amy/amsterdam
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

landed sysadmin user account management

Browse Source
This commit is contained in:
Amy G. Bowersox
2026-02-17 21:45:16 -07:00
parent a9bbbcb6b5
commit 4f26dd3295
13 changed files with 440 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
communityadmin.go
+4 -4
View File
@@ -197,7 +197,7 @@ func EditCommunityProfile(ctxt ui.AmContext) (string, any) {
nci.Region = dlg.Field("reg").ValPtr()
nci.PostalCode = dlg.Field("pcode").ValPtr()
nci.Country = dlg.Field("country").ValPtr()
_, err = nci.Save(ctxt.Ctx())
_, err = nci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
ci = nci
if err == nil {
var joinkey *string = nil
@@ -296,7 +296,7 @@ func EditCommunityLogo(ctxt ui.AmContext) (string, any) {
if err == nil {
photourl := fmt.Sprintf("/img/store/%d", img.ImgId)
ci.PhotoURL = &photourl
_, err = ci.Save(ctxt.Ctx())
_, err = ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
if err == nil {
err = comm.TouchUpdate(ctxt.Ctx())
}
@@ -337,7 +337,7 @@ func EditCommunityLogo(ctxt ui.AmContext) (string, any) {
}()
}
ci.PhotoURL = nil
_, err := ci.Save(ctxt.Ctx())
_, err := ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
if err != nil {
return "error", err
}
@@ -429,7 +429,7 @@ func CreateCommunity(ctxt ui.AmContext) (string, any) {
ci.Region = dlg.Field("reg").ValPtr()
ci.PostalCode = dlg.Field("pcode").ValPtr()
ci.Country = dlg.Field("country").ValPtr()
_, err = ci.Save(ctxt.Ctx())
_, err = ci.Save(ctxt.Ctx(), user, ctxt.RemoteIP())
if err == nil {
err = comm.SetContactID(ctxt.Ctx(), ci.ContactId)
}
database/contactinfo.go
+6 -1
View File
@@ -120,7 +120,7 @@ func (ci *ContactInfo) FullName(ps bool) string {
* true if the E-mail address on this account has been changed, false if not.
* Standard Go error status.
*/
func (ci *ContactInfo) Save(ctx context.Context) (bool, error) {
func (ci *ContactInfo) Save(ctx context.Context, changer *User, ipaddr string) (bool, error) {
ci.Mutex.Lock()
defer ci.Mutex.Unlock()
@@ -189,6 +189,11 @@ func (ci *ContactInfo) Save(ctx context.Context) (bool, error) {
if err != nil {
return false, err
}
if ci.OwnerCommId < 0 {
if changer.Uid != ci.OwnerUid {
AmStoreAudit(AmNewAudit(AuditAdminSetUserContactInfo, changer.Uid, ipaddr, fmt.Sprintf("uid=%d", ci.OwnerUid), fmt.Sprintf("contactid=%d", ci.ContactId)))
}
}
return emailChange, err
}
database/user.go
+80 -5
View File
@@ -55,13 +55,32 @@ func (p *UserPrefs) Clone() *UserPrefs {
}
// Save saves off the user preferences, replacing the prefs on the user if necessary.
func (p *UserPrefs) Save(ctx context.Context, u *User) error {
func (p *UserPrefs) Save(ctx context.Context, u, setter *User, ipaddr string) error {
if u != nil && u.Uid != p.Uid {
return errors.New("internal mismatch of IDs")
}
var old *UserPrefs
if setter.Uid != u.Uid {
var dbdata []UserPrefs
err := amdb.SelectContext(ctx, &dbdata, "SELECT * FROM userprefs WHERE uid = ?", u.Uid)
if err != nil {
return err
} else if len(dbdata) != 1 {
return errors.New("unable to take snapshot")
}
old = &(dbdata[0])
}
_, err := amdb.NamedExecContext(ctx, "UPDATE userprefs SET localeid = :localeid, tzid = :tzid WHERE uid = :uid", p)
if err == nil && u != nil {
u.prefs = p
if old != nil {
if old.LocaleID != p.LocaleID {
AmStoreAudit(AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", p.Uid), "field=localeid"))
}
if old.TimeZoneID != p.TimeZoneID {
AmStoreAudit(AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", p.Uid), "field=tzid"))
}
}
}
return err
}
@@ -272,7 +291,7 @@ func (u *User) NewEmailConfirmationNumber(ctx context.Context) error {
}
// ChangePassword resets a user's password.
func (u *User) ChangePassword(ctx context.Context, password string, remoteIP string) error {
func (u *User) ChangePassword(ctx context.Context, password string, changer *User, remoteIP string) error {
var ar *AuditRecord = nil
defer func() {
AmStoreAudit(ar)
@@ -284,7 +303,11 @@ func (u *User) ChangePassword(ctx context.Context, password string, remoteIP str
_, err := amdb.ExecContext(ctx, "UPDATE users SET passhash = ? WHERE uid = ?", pval, u.Uid)
if err == nil {
u.Passhash = pval
ar = AmNewAudit(AuditChangePassword, u.Uid, remoteIP, "via password change request")
if changer.Uid == u.Uid {
ar = AmNewAudit(AuditChangePassword, u.Uid, remoteIP, "via password change request")
} else {
ar = AmNewAudit(AuditAdminChangeUserPassword, changer.Uid, remoteIP, fmt.Sprintf("uid=%d", u.Uid))
}
}
return err
}
@@ -354,11 +377,25 @@ func (u *User) Prefs(ctx context.Context) (*UserPrefs, error) {
* Returns:
* Standard Go error status.
*/
func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Time, descr *string) error {
func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Time, descr *string, setter *User, ipaddr string) error {
ara := make([]*AuditRecord, 0, 3)
defer func() {
for _, ar := range ara {
AmStoreAudit(ar)
}
}()
u.Mutex.Lock()
defer u.Mutex.Unlock()
_, err := amdb.Exec("UPDATE users SET passreminder = ?, dob = ?, description = ? WHERE uid = ?", reminder, dob, descr, u.Uid)
_, err := amdb.ExecContext(ctx, "UPDATE users SET passreminder = ?, dob = ?, description = ? WHERE uid = ?", reminder, dob, descr, u.Uid)
if err == nil {
if setter.Uid != u.Uid {
if u.Description != descr {
ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=description"))
}
if !util.SameDate(u.DOB, dob) {
ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=dob"))
}
}
u.PassReminder = reminder
u.DOB = dob
u.Description = descr
@@ -366,6 +403,44 @@ func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Ti
return err
}
// SetSecurityData sets the "security" variables for this user.
func (u *User) SetSecurityData(ctx context.Context, baseLevel uint16, lockout, verifyEmail bool, setter *User, ipaddr string) error {
ara := make([]*AuditRecord, 0, 3)
defer func() {
for _, ar := range ara {
AmStoreAudit(ar)
}
}()
bofhLevel := AmRole("Global.BOFH").Level()
if (u.BaseLevel == bofhLevel || baseLevel == bofhLevel) && u.BaseLevel != baseLevel {
return errors.New("cannot change levels to or from global system administrator")
}
u.Mutex.Lock()
defer u.Mutex.Unlock()
_, err := amdb.ExecContext(ctx, "UPDATE users SET base_lvl = ?, lockout = ?, verify_email = ? WHERE uid = ?", baseLevel, lockout, verifyEmail, u.Uid)
if err == nil {
if u.BaseLevel != baseLevel {
ara = append(ara, AmNewAudit(AuditAdminSetAccountSecurity, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), fmt.Sprintf("level=%d", baseLevel)))
}
if u.Lockout != lockout {
m := ""
if lockout {
m = "locked"
} else {
m = "unlocked"
}
ara = append(ara, AmNewAudit(AuditAdminLockUnlockAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), m))
}
if u.VerifyEMail != verifyEmail {
ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=verify_email"))
}
u.BaseLevel = baseLevel
u.Lockout = lockout
u.VerifyEMail = verifyEmail
}
return err
}
/* AmGetUser returns a reference to the specified user.
* Parameters:
* ctx - Standard Go context value.
docs/MISSINGFUNCS.md
+1 -2
View File
@@ -15,8 +15,7 @@ _(italicized items can be deferred)_
- Sysadmin Menu:
- ~~Edit Global Properties~~
- View/Edit IP Address Bans
- View/Edit Banned Users
- User Account Management
- ~~User Account Management~~
- System Audit Logs
- Import User Accounts
- Conferences list:
login.go
+2 -2
View File
@@ -378,7 +378,7 @@ func NewAccount(ctxt ui.AmContext) (string, any) {
ci.PostalCode = dlg.Field("pcode").ValPtr()
ci.Country = dlg.Field("country").ValPtr()
ci.Email = dlg.Field("email").ValPtr()
_, err = ci.Save(ctxt.Ctx())
_, err = ci.Save(ctxt.Ctx(), user, ctxt.RemoteIP())
if err == nil {
err = user.SetContactID(ctxt.Ctx(), ci.ContactId)
}
@@ -431,7 +431,7 @@ func PasswordRecovery(ctxt ui.AmContext) (string, any) {
user, err := database.AmGetUser(ctxt.Ctx(), int32(uid))
if err == nil {
newpass := util.GenerateRandomPassword()
err = user.ChangePassword(ctxt.Ctx(), newpass, ctxt.RemoteIP())
err = user.ChangePassword(ctxt.Ctx(), newpass, user, ctxt.RemoteIP())
if err == nil {
// send the password change message
msg := email.AmNewEmailMessage(user.Uid, ctxt.RemoteIP())
main.go
+4
View File
@@ -79,6 +79,10 @@ func setupEcho() *echo.Echo {
e.GET("/sysadmin/globals", ui.AmWrap(GlobalPropertiesForm))
e.POST("/sysadmin/globals", ui.AmWrap(GlobalPropertiesSet))
e.Match(GetAndPost, "/sysadmin/users", ui.AmWrap(UserManagementSearch))
e.GET("/sysadmin/users/:uname", ui.AmWrap(UserManagementForm))
e.POST("/sysadmin/users/:uname", ui.AmWrap(UserManagementSave))
e.GET("/sysadmin/users/:uname/photo", ui.AmWrap(AdminUserPhotoForm))
e.POST("/sysadmin/users/:uname/photo", ui.AmWrap(AdminUserPhoto))
e.GET("/create_comm", ui.AmWrap(CreateCommunityForm))
e.POST("/create_comm", ui.AmWrap(CreateCommunity))
e.GET("/manage_comm", ui.AmWrap(ManageCommunities))
sysadmin.go
+292
View File
@@ -11,11 +11,16 @@
package main
import (
"context"
"errors"
"fmt"
"strconv"
"strings"
"git.erbosoft.com/amy/amsterdam/database"
"git.erbosoft.com/amy/amsterdam/ui"
"git.erbosoft.com/amy/amsterdam/util"
log "github.com/sirupsen/logrus"
)
/* SysAdminMenu renders the system administration menu.
@@ -205,3 +210,290 @@ func UserManagementSearch(ctxt ui.AmContext) (string, any) {
ctxt.SetFrameTitle("User Account Management")
return "framed", "admin_users.jet"
}
/* UserManagementForm displays the form for modifying a user.
* Parameters:
* ctxt - The AmContext for the request.
* Returns:
* Command string dictating what to be rendered.
* Data as a parameter for the command string.
*/
func UserManagementForm(ctxt ui.AmContext) (string, any) {
if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
return "error", ENOACCESS
}
user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
if err != nil {
return "error", err
}
dlg, err := ui.AmLoadDialog("admin_user")
if err == nil {
dlg.SetTargetUser(user)
if ctxt.CurrentUser().BaseLevel == database.AmRole("Global.BOFH").Level() {
// only the BOFH can designate a user as a PFY!
dlg.Field("base_lvl").Param = "Global.UserLevelsPFY"
}
var ci *database.ContactInfo
ci, err = user.ContactInfo(ctxt.Ctx())
if err == nil {
var prefs *database.UserPrefs
prefs, err = user.Prefs(ctxt.Ctx())
if err == nil {
dlg.Field("remind").Value = user.PassReminder
dlg.Field("base_lvl").SetLevel(user.BaseLevel)
dlg.Field("verify_email").SetChecked(user.VerifyEMail)
dlg.Field("lockout").SetChecked(user.Lockout)
dlg.Field("nophoto").SetChecked(user.FlagValue(ctxt.Ctx(), database.UserFlagDisallowSetPhoto))
dlg.Field("prefix").SetVal(ci.Prefix)
dlg.Field("first").SetVal(ci.GivenName)
dlg.Field("mid").SetVal(ci.MiddleInit)
dlg.Field("last").SetVal(ci.FamilyName)
dlg.Field("suffix").SetVal(ci.Suffix)
dlg.Field("company").SetVal(ci.Company)
dlg.Field("addr1").SetVal(ci.Addr1)
dlg.Field("addr2").SetVal(ci.Addr2)
dlg.Field("pvt_addr").SetChecked(ci.PrivateAddr)
dlg.Field("loc").SetVal(ci.Locality)
dlg.Field("reg").SetVal(ci.Region)
dlg.Field("pcode").SetVal(ci.PostalCode)
dlg.Field("country").SetVal(ci.Country)
dlg.Field("phone").SetVal(ci.Phone)
dlg.Field("mobile").SetVal(ci.Mobile)
dlg.Field("pvt_phone").SetChecked(ci.PrivatePhone)
dlg.Field("fax").SetVal(ci.Fax)
dlg.Field("pvt_fax").SetChecked(ci.PrivateFax)
dlg.Field("email").SetVal(ci.Email)
dlg.Field("pvt_email").SetChecked(ci.PrivateEmail)
dlg.Field("url").SetVal(ci.URL)
dlg.Field("dob").SetDate(user.DOB)
dlg.Field("descr").SetVal(user.Description)
dlg.Field("photo").Value = userPhotoURL(ci)
dlg.Field("pic_in_post").SetChecked(user.FlagValue(ctxt.Ctx(), database.UserFlagPicturesInPosts))
dlg.Field("no_mass_mail").SetChecked(user.FlagValue(ctxt.Ctx(), database.UserFlagMassMailOptOut))
dlg.Field("locale").Value = prefs.ReadLocale()
dlg.Field("tz").Value = prefs.TimeZoneID
return dlg.Render(ctxt)
}
}
}
return "error", err
}
/* UserManagementSave saves the profile data of the user.
* Parameters:
* ctxt - The AmContext for the request.
* Returns:
* Command string dictating what to be rendered.
* Data as a parameter for the command string.
*/
func UserManagementSave(ctxt ui.AmContext) (string, any) {
if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
return "error", ENOACCESS
}
user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
if err != nil {
return "error", err
}
dlg, err := ui.AmLoadDialog("admin_user")
if err == nil {
dlg.LoadFromForm(ctxt)
dlg.SetTargetUser(user)
if ctxt.CurrentUser().BaseLevel == database.AmRole("Global.BOFH").Level() {
// only the BOFH can designate a user as a PFY!
dlg.Field("base_lvl").Param = "Global.UserLevelsPFY"
}
action := dlg.WhichButton(ctxt)
if action == "cancel" { // Cancel button pressed
return "redirect", "/sysadmin/users"
}
if action == "update" {
err = dlg.Validate()
if err != nil {
return dlg.RenderError(ctxt, err.Error())
}
var ci *database.ContactInfo
ci, err = user.ContactInfo(ctxt.Ctx())
if err == nil {
var prefs *database.UserPrefs
prefs, err = user.Prefs(ctxt.Ctx())
if err == nil && !(dlg.Field("pass1").IsEmpty() && dlg.Field("pass2").IsEmpty()) {
p1 := dlg.Field("pass1").Value
if p1 == dlg.Field("pass2").Value {
err = user.ChangePassword(ctxt.Ctx(), p1, ctxt.CurrentUser(), ctxt.RemoteIP())
} else {
err = errors.New("passwords do not match")
}
}
if err == nil {
nci := ci.Clone()
nci.Prefix = dlg.Field("prefix").ValPtr()
nci.GivenName = dlg.Field("first").ValPtr()
nci.MiddleInit = dlg.Field("mid").ValPtr()
nci.FamilyName = dlg.Field("last").ValPtr()
nci.Suffix = dlg.Field("suffix").ValPtr()
nci.Company = dlg.Field("company").ValPtr()
nci.Addr1 = dlg.Field("addr1").ValPtr()
nci.Addr2 = dlg.Field("addr2").ValPtr()
nci.PrivateAddr = dlg.Field("pvt_addr").IsChecked()
nci.Locality = dlg.Field("loc").ValPtr()
nci.Region = dlg.Field("reg").ValPtr()
nci.PostalCode = dlg.Field("pcode").ValPtr()
nci.Country = dlg.Field("country").ValPtr()
nci.Phone = dlg.Field("phone").ValPtr()
nci.Mobile = dlg.Field("mobile").ValPtr()
nci.PrivatePhone = dlg.Field("pvt_phone").IsChecked()
nci.Fax = dlg.Field("fax").ValPtr()
nci.PrivateFax = dlg.Field("pvt_fax").IsChecked()
nci.Email = dlg.Field("email").ValPtr()
nci.PrivateEmail = dlg.Field("pvt_email").IsChecked()
nci.URL = dlg.Field("url").ValPtr()
_, err = nci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
ci = nci
}
if err == nil {
nprefs := prefs.Clone()
nprefs.WriteLocale(dlg.Field("locale").Value)
nprefs.TimeZoneID = dlg.Field("tz").Value
err = nprefs.Save(ctxt.Ctx(), user, ctxt.CurrentUser(), ctxt.RemoteIP())
}
if err == nil {
var f *util.OptionSet
f, err = user.Flags(ctxt.Ctx())
if err == nil {
nf := f.Clone()
nf.Set(database.UserFlagPicturesInPosts, dlg.Field("pic_in_post").IsChecked())
nf.Set(database.UserFlagMassMailOptOut, dlg.Field("no_mass_mail").IsChecked())
nf.Set(database.UserFlagDisallowSetPhoto, dlg.Field("nophoto").IsChecked())
err = user.SaveFlags(ctxt.Ctx(), nf)
}
}
if err == nil {
err = user.SetProfileData(ctxt.Ctx(), dlg.Field("remind").Value, dlg.Field("dob").AsDate(), dlg.Field("descr").ValPtr(),
ctxt.CurrentUser(), ctxt.RemoteIP())
}
if err == nil {
err = user.SetSecurityData(ctxt.Ctx(), dlg.Field("base_lvl").GetLevel(), dlg.Field("lockout").IsChecked(),
dlg.Field("verify_email").IsChecked(), ctxt.CurrentUser(), ctxt.RemoteIP())
}
if err == nil {
return "redirect", "/sysadmin/users"
}
}
}
return dlg.RenderError(ctxt, EBUTTON.Error())
}
return "error", err
}
/* AdminUserPhotoForm displays the form for editing the user's photo.
* Parameters:
* ctxt - The AmContext for the request.
* Returns:
* Command string dictating what to be rendered.
* Data as a parameter for the command string.
*/
func AdminUserPhotoForm(ctxt ui.AmContext) (string, any) {
if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
return "error", ENOACCESS
}
user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
if err != nil {
return "error", err
}
ci, err := user.ContactInfo(ctxt.Ctx())
if err == nil {
ctxt.VarMap().Set("target", "")
ctxt.VarMap().Set("username", user.Username)
ctxt.VarMap().Set("postUrl", fmt.Sprintf("/sysadmin/users/%s/photo", user.Username))
ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
ctxt.SetFrameTitle("Upload User Photo for: " + user.Username)
return "framed", "photo_upload.jet"
}
return "error", err
}
/* AdminUserPhoto handles processing the user's photo.
* Parameters:
* ctxt - The AmContext for the request.
* Returns:
* Command string dictating what to be rendered.
* Data as a parameter for the command string.
*/
func AdminUserPhoto(ctxt ui.AmContext) (string, any) {
if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
return "error", ENOACCESS
}
user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
if err != nil {
return "error", err
}
ci, err := user.ContactInfo(ctxt.Ctx())
if err != nil {
return "error", err
}
if ctxt.FormFieldIsSet("cancel") {
return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
}
if ctxt.FormFieldIsSet("upload") {
file, err := ctxt.FormFile("thepic")
if err == nil {
var imageData []byte
var mimeType string
imageData, mimeType, err = ui.AmProcessUploadedImage(file, ui.UserPhotoWidth, ui.UserPhotoHeight,
ui.UserPhotoMaxBytes)
if err == nil {
var img *database.ImageStore
img, err = database.AmStoreImage(ctxt.Ctx(), database.ImageTypeUserPhoto, user.Uid, mimeType, imageData)
if err == nil {
photourl := fmt.Sprintf("/img/store/%d", img.ImgId)
ci.PhotoURL = &photourl
_, err = ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
if err == nil {
return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
}
}
}
}
ctxt.VarMap().Set("errorMessage", err.Error())
ctxt.VarMap().Set("target", "")
ctxt.VarMap().Set("username", user.Username)
ctxt.VarMap().Set("postUrl", fmt.Sprintf("/sysadmin/users/%s/photo", user.Username))
ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
ctxt.SetFrameTitle("Upload User Photo for: " + user.Username)
return "framed", "photo_upload.jet"
}
if ctxt.FormFieldIsSet("remove") {
purl := ci.PhotoURL
happy := false
if purl == nil || *purl == "" {
// this is a no-op
return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
}
if strings.HasPrefix(*purl, "/img/store/") {
id, err := strconv.Atoi((*purl)[11:])
if err != nil {
return "error", err
}
defer func() {
if happy {
ampool.Submit(func(context.Context) {
err := database.AmDeleteImage(ctxt.Ctx(), int32(id))
if err != nil {
log.Errorf("unable to delete image ID %d: %v", id, err)
}
})
}
}()
}
ci.PhotoURL = nil
_, err := ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
if err != nil {
return "error", err
}
happy = true
return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
}
return "error", EBUTTON
}
ui/dialog.go
+6
View File
@@ -246,6 +246,12 @@ func (d *Dialog) SetTargetUser(u *database.User) {
d.Title = strings.ReplaceAll(d.Title, "[USERNAME]", u.Username)
d.Subtitle = strings.ReplaceAll(d.Subtitle, "[USERNAME]", u.Username)
d.Action = strings.ReplaceAll(d.Action, "[USERNAME]", u.Username)
for i, fld := range d.Fields {
switch fld.Type {
case "userphoto", "communitylogo":
d.Fields[i].Param = strings.ReplaceAll(fld.Param, "[USERNAME]", u.Username)
}
}
}
// SetCommunity alters a dialog's content to reflect the community.
ui/dialogs/admin_user.yaml
+1 -1
View File
@@ -180,7 +180,7 @@ fields:
- type: "userphoto"
name: "photo"
caption: "User Photo"
param: "/profile_photo"
param: "/sysadmin/users/[USERNAME]/photo"
- type: "header"
name: "header7"
caption: "User Preferences"
ui/views/dialog.jet
+2 -3
View File
@@ -228,13 +228,12 @@
{{ else if .Type == "userphoto" }}
<div class="flex items-start">
<label class="w-64 text-right pr-4 {{ if .Disabled }}text-gray-400{{ else }}text-black{{ end }} text-sm pt-2">{{ .Caption }}
{{ if .Subcaption != "" }} {{ .Subcaption }}{{ end }} (click to change):</label>
{{ if .Subcaption != "" }} {{ .Subcaption }}{{ end }} {{ if !.Disabled }}(click to change){{ end }}:</label>
<input type="hidden" name="{{ .Name }}_data" value="{{ .Value }}"/>
{{ if .Disabled }}
<img src="{{ .Value }}" class="w-25 h-25">
{{ else }}
<a href="/profile_photo?tgt={{ target | url }}"
class="border-2 border-gray-300 rounded hover:border-blue-500 transition-colors">
<a href="{{ .Param }}" class="border-2 border-gray-300 rounded hover:border-blue-500 transition-colors">
<img src="{{ .Value }}" alt="Click to upload photo" class="w-25 h-25">
</a>
{{ end }}
ui/views/photo_upload.jet
+19 -12
View File
@@ -9,7 +9,12 @@
<!-- Page Title -->
<div class="p-4">
<div class="mb-6">
<h1 class="text-blue-800 text-4xl font-bold mb-2">Upload User Photo</h1>
<div class="flex items-baseline gap-2">
<h1 class="text-blue-800 text-4xl font-bold">Upload User Photo</h1>
{{ if isset(userName) }}
<span class="text-blue-800 text-2xl">for User: {{ username }}</span>
{{ end }}
</div>
<hr class="border-2 border-gray-400 w-4/5 mb-4">
</div>
@@ -28,7 +33,7 @@
{{ end }}
<!-- Upload Form -->
<form method="POST" enctype="multipart/form-data" action="/profile_photo" class="max-w-2xl">
<form method="POST" enctype="multipart/form-data" action="{{ postUrl }}" class="max-w-2xl">
<input type="hidden" name="tgt" value="{{ target }}">
<div class="bg-gray-50 p-6 rounded-lg">
@@ -75,16 +80,18 @@
</div>
</div>
<!-- Additional Instructions -->
<div class="mt-6 p-4 bg-blue-50 border border-blue-200 rounded">
<h3 class="text-sm font-bold text-blue-900 mb-2">Photo Guidelines:</h3>
<ul class="text-xs text-blue-800 space-y-1 list-disc list-inside">
<li>Your photo will be visible to other users in the community</li>
<li>Photos should be appropriate for a professional community setting</li>
<li>The image will be automatically resized to fit the profile display</li>
<li>You can update or remove your photo at any time</li>
</ul>
</div>
{{ if !isset(username) }}
<!-- Additional Instructions -->
<div class="mt-6 p-4 bg-blue-50 border border-blue-200 rounded">
<h3 class="text-sm font-bold text-blue-900 mb-2">Photo Guidelines:</h3>
<ul class="text-xs text-blue-800 space-y-1 list-disc list-inside">
<li>Your photo will be visible to other users in the community</li>
<li>Photos should be appropriate for a professional community setting</li>
<li>The image will be automatically resized to fit the profile display</li>
<li>You can update or remove your photo at any time</li>
</ul>
</div>
{{ end }}
</div>
</form>
</div>
userdata.go
+10 -8
View File
@@ -55,7 +55,7 @@ func EditProfileForm(ctxt ui.AmContext) (string, any) {
dlg, err := ui.AmLoadDialog("profile")
if err == nil {
dlg.Field("tgt").Value = target
ctxt.VarMap().Set("target", target)
dlg.Field("photo").Param = "/profile_photo?tgt=" + url.QueryEscape(target)
var ci *database.ContactInfo
ci, err = u.ContactInfo(ctxt.Ctx())
if err == nil {
@@ -117,7 +117,7 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
if target == "" {
target = "/"
}
ctxt.VarMap().Set("target", target)
dlg.Field("photo").Param = "/profile_photo?tgt=" + url.QueryEscape(target)
action := dlg.WhichButton(ctxt)
if action == "cancel" { // Cancel button pressed
@@ -137,7 +137,7 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
if err == nil && !(dlg.Field("pass1").IsEmpty() && dlg.Field("pass2").IsEmpty()) {
p1 := dlg.Field("pass1").Value
if p1 == dlg.Field("pass2").Value {
err = u.ChangePassword(ctxt.Ctx(), p1, ctxt.RemoteIP())
err = u.ChangePassword(ctxt.Ctx(), p1, u, ctxt.RemoteIP())
} else {
err = errors.New("passwords do not match")
}
@@ -165,14 +165,14 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
nci.Email = dlg.Field("email").ValPtr()
nci.PrivateEmail = dlg.Field("pvt_email").IsChecked()
nci.URL = dlg.Field("url").ValPtr()
emailChange, err = nci.Save(ctxt.Ctx())
emailChange, err = nci.Save(ctxt.Ctx(), u, ctxt.RemoteIP())
ci = nci
}
if err == nil {
nprefs := prefs.Clone()
nprefs.WriteLocale(dlg.Field("locale").Value)
nprefs.TimeZoneID = dlg.Field("tz").Value
err = nprefs.Save(ctxt.Ctx(), u)
err = nprefs.Save(ctxt.Ctx(), u, u, ctxt.RemoteIP())
}
if err == nil {
var f *util.OptionSet
@@ -185,7 +185,7 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
}
}
if err == nil {
err = u.SetProfileData(ctxt.Ctx(), dlg.Field("remind").Value, dlg.Field("dob").AsDate(), dlg.Field("descr").ValPtr())
err = u.SetProfileData(ctxt.Ctx(), dlg.Field("remind").Value, dlg.Field("dob").AsDate(), dlg.Field("descr").ValPtr(), u, ctxt.RemoteIP())
}
if err == nil {
if emailChange {
@@ -224,6 +224,7 @@ func ProfilePhotoForm(ctxt ui.AmContext) (string, any) {
ci, err := u.ContactInfo(ctxt.Ctx())
if err == nil {
ctxt.VarMap().Set("target", target)
ctxt.VarMap().Set("postUrl", "/profile_photo")
ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
ctxt.SetScratch("frame_suppressLogin", true)
ctxt.SetFrameTitle("Upload User Photo")
@@ -268,7 +269,7 @@ func ProfilePhoto(ctxt ui.AmContext) (string, any) {
if err == nil {
photourl := fmt.Sprintf("/img/store/%d", img.ImgId)
ci.PhotoURL = &photourl
_, err = ci.Save(ctxt.Ctx())
_, err = ci.Save(ctxt.Ctx(), u, ctxt.RemoteIP())
if err == nil {
return "redirect", "/profile?tgt=" + url.QueryEscape(target)
}
@@ -277,6 +278,7 @@ func ProfilePhoto(ctxt ui.AmContext) (string, any) {
}
ctxt.VarMap().Set("errorMessage", err.Error())
ctxt.VarMap().Set("target", target)
ctxt.VarMap().Set("postUrl", "/profile_photo")
ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
ctxt.SetScratch("frame_suppressLogin", true)
ctxt.SetFrameTitle("Upload User Photo")
@@ -306,7 +308,7 @@ func ProfilePhoto(ctxt ui.AmContext) (string, any) {
}()
}
ci.PhotoURL = nil
_, err := ci.Save(ctxt.Ctx())
_, err := ci.Save(ctxt.Ctx(), u, ctxt.RemoteIP())
if err != nil {
return "error", err
}
util/util.go
+13
View File
@@ -13,6 +13,7 @@ package util
import (
"regexp"
"strings"
"time"
"unicode"
"unicode/utf8"
)
@@ -64,6 +65,18 @@ func SqlEscape(s string, wildcards bool) string {
return sb.String()
}
// SameDate returns true if the two time values are the same date.
func SameDate(t1, t2 *time.Time) bool {
if t1 == nil {
return t2 == nil
} else if t2 == nil {
return false
}
y1, m1, d1 := t1.Date()
y2, m2, d2 := t2.Date()
return (y1 == y2) && (m1 == m2) && (d1 == d2)
}
/* IsNumeric returns true if the string is numeric (all digits).
* Parameters:
* s - String to be tested.