Added rights management + user edit

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "eslint.enable": false
+}

client/js/pages/admin.js

@@ -17,14 +17,38 @@ if($('#page-type-admin-users').length) {
 		},
 		methods: {
 			addRightsRow: (ev) => {
-				vueEditUser.rights.push({});
+				vueEditUser.rights.push({
+					role: 'write',
+					path: '/',
+					exact: false,
+					deny: false
+				});
 			},
-			removeRightsRow: (ev) => {
-
+			removeRightsRow: (idx) => {
+				_.pullAt(vueEditUser.rights, idx)
+				vueEditUser.$forceUpdate()
 			},
 			saveUser: (ev) => {
-
-
+				let formattedRights = _.cloneDeep(vueEditUser.rights)
+				switch(vueEditUser.roleoverride) {
+					case 'admin':
+						formattedRights.push({
+							role: 'admin',
+							path: '/',
+							exact: false,
+							deny: false
+						})
+					break;
+				}
+				$.post(window.location.href, {
+					password: vueEditUser.password,
+					name: vueEditUser.name,
+					rights: JSON.stringify(formattedRights)
+				}).done((resp) => {
+					alerts.pushSuccess('Saved successfully', 'Changes have been applied.');
+				}).fail((jqXHR, txtStatus, resp) => {
+					alerts.pushError('Error', resp);
+				})
 			}
 		},
 		created: function() {
@@ -33,8 +57,6 @@ if($('#page-type-admin-users').length) {
 			this.email = usrData.email;
 			this.name = usrData.name;
 
-			console.log(_.find(usrData.rights, { role: 'admin' }));
-
 			if(_.find(usrData.rights, { role: 'admin' })) {
 				this.rights = _.reject(usrData.rights, ['role', 'admin']);
 				this.roleoverride = 'admin';

controllers/admin.js

@@ -4,6 +4,7 @@ var express = require('express');
 var router = express.Router();
 const Promise = require('bluebird');
 const validator = require('validator');
+const _ = require('lodash');
 
 /**
  * Admin
@@ -85,6 +86,40 @@ router.get('/users/:id', (req, res) => {
 
 });
 
+router.post('/users/:id', (req, res) => {
+
+	if(!res.locals.rights.manage) {
+		return res.status(401).json({ msg: 'Unauthorized' });
+	}
+
+	if(!validator.isMongoId(req.params.id)) {
+		return res.status(400).json({ msg: 'Invalid User ID' });
+	}
+
+	return db.User.findById(req.params.id).then((usr) => {
+		usr.name = _.trim(req.body.name);
+		usr.rights = JSON.parse(req.body.rights);
+		if(usr.provider === 'local' && req.body.password !== '********') {
+			let nPwd = _.trim(req.body.password);
+			if(nPwd.length < 6) {
+				return Promise.reject(new Error('New Password too short!'))
+			} else {
+				return db.User.hashPassword(nPwd).then((pwd) => {
+					usr.password = pwd;
+					return usr.save();
+				});
+			}
+		} else {
+			return usr.save();
+		}
+	}).then(() => {
+		return res.json({ msg: 'OK' });
+	}).catch((err) => {
+		res.status(400).json({ msg: err.message });
+	})
+
+});
+
 router.get('/settings', (req, res) => {
 
 	if(!res.locals.rights.manage) {

views/common/alerts.pug

@@ -2,8 +2,8 @@
 	ul
 		template(v-for="aItem in children", track-by='_uid')
 			li(v-bind:class='aItem.class')
-				button.delete(v-on:click='acknowledge(aItem._uid)')
-				h3 {{ aItem.title }}
+				button(v-on:click='acknowledge(aItem._uid)')
+				strong {{ aItem.title }}
 				span {{ aItem.message }}
 
 if appflash.length > 0

views/pages/admin/users-edit.pug

@@ -64,10 +64,10 @@ block adminContent
 							th(style={width: '150px'}) Access
 							th(style={width: '50px'})
 					tbody
-						tr(v-for='right in rights', v-cloak)
+						tr(v-for='(right, idx) in rights', v-cloak)
 							td.is-icon
-								i.icon-marquee-plus.is-green(v-if='!right.deny')
-								i.icon-marquee-minus.is-red(v-if='right.deny')
+								i.icon-marquee-plus.is-green(v-if='right.deny === false || right.deny === "false"')
+								i.icon-marquee-minus.is-red(v-if='right.deny === true || right.deny === "true"')
 							td
 								p.control.is-fullwidth
 									select(v-model='right.role')
@@ -89,7 +89,7 @@ block adminContent
 										option(value='false') Allow
 										option(value='true') Deny
 							td.is-centered.has-action-icons
-								i.icon-delete.is-red(v-on:click='removeRightsRow(right._id)')
+								i.icon-delete.is-red(v-on:click='removeRightsRow(idx)')
 						tr(v-if='rights.length < 1', v-cloak)
 							td.is-icon
 							td.is-centered(colspan='3'): em No additional access rights