From e0fe3d0a5b6dd8bf4ba11eee10adfb6be3f5ab31 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Sun, 2 Feb 2025 15:52:58 +0200
Subject: feat: Implement admin panel with the ability to change role of users

---
 controllers/admin.php   | 39 +++++++++++++++++++++++++++++++++++++++
 models/user.php         |  6 ++++--
 views/admin/index.php   | 34 ++++++++++++++++++++++++++++++++++
 views/admin/meta.php    |  4 ++++
 views/global/router.php |  1 +
 views/user/index.php    |  5 +++++
 6 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 controllers/admin.php
 create mode 100644 views/admin/index.php
 create mode 100644 views/admin/meta.php

diff --git a/controllers/admin.php b/controllers/admin.php
new file mode 100644
index 0000000..2b8e97b
--- /dev/null
+++ b/controllers/admin.php
@@ -0,0 +1,39 @@
+<?php
+namespace Controller;
+use Database;
+use Exception;
+
+function on_patch() {
+    global $TOKEN;
+    global $METHOD;
+    global $role_status;
+    $role_status = "";
+
+    $status = null;
+    switch ($METHOD['type']) {
+        case 'role': $status = 'role_status'; break;
+        default: throw new Exception('Invalid patch type ' . $METHOD['type']);
+    }
+
+    $user = null;
+    try {
+        $user = Database\Cookie::fromDB($TOKEN);
+    }
+    catch(Exception $e) {
+        $$status = "Couldn't retrieve user!";
+        return;
+    }
+
+    switch ($METHOD['type']) {
+        case 'role':
+            try {
+                $to_update = Database\User::fromDB($METHOD['username']);
+                $to_update->update($to_update->Username, null, $METHOD['role']);
+            }
+            catch (Exception $e) {
+                $$status = "User doesn't exist!";
+                return;
+            }
+            break;
+    }
+}
diff --git a/models/user.php b/models/user.php
index 71cf07d..6ff2f70 100644
--- a/models/user.php
+++ b/models/user.php
@@ -60,16 +60,18 @@ class User extends Table {
 
     private static $AnonUID = 1;
 
-    function update(string $Username, string $Password = null) {
+    function update(string $Username = null, string $Password = null, string $Role = null) {
         // Applicable to Anon user
         if ($this->Password === '') {
             throw new Exception('Not modifying system account!');
         }
 
+        $Username = $Username ?? $this->Username;
         $Password = ($Password === null) ? $this->Password : password_hash($Password, PASSWORD_BCRYPT);
+        $Role = $Role ?? $this->Role;
         Table::_update(
             'Users',
-            "Username = \"$Username\", Password = \"$Password\"",
+            "Username = \"$Username\", Password = \"$Password\", Role = \"$Role\"",
             "UID = \"$this->UID\""
         );
     }
diff --git a/views/admin/index.php b/views/admin/index.php
new file mode 100644
index 0000000..69495d6
--- /dev/null
+++ b/views/admin/index.php
@@ -0,0 +1,34 @@
+<?php
+    $user = require_login();
+?>
+
+<?php if ($user->Role === 'Admin'): ?>
+    <h2>Change role</h2>
+
+    <form action="#" method="POST" class="font-115">
+        <input type="hidden" name="method" value="PATCH">
+        <?php if (isset($role_status)): ?>
+            <?php if ($role_status !== ""): ?>
+                <p class="item error"><span>
+                    <strong>Error:</strong> <?= $role_status ?>
+                </span></p>
+            <?php else: ?>
+                <p class="item success">
+                    Success!
+                </p>
+            <?php endif; ?>
+        <?php endif; ?>
+
+        <input type="hidden" name="type" value="role">
+        <input type="text" name="username" placeholder="Username">
+        <select name="role" required>
+            <option value="User">User</option>
+            <option value="Admin">Admin</option>
+        </select>
+        <input type="submit" value="Modify">
+    </form>
+
+<?php else: ?>
+    <h2>Permission denied, you're not an admin!</h2>
+
+<?php endif; ?>
diff --git a/views/admin/meta.php b/views/admin/meta.php
new file mode 100644
index 0000000..0a151ba
--- /dev/null
+++ b/views/admin/meta.php
@@ -0,0 +1,4 @@
+<?php
+
+$title = 'Admin panel';
+$controller = 'admin';
diff --git a/views/global/router.php b/views/global/router.php
index 5b0bd01..ab3a0be 100644
--- a/views/global/router.php
+++ b/views/global/router.php
@@ -46,6 +46,7 @@ function route_view() {
         case '/login': return '/session/create';
         case '/logout': return '/session/delete';
         case '/list': return '/list';
+        case '/admin': return '/admin';
 
         case '/authenticate':
             return '/user/authenticate.php';
diff --git a/views/user/index.php b/views/user/index.php
index 066fd69..82c95c8 100644
--- a/views/user/index.php
+++ b/views/user/index.php
@@ -21,6 +21,11 @@
         <form action="/user/settings" method="GET">
             <input type="submit" value="Account settings">
         </form>
+        <?php if ($user->Role === 'Admin'): ?>
+            <form action="/admin" method="GET">
+                <input type="submit" value="Admin panel">
+            </form>
+        <?php endif; ?>
     </section>
     <script type="text/javascript">
         function showUserButtons() {
-- 
cgit v1.2.3