From 02ff0d874d63eb1e2d51115937b6077ab35b642a Mon Sep 17 00:00:00 2001
From: Cara Salter <cara@devcara.com>
Date: Wed, 3 Apr 2024 17:38:08 +1100
Subject: [PATCH] Allow admin status to be toggled from admin panel

---
 README.md                          |  8 ++++++++
 acmsite/__init__.py                |  2 +-
 acmsite/admin/__init__.py          | 14 ++++++++++++++
 acmsite/templates/admin/users.html | 27 +++++++++++++++++++++++++--
 4 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index e878765..e628f79 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,11 @@
 # acm-site
 
 Rewrite of the WPI ACM website in Flask
+
+## Development Environment
+
+We provide a Makefile to manage development and production environments. To set
+up a new virtual environment, use `make init_env`. Any time project requirements
+change, use `make upgrade_env`. When deploying to production, `make
+post_upgrade` will be your friend, as it will automatically set up requisite
+folders, an environment, and run migrations for you.
diff --git a/acmsite/__init__.py b/acmsite/__init__.py
index f86f9b2..c058a4a 100644
--- a/acmsite/__init__.py
+++ b/acmsite/__init__.py
@@ -35,7 +35,7 @@ def create_app():
     tenant = app.config["AZURE_TENANT_ID"]
     AZURE_CLIENT_ID = app.config["AZURE_CLIENT_ID"]
     oauth.register(
-            name='azure',
+            name="azure",
             authorize_url=f"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize",
             access_token_url=f"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token",
             api_base_url="https://graph.microsoft.com/v1.0/",
diff --git a/acmsite/admin/__init__.py b/acmsite/admin/__init__.py
index 0b07f24..7193a4c 100644
--- a/acmsite/admin/__init__.py
+++ b/acmsite/admin/__init__.py
@@ -39,6 +39,20 @@ def users():
     return render_template("admin/users.html", u_list=user_list,
                            form=position_form)
 
+@bp.route("/users/toggle_admin/<string:user_id>")
+@login_required
+def toggle_admin(user_id):
+    if not current_user.is_admin:
+        return error_json("Unauthorized")
+
+    u = User.query.filter_by(id=user_id).first()
+    if u is None:
+        return error_json("Invalid user")
+
+    u.is_admin = not u.is_admin
+    db.session.commit()
+    return success_json()
+
 @bp.route("/users.csv")
 @login_required
 def users_csv():
diff --git a/acmsite/templates/admin/users.html b/acmsite/templates/admin/users.html
index 0917009..cea21f8 100644
--- a/acmsite/templates/admin/users.html
+++ b/acmsite/templates/admin/users.html
@@ -29,9 +29,13 @@
                                    class="caret"></span></a>
                        <ul class="dropdown-menu">
                            {% if u.is_admin %}
-                           <li class="dropdown-item">Demote Officer</li>
+                           <li class="dropdown-item"><a href="#" class="toggle-admin" data-id="{{
+                                                                           u.id}}
+                                                                           ">Demote
+                                                                           Officer</a></li>
                            {% else %}
-                           <li class="dropdown-item">Promote Officer</li>
+                           <li class="dropdown-item"> <a class="toggle-admin"
+                                      href="#" data-id="{{ u.id}}">Promote Officer</a></li>
                            {% endif %}
                            <li class="dropdown-item"><a href="{{
                                                     url_for('admin.officer_positions',
@@ -46,5 +50,24 @@
         {% endfor %}
     </tbody>    
 </table>
+<script src="{{ url_for('static', filename='js/jquery-3.6.3.min.js') }}" charset="utf-8"></script>
+<script charset="utf-8">
+    $(document).ready(() => {
+        $('a.toggle-admin').click((e) => {
+            e.preventDefault();
+            let id = e.target.dataset.id
+            console.log(`Toggling admin status of ${id}`)
+            $.get(`/admin/users/toggle_admin/${id}`, (data) => {
+                if (data.status === 'success') {
+                    window.alert("Success!");
+                    window.location.reload()
+                } else {
+                    window.alert(`Error :(\n${data.message}`)
+                    window.location.reload()
+                }
+            });
+        });
+    });
+</script>
 
 {% endblock app_content %}