add deleting, promoting/demoting, guesting (soft banning) users
This commit is contained in:
@ -109,7 +109,7 @@ app:post("thread", "/:slug", function(self)
|
||||
return {redirect_to = self:url_for("thread", {slug = thread.slug})}
|
||||
end
|
||||
|
||||
if util.is_thread_locked(thread) and not user:is_admin() then
|
||||
if util.is_thread_locked(thread) and not user:is_mod() then
|
||||
return {redirect_to = self:url_for("thread", {slug = thread.slug})}
|
||||
end
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ end)
|
||||
|
||||
app:get("topic_create", "/create", function(self)
|
||||
local user = util.get_logged_in_user(self) or util.TransientUser
|
||||
if not user:is_admin() then
|
||||
if not user:is_mod() then
|
||||
return {status = 403}
|
||||
end
|
||||
|
||||
@ -36,7 +36,7 @@ end)
|
||||
|
||||
app:post("topic_create", "/create", function(self)
|
||||
local user = util.get_logged_in_user(self) or util.TransientUser
|
||||
if not user:is_admin() then
|
||||
if not user:is_mod() then
|
||||
return {redirect_to = "all_topics"}
|
||||
end
|
||||
|
||||
@ -72,7 +72,7 @@ app:get("topic", "/:slug", function(self)
|
||||
self.thread_create_error = ThreadCreateError.GUEST
|
||||
elseif user:is_guest() then
|
||||
self.thread_create_error = ThreadCreateError.LOGGED_OUT
|
||||
elseif util.ntob(topic.is_locked) and not user:is_admin() then
|
||||
elseif util.ntob(topic.is_locked) and not user:is_mod() then
|
||||
self.thread_create_error = ThreadCreateError.TOPIC_LOCKED
|
||||
end
|
||||
|
||||
@ -81,7 +81,7 @@ end)
|
||||
|
||||
app:get("topic_edit", "/:slug/edit", function(self)
|
||||
local user = util.get_logged_in_user_or_transient(self)
|
||||
if not user:is_admin() then
|
||||
if not user:is_mod() then
|
||||
return {redirect_to = self:url_for("topic", {slug = self.params.slug})}
|
||||
end
|
||||
local topic = Topics:find({
|
||||
@ -96,7 +96,7 @@ end)
|
||||
|
||||
app:post("topic_edit", "/:slug/edit", function(self)
|
||||
local user = util.get_logged_in_user_or_transient(self)
|
||||
if not user:is_admin() then
|
||||
if not user:is_mod() then
|
||||
return {redirect_to = self:url_for("topic", {slug = self.params.slug})}
|
||||
end
|
||||
local topic = Topics:find({
|
||||
|
||||
114
apps/users.lua
114
apps/users.lua
@ -79,13 +79,59 @@ app:get("user", "/:username", function(self)
|
||||
self.user_is_me = me.id == user.id
|
||||
|
||||
if user.permission == constants.PermissionLevel.GUEST then
|
||||
if not (self.user_is_me or me:is_admin()) then
|
||||
if not (self.user_is_me or me:is_mod()) then
|
||||
return {status = 404}
|
||||
end
|
||||
end
|
||||
return {render = "user.user"}
|
||||
end)
|
||||
|
||||
app:post("user_delete", "/:username/delete", function(self)
|
||||
local me = util.get_logged_in_user(self)
|
||||
if me == nil then
|
||||
self.session.flash = {error = "You must be logged in to perform this action."}
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end
|
||||
local target_user = Users:find({username = self.params.username})
|
||||
if not me:is_mod() then
|
||||
if me.id ~= target_user.id then
|
||||
return {redirect_to = self:url_for("user", {username = self.params.username})}
|
||||
end
|
||||
|
||||
if not authenticate_user(target_user, self.params.password) then
|
||||
self.session.flash = {error = "The password you entered is incorrect."}
|
||||
return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
|
||||
end
|
||||
|
||||
util.transfer_and_delete_user(target_user)
|
||||
self.session.flash = {error = "Your account has been added to the deletion queue."}
|
||||
return {redirect_to = self:url_for("user_signup")}
|
||||
else
|
||||
if target_user.permission >= me.permission then
|
||||
self.session.flash = {error = "You can not delete another moderator."}
|
||||
return {redirect_to = self:url_for("user", {username = me.username})}
|
||||
end
|
||||
end
|
||||
end)
|
||||
|
||||
app:get("user_delete_confirm", "/:username/delete_confirm", function(self)
|
||||
local me = util.get_logged_in_user(self)
|
||||
if me == nil then
|
||||
self.session.flash = {error = "You must be logged in to perform this action."}
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end
|
||||
local target_user = Users:find({username = self.params.username})
|
||||
if me.id ~= target_user.id then
|
||||
return {redirect_to = self:url_for("user", {username = self.params.username})}
|
||||
end
|
||||
if self.session.flash then
|
||||
self.err = self.session.flash.error
|
||||
self.session.flash = {}
|
||||
end
|
||||
self.user = target_user
|
||||
return {render = "user.delete_confirm"}
|
||||
end)
|
||||
|
||||
app:post("user_clear_avatar", "/:username/clear_avatar", function(self)
|
||||
local me = util.get_logged_in_user(self)
|
||||
if me == nil then
|
||||
@ -216,6 +262,10 @@ app:post("user_login", "/login", function(self)
|
||||
self.session.flash = {error = "Invalid username or password"}
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end
|
||||
if user.permission == constants.PermissionLevel.SYSTEM then
|
||||
self.session.flash = {error = "Invalid username or password"}
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
end
|
||||
if not authenticate_user(user, password) then
|
||||
self.session.flash = {error = "Invalid username or password"}
|
||||
return {redirect_to = self:url_for("user_login")}
|
||||
@ -300,7 +350,7 @@ app:post("confirm_user", "/confirm_user/:user_id", function (self)
|
||||
if not user then
|
||||
return {status = 403}
|
||||
end
|
||||
if not user:is_admin() then
|
||||
if not user:is_mod() then
|
||||
return {status = 403}
|
||||
end
|
||||
local target_user = Users:find(self.params.user_id)
|
||||
@ -315,4 +365,64 @@ app:post("confirm_user", "/confirm_user/:user_id", function (self)
|
||||
return {redirect_to = self:url_for("user", {username = target_user.username})}
|
||||
end)
|
||||
|
||||
app:post("mod_user", "/mod_user/:user_id", function(self)
|
||||
local user = util.get_logged_in_user(self)
|
||||
if not user then
|
||||
return {status = 403}
|
||||
end
|
||||
if not user:is_admin() then
|
||||
return {status = 403}
|
||||
end
|
||||
local target_user = Users:find(self.params.user_id)
|
||||
if not target_user then
|
||||
return {status = 404}
|
||||
end
|
||||
if target_user:is_mod() then
|
||||
return {status = 404}
|
||||
end
|
||||
|
||||
target_user:update({permission = constants.PermissionLevel.MODERATOR})
|
||||
return {redirect_to = self:url_for("user", {username = target_user.username})}
|
||||
end)
|
||||
|
||||
app:post("demod_user", "/demod_user/:user_id", function(self)
|
||||
local user = util.get_logged_in_user(self)
|
||||
if not user then
|
||||
return {status = 403}
|
||||
end
|
||||
if not user:is_admin() then
|
||||
return {status = 403}
|
||||
end
|
||||
local target_user = Users:find(self.params.user_id)
|
||||
if not target_user then
|
||||
return {status = 404}
|
||||
end
|
||||
if not target_user:is_mod() then
|
||||
return {status = 404}
|
||||
end
|
||||
|
||||
target_user:update({permission = constants.PermissionLevel.USER})
|
||||
return {redirect_to = self:url_for("user", {username = target_user.username})}
|
||||
end)
|
||||
|
||||
app:post("guest_user", "/guest_user/:user_id", function(self)
|
||||
local user = util.get_logged_in_user(self)
|
||||
if not user then
|
||||
return {status = 403}
|
||||
end
|
||||
if not user:is_mod() then
|
||||
return {status = 403}
|
||||
end
|
||||
local target_user = Users:find(self.params.user_id)
|
||||
if not target_user then
|
||||
return {status = 404}
|
||||
end
|
||||
if target_user:is_mod() then
|
||||
return {status = 404}
|
||||
end
|
||||
|
||||
target_user:update({permission = constants.PermissionLevel.GUEST})
|
||||
return {redirect_to = self:url_for("user", {username = target_user.username})}
|
||||
end)
|
||||
|
||||
return app
|
||||
Reference in New Issue
Block a user