120 lines
3.5 KiB
Go
120 lines
3.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
"threadr/models"
|
|
|
|
"github.com/gorilla/sessions"
|
|
)
|
|
|
|
func AdminHandler(app *App) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
session := r.Context().Value("session").(*sessions.Session)
|
|
userID, ok := session.Values["user_id"].(int)
|
|
if !ok {
|
|
http.Redirect(w, r, app.Config.ThreadrDir+"/login/", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
user, err := models.GetUserByID(app.DB, userID)
|
|
if err != nil {
|
|
log.Printf("Error fetching user in AdminHandler: %v", err)
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if user == nil || !models.HasGlobalPermission(user, models.PermManageUsers) {
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
cookie, _ := r.Cookie("threadr_cookie_banner")
|
|
|
|
if r.Method == http.MethodPost {
|
|
action := r.URL.Query().Get("action")
|
|
|
|
if action == "delete_user" {
|
|
targetIDStr := r.FormValue("user_id")
|
|
targetID, err := strconv.Atoi(targetIDStr)
|
|
if err != nil || targetID <= 0 {
|
|
http.Error(w, "Invalid user ID", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if targetID == userID {
|
|
http.Error(w, "Cannot delete your own account", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if err := models.DeleteUser(app.DB, targetID); err != nil {
|
|
log.Printf("Error deleting user %d: %v", targetID, err)
|
|
http.Error(w, "Failed to delete user", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
http.Redirect(w, r, app.Config.ThreadrDir+"/admin/?deleted=true", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
allowSignup := r.FormValue("allow_signup") == "on"
|
|
if err := models.SetAllowSignup(app.DB, allowSignup); err != nil {
|
|
log.Printf("Error updating site settings in AdminHandler: %v", err)
|
|
http.Error(w, "Failed to save settings", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, r, app.Config.ThreadrDir+"/admin/?saved=true", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
if r.Method != http.MethodGet {
|
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
settings, err := models.GetSiteSettings(app.DB)
|
|
if err != nil {
|
|
log.Printf("Error fetching site settings in AdminHandler: %v", err)
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
users, err := models.GetAllUsers(app.DB)
|
|
if err != nil {
|
|
log.Printf("Error fetching users in AdminHandler: %v", err)
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
data := struct {
|
|
PageData
|
|
AllowSignup bool
|
|
ShowSuccess bool
|
|
ShowDeleted bool
|
|
Users []models.User
|
|
CurrentUserID int
|
|
}{
|
|
PageData: PageData{
|
|
Title: "ThreadR - Admin",
|
|
Navbar: "admin",
|
|
LoggedIn: true,
|
|
IsAdmin: true,
|
|
AllowSignup: settings.AllowSignup,
|
|
ShowCookieBanner: cookie == nil || cookie.Value != "accepted",
|
|
BasePath: app.Config.ThreadrDir,
|
|
StaticPath: app.Config.ThreadrDir + "/static",
|
|
CurrentURL: r.URL.RequestURI(),
|
|
},
|
|
AllowSignup: settings.AllowSignup,
|
|
ShowSuccess: r.URL.Query().Get("saved") == "true",
|
|
ShowDeleted: r.URL.Query().Get("deleted") == "true",
|
|
Users: users,
|
|
CurrentUserID: userID,
|
|
}
|
|
|
|
if err := app.Tmpl.ExecuteTemplate(w, "admin", data); err != nil {
|
|
log.Printf("Error executing template in AdminHandler: %v", err)
|
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
}
|
|
}
|