add login, signup, settings, delete confirm markup

2025-05-20 19:08:21 +03:00
parent 2eddb70d63
commit ecf89dba19
8 changed files with 152 additions and 80 deletions
--- a/apps/users.lua
+++ b/apps/users.lua
@ -106,31 +106,27 @@ app:get("user", "/:username", function(self)
 end)

 app:post("user_delete", "/:username/delete", function(self)
+  -- this route explicitly does not handle admins deleting other users
+  -- i might make a separate route for it later, but guesting users is possible
  local me = util.get_logged_in_user(self)
  if me == nil then
    self.session.flash = {error = "You must be logged in to perform this action."}
    return {redirect_to = self:url_for("user_login")}
  end
  local target_user = Users:find({username = self.params.username})
-  if not me:is_mod() then
-    if me.id ~= target_user.id then
-      return {redirect_to = self:url_for("user", {username = self.params.username})}
-    end
-    
-    if not authenticate_user(target_user, self.params.password) then
-      self.session.flash = {error = "The password you entered is incorrect."}
-      return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
-    end
-    
-    util.transfer_and_delete_user(target_user)
-    self.session.flash = {error = "Your account has been added to the deletion queue."}
-    return {redirect_to = self:url_for("user_signup")}
-  else
-    if target_user.permission >= me.permission then
-      self.session.flash = {error = "You can not delete another moderator."}
-      return {redirect_to = self:url_for("user", {username = me.username})}
-    end
+  
+  if me.id ~= target_user.id then
+    return {redirect_to = self:url_for("user", {username = self.params.username})}
  end
+  
+  if not authenticate_user(target_user, self.params.password) then
+    self.session.flash = {error = "The password you entered is incorrect."}
+    return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
+  end
+  
+  util.transfer_and_delete_user(target_user)
+  self.session.flash = {error = "Your account has been added to the deletion queue."}
+  return {redirect_to = self:url_for("user_signup")}
 end)

 app:get("user_delete_confirm", "/:username/delete_confirm", function(self)