alberanid/ibt2
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fixes #31: ability to delete users (for admins)

Browse source
This commit is contained in:
Davide Alberani 2017-02-12 21:45:42 +01:00
parent 2f6a97e215
commit d8e6a8cd5b
3 changed files with 19 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ibt2.py
View file

@ -479,7 +479,14 @@ class UsersHandler(BaseHandler):
if id_ is None: if id_ is None:
return self.build_error(status=404, message='unable to access the resource') return self.build_error(status=404, message='unable to access the resource')
if not self.has_permission(id_): if not self.has_permission(id_):
return return self.build_error(status=401, message='insufficient permissions: must be admin')
if id_ == self.current_user:
return self.build_error(status=401, message='unable to delete the current user; ask an admin')
doc = self.db.getOne(self.collection, {'_id': id_})
if not doc:
return self.build_error(status=404, message='unable to access the resource')
if doc.get('username') == 'admin':
return self.build_error(status=401, message='unable to delete the admin user')
howMany = self.db.delete(self.collection, id_) howMany = self.db.delete(self.collection, id_)
if id_ in self._users_cache: if id_ in self._users_cache:
del self._users_cache[id_] del self._users_cache[id_]

4
monco.py
View file

@ -296,8 +296,8 @@ class Monco(object):
:param force: force the deletion of all documents, when `_id_or_query` is empty :param force: force the deletion of all documents, when `_id_or_query` is empty
:type force: bool :type force: bool
:returns: how many documents were removed :returns: dictionary with the number or removed documents
:rtype: int :rtype: dict
""" """
if not _id_or_query and not force: if not _id_or_query and not force:
return return

11
src/Users.vue
View file

@ -10,6 +10,7 @@
<md-table-row> <md-table-row>
<md-table-head>Username</md-table-head> <md-table-head>Username</md-table-head>
<md-table-head>Email</md-table-head> <md-table-head>Email</md-table-head>
<md-table-head v-if="loggedInUser.isAdmin">Delete</md-table-head>
</md-table-row> </md-table-row>
</md-table-header> </md-table-header>
<md-table-body> <md-table-body>
@ -22,6 +23,11 @@
<md-table-cell> <md-table-cell>
{{user.email}} {{user.email}}
</md-table-cell> </md-table-cell>
<md-table-cell v-if="loggedInUser.isAdmin">
<md-button class="md-icon-button" @click="deleteUser(user._id)">
<md-icon>delete</md-icon>
</md-button>
</md-table-cell>
</md-table-row> </md-table-row>
</md-table-body> </md-table-body>
</md-table> </md-table>
@ -71,11 +77,12 @@ export default {
}, },
deleteUser(userId) { deleteUser(userId) {
this.usersUrl.update({id: userId}).then((response) => { this.usersUrl.delete({id: userId}).then((response) => {
return response.json(); return response.json();
}, (response) => { }, (response) => {
this.$refs.dialogObj.show({text: 'unable to delete the user'}); this.$refs.dialogObj.show({text: 'unable to delete the user: ' + response.body.message});
}).then((data) => { }).then((data) => {
this.getUsers();
}); });
} }
}, },