change user permissions works

2019-10-17 20:58:20 -04:00 · 2019-10-17 20:58:20 -04:00 · 1c3124155c
commit 1c3124155c
parent 818c874352
3 changed files with 75 additions and 37 deletions
--- a/buckler.py
+++ b/buckler.py
@ -34,10 +34,11 @@ async def index(request):
 		forms_ = {
 			'invite_user': forms.invite_user,
 			'change_user_perms': forms.change_user_perms,
 			'new_app': forms.new_app,
 			'change_password': forms.change_password,
 			'delete_key': forms.delete_key,
 			'delele_session': forms.delete_session,
 			'new_app': forms.new_app,
 		}
 		if not forms_.get(form):
--- a/forms.py
+++ b/forms.py
@ -23,6 +23,56 @@ async def invite_user(request):
 	return {}
 async def change_user_perms(request):
 	"""Allows an admin to change user permissions."""
 	data = await request.post()
 	pluses = []
 	for key, value in data.items():
 		if key == 'form_name':
 			continue
 		username, _, app_name = key.partition('-')
 		pluses.append((username, app_name))
 	async with request.app['pool'].acquire() as conn:
 		apps = await conn.fetch(
 			"SELECT id, name FROM app_info")
 		users = {p[0] for p in pluses}
 		minuses = []
 		for user in users:
 			for app in apps:
 				minuses.append((user, app['name']))
 		minuses = [m for m in minuses if m not in pluses]
 		await conn.executemany(
 			"INSERT INTO app_user (user_id, app_id) "
 			"VALUES ((SELECT id FROM user_info WHERE username = $1), "
 			"(SELECT id FROM app_info WHERE name = $2)) "
 			"ON CONFLICT ON CONSTRAINT app_user_pkey DO NOTHING",
 			pluses)
 		await conn.executemany(
 			"DELETE FROM app_user "
 			"WHERE user_id = (SELECT id FROM user_info WHERE username = $1) "
 			"AND app_id = (SELECT id FROM app_info WHERE name = $2)",
 			minuses)
 	return {}
 async def new_app(request):
 	"""Allows an admin to add a new app to be managed by Buckler."""
 	data = await request.post()
 	app_name = data.get('app_name')
 	app_url = data.get('app_url')
 	app_key = data.get('app_key')
 	key_hash = argon2.hash(app_key)
 	async with request.app['pool'].acquire() as conn:
 		await conn.execute(
 			"INSERT INTO app_info (name, url, key_hash) "
 			"VALUES ($1, $2, $3)",
 			app_name, app_url, key_hash)
 	return {}
 async def change_password(request):
 	"""Allows a user to change their password."""
 	errors = {}
@ -88,18 +138,3 @@ async def delete_session(request):
 				"WHERE id = $1 AND user_id = $2",
 				session_id, request['session']['id'])
 	return {}
 async def new_app(request):
 	data = await request.post()
 	app_name = data.get('app_name')
 	app_url = data.get('app_url')
 	app_key = data.get('app_key')
 	key_hash = argon2.hash(app_key)
 	async with request.app['pool'].acquire() as conn:
 		await conn.execute(
 			"INSERT INTO app_info (name, url, key_hash) "
 			"VALUES ($1, $2, $3)",
 			app_name, app_url, key_hash)
 	return {}
--- a/templates/index.html
+++ b/templates/index.html
@ -37,28 +37,30 @@
 						<h3>User Permissions</h3>
 						<article style="display: none;">
 							<hr>
-							<table id="users">
+							<form method="post" enctype="application/x-www-form-urlencoded">
-								<thead>
+								<input name="form_name" type="hidden" value="change_user_perms">
-									<tr>
+								<table id="users">
-										<th>User</th>
+									<thead>
-										{% for app in apps %}
+										<tr>
-										<th>{{ app['name'] }}</th>
+											<th>User</th>
 											{% for app in apps %}
 											<th>{{ app['name'] }}</th>
 											{% endfor %}
 										</tr>
 									</thead>
 									<tbody>
 										{% for username, values in users.items() %}
 										<tr>
 											<td>{{ username }}</td>
 											{% for app_name, value in values.items() %}
 											<td><input aria-label="{{ username }}-{{ app_name }}" name="{{ username }}-{{ app_name }}" data-app-name={{ app_name }} type="checkbox"{% if value %} checked{% endif %}></td>
 											{% endfor %}
 										</tr>
 										{% endfor %}
-										<th></th>
+									</tbody>
-									</tr>
+								</table>
-								</thead>
+								<input type="submit" value="Submit">
-								<tbody>
+							</form>
 									{% for username, values in users.items() %}
 									<tr>
 										<td>{{ username }}</td>
 										{% for name, value in values.items() %}
 										<td><input aria-label="{{ username }}-{{ name }}" data-app-name={{ name }} type="checkbox" onchange="perm_change(this.parentElement.parentElement)"{% if value %} checked{% endif %}></td>
 										{% endfor %}
 										<td><input type="submit" value="Save" onclick="submit_user_perms(this.parentElement.parentElement)"></td>
 									</tr>
 									{% endfor %}
 								</tbody>
 							</table>
 						</article>
 					</section>
 					<br>