redirect('/admin/setup');
}
if (!hasBeenInstalled()) return $response->redirect('/admin/setup');

return $app->twig->render('admin/login.html');
});

$klein->respond('POST', '/login', function ($request, $response, $service, $app) {
$service->validateParam('username')->notNull();

$user = User::where('username', $request->username)->find_one();
if (!$user) return $response->redirect('/admin/login');
if (!$user->verify_password($request->password)) return $response->redirect('/admin/login');

$_SESSION['username'] = $request->username;

if (!$user) {
$service->flash('Unknown username', 'error');
return $response->redirect('/admin/login');
}

if (!$user->verify_password($request->password)) {
$service->flash('Invalid password', 'error');
return $response->redirect('/admin/login');
}

$_SESSION['USER_ID'] = $user->id;
unset($_SESSION['username']);

return $response->redirect('/admin');
});
@@ -262,11 +276,24 @@ $klein->with('/admin', function () use ($klein) {
});

$klein->with('/question', function () use ($klein) {
$klein->respond(function ($request, $response, $service, $app) {
if (!$app->user) {
$response->redirect('/admin/login');
throw new \Klein\Exceptions\DispatchHaltedException();
}
});

$klein->with('/[i:id]', function () use ($klein) {
$klein->respond('GET', '', function ($request, $response, $service, $app) {
if (!$app->user) return $response->redirect('/admin/login');
$question = Question::where([
'id' => $request->id,
'user_id' => $app->user->id,
])->find_one();

$question = Question::find_one($request->id);
if (!$question) {
$response->redirect('/admin');
throw new \Klein\Exceptions\DispatchHaltedException();
}

return $app->twig->render('admin/question/view.html', [
'question' => $question,
@@ -274,9 +301,14 @@ $klein->with('/admin', function () use ($klein) {
});

$klein->respond('POST', '', function ($request, $response, $service, $app) {
if (!$app->user) return $response->redirect('/admin/login');
$question = Question::where([
'id' => $request->id,
'user_id' => $app->user->id,
])->find_one();

$question = Question::find_one($request->id);
if (!$question) {
return $response->redirect('/admin');
}

$question->title = $request->title;
$question->description = $request->description;
@@ -287,11 +319,14 @@ $klein->with('/admin', function () use ($klein) {
});

$klein->respond('POST', '/delete', function ($request, $response, $service, $app) {
if (!$app->user) return $response->redirect('/admin/login');
$question = Question::where([
'id' => $request->id,
'user_id' => $app->user->id,
])->find_one();

$question = Question::find_one($request->id);

if (!$question) return $response->redirect('/admin');
if (!$question) {
return $response->redirect('/admin');
}

$choices = $question->choices();
if ($choices) {
@@ -313,18 +348,40 @@ $klein->with('/admin', function () use ($klein) {
$klein->respond('POST', '/add', function ($request, $response, $service, $app) {
$choice = Choice::create();

$choice->question_id = $request->id;
$question = Question::where([
'id' => $request->id,
'user_id' => $app->user->id,
])->find_one();

if (!$question) {
return $response->redirect('/admin');
}

$choice->question_id = $question->id;
$choice->value = $request->value;

$choice->save();

return $response->redirect('/admin/question/' . $request->id);
return $response->redirect('/admin/question/' . $question->id);
});

$klein->with('/[i:cid]', function () use ($klein) {
$klein->respond('GET', '', function ($request, $response, $service, $app) {
$choice = Choice::find_one($request->cid);

if (!$choice) {
return $response->redirect('/admin');
}

$question = Question::where([
'id' => $choice->question()->find_one()->id,
'user_id' => $app->user->id,
])->find_one();

if (!$question) {
return $response->redirect('/admin');
}

return $app->twig->render('admin/question/choice/view.html', [
'choice' => $choice,
]);
@@ -333,13 +390,26 @@ $klein->with('/admin', function () use ($klein) {
$klein->respond('POST', '/delete', function ($request, $response, $service, $app) {
$choice = Choice::find_one($request->cid);

if (!$choice) {
return $response->redirect('/admin');
}

$question = Question::where([
'id' => $choice->question()->find_one()->id,
'user_id' => $app->user->id,
])->find_one();

if (!$question) {
return $response->redirect('/admin');
}

foreach (ChoiceResponse::where('choice_id', $choice->id)->find_many() as $resp) {
$resp->delete();
}

$choice->delete();

return $response->redirect('/admin/question/' . $request->id);
return $response->redirect('/admin/question/' . $question->id);
});
});
});
@@ -347,10 +417,10 @@ $klein->with('/admin', function () use ($klein) {
$klein->with('/response', function () use ($klein) {
$klein->with('/[i:rid]', function () use ($klein) {
$klein->respond('GET', '', function ($request, $response, $service, $app) {
if (!$app->user) return $response->redirect('/admin/login');

$question = Question::find_one($request->id);
if (!$question || $question->user_id != $app->user->id) return $response->redirect('/admin');
$resp = $question->response($request->rid);
if (!$resp) return $response->redirect('/admin');

return $app->twig->render('admin/question/response/view.html', [
'question' => $question,
@@ -360,6 +430,7 @@ $klein->with('/admin', function () use ($klein) {

$klein->respond('POST', '/delete', function ($request, $response, $service, $app) {
$question = Question::find_one($request->id);
if (!$question || $question->user_id != $app->user->id) return $response->redirect('/admin');
$resp = $question->response($request->rid)->find_one();
$resp->delete();

@@ -370,9 +441,12 @@ $klein->with('/admin', function () use ($klein) {
$klein->respond('POST', '/add', function ($request, $response, $service, $app) {
$service->validateParam('value')->notNull();

if (!$app->user) return $response->redirect('/admin/login');
$question = Question::where([
'id' => $request->id,
'user_id' => $app->user->id,
])->find_one();

$question = Question::find_one($request->id);
if (!$question || $question->user_id != $app->user->id) return $response->redirect('/admin');

switch ($question->type) {
case 'freeform':
@@ -404,8 +478,6 @@ $klein->with('/admin', function () use ($klein) {
});

$klein->respond('POST', '/add', function ($request, $response, $service, $app) {
if (!$app->user) return $response->redirect('/admin/login');

$question = Question::create();

$question->user_id = $app->user->id;
@@ -434,7 +506,7 @@ $klein->with('/api/v1', function () use ($klein) {
$data = $question->as_array();

if ($question->type == 'single') {
$data['choices'] = $question->choices()->find_array();
$data['choices'] = $question->choices()->order_by_asc('id')->find_array();
}

return $response->json($data);
@@ -457,10 +529,10 @@ $klein->with('/api/v1', function () use ($klein) {
case 'freeform':
case 'numeric':
return $response->json([
'responses' => $question->responses()->find_array(),
'responses' => $question->responses()->order_by_asc('id')->find_array(),
]);
case 'single':
$items = $question->responses()->find_many();
$items = $question->responses()->order_by_asc('id')->find_many();
$responses = [];
foreach ($items as $item) {
$data = $item->as_array();


+ 6
- 0
templates/_main.html View File

@@ -37,6 +37,12 @@
<a href="https://git.huefox.com/syfaro/peppershrike">open source</a> &middot; made by <a
href="https://syfaro.net">syfaro</a>
</p>

{% if user %}
<p>
<a href="/admin/logout">log out</a>
</p>
{% endif %}
</div>
</div>
</footer>


+ 8
- 2
templates/admin/login.html View File

@@ -6,18 +6,24 @@

<div class="columns is-centered">
<div class="column is-half">
{% for flash in flashes['error'] %}
<div class="notification is-danger">
{{ flash }}
</div>
{% endfor %}

<form method="POST">
<div class="field">
<label class="label">Username</label>
<div class="control">
<input class="input" type="text" placeholder="Username" name="username">
<input class="input" type="text" placeholder="Username" name="username" {% if session.username %}value="{{ session.username }}"{% endif %}>
</div>
</div>

<div class="field">
<label class="label">Password</label>
<div class="control">
<input type="password" class="input" placeholder="Password" name="password">
<input type="password" class="input" placeholder="Password" name="password" {% if session.username %}autofocus{% endif %}>
</div>
</div>



Loading…
Cancel
Save