Allow admin status to be toggled from admin panel

2024-04-03 17:38:08 +11:00 · 2024-04-03 17:38:08 +11:00 · 02ff0d874d
commit 02ff0d874d
parent 66abec23d9
4 changed files with 48 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,11 @@
 # acm-site

 Rewrite of the WPI ACM website in Flask
+
+## Development Environment
+
+We provide a Makefile to manage development and production environments. To set
+up a new virtual environment, use `make init_env`. Any time project requirements
+change, use `make upgrade_env`. When deploying to production, `make
+post_upgrade` will be your friend, as it will automatically set up requisite
+folders, an environment, and run migrations for you.
--- a/acmsite/init.py
+++ b/acmsite/init.py
@ -35,7 +35,7 @@ def create_app():
    tenant = app.config["AZURE_TENANT_ID"]
    AZURE_CLIENT_ID = app.config["AZURE_CLIENT_ID"]
    oauth.register(
-            name='azure',
+            name="azure",
            authorize_url=f"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize",
            access_token_url=f"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token",
            api_base_url="https://graph.microsoft.com/v1.0/",
--- a/acmsite/admin/init.py
+++ b/acmsite/admin/init.py
@ -39,6 +39,20 @@ def users():
    return render_template("admin/users.html", u_list=user_list,
                           form=position_form)

+@bp.route("/users/toggle_admin/<string:user_id>")
+@login_required
+def toggle_admin(user_id):
+    if not current_user.is_admin:
+        return error_json("Unauthorized")
+
+    u = User.query.filter_by(id=user_id).first()
+    if u is None:
+        return error_json("Invalid user")
+
+    u.is_admin = not u.is_admin
+    db.session.commit()
+    return success_json()
+
@bp.route("/users.csv")
@login_required
 def users_csv():
--- a/acmsite/templates/admin/users.html
+++ b/acmsite/templates/admin/users.html
@ -29,9 +29,13 @@
                                   class="caret"></span></a>
                       <ul class="dropdown-menu">
                           {% if u.is_admin %}
-                           <li class="dropdown-item">Demote Officer</li>
+                           <li class="dropdown-item"><a href="#" class="toggle-admin" data-id="{{
+                                                                           u.id}}
+                                                                           ">Demote
+                                                                           Officer</a></li>
                           {% else %}
-                           <li class="dropdown-item">Promote Officer</li>
+                           <li class="dropdown-item"> <a class="toggle-admin"
+                                      href="#" data-id="{{ u.id}}">Promote Officer</a></li>
                           {% endif %}
                           <li class="dropdown-item"><a href="{{
                                                    url_for('admin.officer_positions',
@ -46,5 +50,24 @@
        {% endfor %}
    </tbody>    
 </table>
+<script src="{{ url_for('static', filename='js/jquery-3.6.3.min.js') }}" charset="utf-8"></script>
+<script charset="utf-8">
+    $(document).ready(() => {
+        $('a.toggle-admin').click((e) => {
+            e.preventDefault();
+            let id = e.target.dataset.id
+            console.log(`Toggling admin status of ${id}`)
+            $.get(`/admin/users/toggle_admin/${id}`, (data) => {
+                if (data.status === 'success') {
+                    window.alert("Success!");
+                    window.location.reload()
+                } else {
+                    window.alert(`Error :(\n${data.message}`)
+                    window.location.reload()
+                }
+            });
+        });
+    });
+</script>

 {% endblock app_content %}