From e152b791f45b02c20b00e248f1502bc144e8a9a8 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Sun, 2 Feb 2025 16:00:41 +0200
Subject: feat(views/admin): Implement form for user deletion

---
 controllers/user.php        |  8 +++++++-
 views/admin/index.php       |  7 +++++++
 views/user/delete/index.php |  2 +-
 views/user/index.php        | 22 +++++++++++++---------
 4 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/controllers/user.php b/controllers/user.php
index ac906a0..bc3da70 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -65,8 +65,9 @@ function on_delete() {
     global $user_status;
     $user_status = "";
 
+    $user = null;
     try {
-        Database\Cookie::fromDB($TOKEN);
+        $user = Database\Cookie::fromDB($TOKEN);
     }
     catch (Exception $e) {
         $user_status = 'Invalid token!';
@@ -82,6 +83,11 @@ function on_delete() {
         return;
     }
 
+    if ($user->UID !== $to_delete->UID && $user->Role !== 'Admin') {
+        $list_status = 'You have no permission to delete this user!';
+        return;
+    }
+
     $to_delete->delete();
 
     header('Location: /');
diff --git a/views/admin/index.php b/views/admin/index.php
index 69495d6..750a246 100644
--- a/views/admin/index.php
+++ b/views/admin/index.php
@@ -28,6 +28,13 @@
         <input type="submit" value="Modify">
     </form>
 
+    <h2>Delete</h2>
+
+    <form action="/user/delete" method="GET" class="font-115">
+        <input type="text" name="username" placeholder="Username">
+        <input type="submit" value="Delete">
+    </form>
+
 <?php else: ?>
     <h2>Permission denied, you're not an admin!</h2>
 
diff --git a/views/user/delete/index.php b/views/user/delete/index.php
index d1ce8b9..cdc61ac 100644
--- a/views/user/delete/index.php
+++ b/views/user/delete/index.php
@@ -8,7 +8,7 @@
     catch(Exception $e) {}
 ?>
 
-<?php if ($to_delete !== null && $user->UID === $to_delete->UID): ?>
+<?php if ($to_delete !== null && ($user->UID === $to_delete->UID || $user->Role === 'Admin')): ?>
     <h1>Are you sure you want to delete <?= $to_delete->Username ?>?</h1>
 
     <form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
diff --git a/views/user/index.php b/views/user/index.php
index 82c95c8..40995d2 100644
--- a/views/user/index.php
+++ b/views/user/index.php
@@ -1,7 +1,9 @@
 <?php
     $user = null;
+    $loggedin = null;
     try {
         $user = Database\User::fromDB($username);
+        $loggedin = Database\Cookie::fromDB($TOKEN);
     }
     catch(Exception $e) {}
 ?>
@@ -15,16 +17,18 @@
     <div class="user-blank-afterspace"></div>
 
     <section id="user-buttons" hidden>
-        <form action="/list/new" method="GET">
-            <input type="submit" value="Create a new list">
-        </form>
-        <form action="/user/settings" method="GET">
-            <input type="submit" value="Account settings">
-        </form>
-        <?php if ($user->Role === 'Admin'): ?>
-            <form action="/admin" method="GET">
-                <input type="submit" value="Admin panel">
+        <?php if ($user !== null && $loggedin !== null && $user->UID === $loggedin->UID): ?>
+            <form action="/list/new" method="GET">
+                <input type="submit" value="Create a new list">
             </form>
+            <form action="/user/settings" method="GET">
+                <input type="submit" value="Account settings">
+            </form>
+            <?php if ($user->Role === 'Admin'): ?>
+                <form action="/admin" method="GET">
+                    <input type="submit" value="Admin panel">
+                </form>
+            <?php endif; ?>
         <?php endif; ?>
     </section>
     <script type="text/javascript">
-- 
cgit v1.2.3