fixes #31: ability to delete users (for admins)
This commit is contained in:
parent
2f6a97e215
commit
d8e6a8cd5b
3 changed files with 19 additions and 5 deletions
9
ibt2.py
9
ibt2.py
|
@ -479,7 +479,14 @@ class UsersHandler(BaseHandler):
|
||||||
if id_ is None:
|
if id_ is None:
|
||||||
return self.build_error(status=404, message='unable to access the resource')
|
return self.build_error(status=404, message='unable to access the resource')
|
||||||
if not self.has_permission(id_):
|
if not self.has_permission(id_):
|
||||||
return
|
return self.build_error(status=401, message='insufficient permissions: must be admin')
|
||||||
|
if id_ == self.current_user:
|
||||||
|
return self.build_error(status=401, message='unable to delete the current user; ask an admin')
|
||||||
|
doc = self.db.getOne(self.collection, {'_id': id_})
|
||||||
|
if not doc:
|
||||||
|
return self.build_error(status=404, message='unable to access the resource')
|
||||||
|
if doc.get('username') == 'admin':
|
||||||
|
return self.build_error(status=401, message='unable to delete the admin user')
|
||||||
howMany = self.db.delete(self.collection, id_)
|
howMany = self.db.delete(self.collection, id_)
|
||||||
if id_ in self._users_cache:
|
if id_ in self._users_cache:
|
||||||
del self._users_cache[id_]
|
del self._users_cache[id_]
|
||||||
|
|
4
monco.py
4
monco.py
|
@ -296,8 +296,8 @@ class Monco(object):
|
||||||
:param force: force the deletion of all documents, when `_id_or_query` is empty
|
:param force: force the deletion of all documents, when `_id_or_query` is empty
|
||||||
:type force: bool
|
:type force: bool
|
||||||
|
|
||||||
:returns: how many documents were removed
|
:returns: dictionary with the number or removed documents
|
||||||
:rtype: int
|
:rtype: dict
|
||||||
"""
|
"""
|
||||||
if not _id_or_query and not force:
|
if not _id_or_query and not force:
|
||||||
return
|
return
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
<md-table-row>
|
<md-table-row>
|
||||||
<md-table-head>Username</md-table-head>
|
<md-table-head>Username</md-table-head>
|
||||||
<md-table-head>Email</md-table-head>
|
<md-table-head>Email</md-table-head>
|
||||||
|
<md-table-head v-if="loggedInUser.isAdmin">Delete</md-table-head>
|
||||||
</md-table-row>
|
</md-table-row>
|
||||||
</md-table-header>
|
</md-table-header>
|
||||||
<md-table-body>
|
<md-table-body>
|
||||||
|
@ -22,6 +23,11 @@
|
||||||
<md-table-cell>
|
<md-table-cell>
|
||||||
{{user.email}}
|
{{user.email}}
|
||||||
</md-table-cell>
|
</md-table-cell>
|
||||||
|
<md-table-cell v-if="loggedInUser.isAdmin">
|
||||||
|
<md-button class="md-icon-button" @click="deleteUser(user._id)">
|
||||||
|
<md-icon>delete</md-icon>
|
||||||
|
</md-button>
|
||||||
|
</md-table-cell>
|
||||||
</md-table-row>
|
</md-table-row>
|
||||||
</md-table-body>
|
</md-table-body>
|
||||||
</md-table>
|
</md-table>
|
||||||
|
@ -71,11 +77,12 @@ export default {
|
||||||
},
|
},
|
||||||
|
|
||||||
deleteUser(userId) {
|
deleteUser(userId) {
|
||||||
this.usersUrl.update({id: userId}).then((response) => {
|
this.usersUrl.delete({id: userId}).then((response) => {
|
||||||
return response.json();
|
return response.json();
|
||||||
}, (response) => {
|
}, (response) => {
|
||||||
this.$refs.dialogObj.show({text: 'unable to delete the user'});
|
this.$refs.dialogObj.show({text: 'unable to delete the user: ' + response.body.message});
|
||||||
}).then((data) => {
|
}).then((data) => {
|
||||||
|
this.getUsers();
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue