settings page to add/remove users and view tokens

8 years ago · cb342d7eec
--- a/compass/app/Http/Controllers/Controller.php
+++ b/compass/app/Http/Controllers/Controller.php
@ -77,13 +77,13 @@ class Controller extends BaseController
      return redirect('/');

    // Verify this user has access to the database
    $check = DB::select('SELECT * 
      FROM `databases` d
      JOIN database_users u ON d.id = u.database_id
      WHERE u.user_id = ? AND d.name = ?', [session('user_id'), $name]);
    if(count($check) == 0) {
    $db = DB::table('databases')
      ->where('created_by','=',session('user_id'))
      ->where('name','=',$name)
      ->first();
    if(!$db)
      return redirect('/');
    }




@ -94,17 +94,73 @@ class Controller extends BaseController
      return redirect('/');

    // Only the person that created the database can modify it
    $db = DB::select('SELECT * 
      FROM `databases`
      WHERE created_by = ? AND name = ?', [session('user_id'), $name]);
    if(count($db) == 0) {
    $db = DB::table('databases')
      ->where('created_by','=',session('user_id'))
      ->where('name','=',$name)
      ->first();
    if(!$db)
      return redirect('/');
    }

    $users = DB::select('SELECT u.*
      FROM users u
      JOIN database_users d ON u.id = d.user_id
      WHERE d.database_id = ?
      ORDER BY u.url', [$db->id]);

    return view('settings', [
      'displayURL' => self::displayURL(),
      'database' => $db[0]
      'database' => $db,
      'users' => $users
    ]);
  }

  public function updateSettings(Request $request, $name) {
    if(!session('user_id'))
      return redirect('/');

    // Only the person that created the database can modify it
    $db = DB::table('databases')
      ->where('created_by','=',session('user_id'))
      ->where('name','=',$name)
      ->first();
    if(!$db)
      return redirect('/');
    
    if($request->input('remove_user')) {

      $user = DB::table('users')->where('url','=',$request->input('remove_user'))->first();
      if($user) {
        DB::table('database_users')->where('database_id','=',$db->id)->where('user_id','=',$user->id)->delete();
      }

      return json_encode([
        'result' => 'ok'
      ]);

    } else if($request->input('add_user')) {
      // Find user if it exists already
      $user = DB::table('users')->where('url','=',$request->input('add_user'))->first();
      if($user) {
        $user_id = $user->id;
      } else {
        $user_id = DB::table('users')->insertGetId([
          'url' => $request->input('add_user'),
          'created_at' => date('Y-m-d H:i:s')
        ]);
      }

      // Add access to the database
      $exists = DB::table('database_users')->where('database_id','=',$db->id)->where('user_id','=',$user_id)->first();
      if(!$exists) {
        DB::table('database_users')->insert([
          'database_id' => $db->id,
          'user_id' => $user_id,
          'created_at' => date('Y-m-d H:i:s')
        ]);
      }

      return redirect('/settings/'.$db->name);
    }
  }

 }
--- a/compass/app/Http/Controllers/IndieAuth.php
+++ b/compass/app/Http/Controllers/IndieAuth.php
@ -164,18 +164,16 @@ class IndieAuth extends BaseController

  private function _userLoggedIn($url) {
    // Create the user record if it doesn't exist yet
    $user = DB::select('SELECT *
      FROM users
      WHERE url = ?', [$url]);
    if(count($user)) {
    $user = DB::table('users')->where('url','=',$url)->first();
    if($user) {
      DB::update('UPDATE users SET last_login = ?', [date('Y-m-d H:i:s')]);
      session(['user_id' => $user[0]->id]);
      session(['user_id' => $user->id]);
    } else {
      DB::insert('INSERT INTO users (url, created_at, last_login) VALUES(?,?,?)', [$url, date('Y-m-d H:i:s'), date('Y-m-d H:i:s')]);
      $user = DB::select('SELECT *
        FROM users
        WHERE url = ?', [$url]);
      session(['user_id' => $user[0]->id]);
      session(['user_id' => $user->id]);
    }
  }

--- a/compass/app/Http/routes.php
+++ b/compass/app/Http/routes.php
@ -20,4 +20,10 @@ $app->get('/auth/logout', 'IndieAuth@logout');

 $app->get('/map/{name:[A-Za-z0-9]+}', 'Controller@map');
 $app->get('/settings/{name:[A-Za-z0-9]+}', 'Controller@settings');
 $app->post('/settings/{name:[A-Za-z0-9]+}', 'Controller@updateSettings');
 $app->post('/database/create', 'Controller@createDatabase');

 // Event::listen('illuminate.query', function($query){
 //   Log::debug($query);
 // });

--- a/compass/public/assets/styles.css
+++ b/compass/public/assets/styles.css
@ -38,6 +38,7 @@
 .dashboard {
  max-width: 500px;
  margin: 60px auto 0 auto;
  padding: 0 10px;
 }

 .databases {
@ -65,3 +66,24 @@
  border-radius: 4px;
  margin-bottom: 4px;
 }


 .users {
  list-style-type: none;
  margin: 0;
  padding: 0;
 }
 .users li {
  margin: 0;
  padding: 0;
  margin-bottom: 10px;
  position: relative;
 }
 .users .remove-user {
  left: -18px;
  margin-top: -6px;
  text-decoration: none;
  font-size: 22px;
  position: absolute;
  padding-right: 12px;
 }
--- a/compass/resources/views/partials/logged-in.blade.php
+++ b/compass/resources/views/partials/logged-in.blade.php
@ -1,4 +1,4 @@
 <div class="corner-logo"><img src="/assets/compass.svg" height="40"/></div>
 <div class="corner-logo"><a href="/"><img src="/assets/compass.svg" height="40"/></a></div>

 <div class="logged-in">
  <span>{{ $displayURL }}</span>
--- a/compass/resources/views/settings.blade.php
+++ b/compass/resources/views/settings.blade.php
@ -6,7 +6,63 @@

 <div class="dashboard">

  <div class="panel">
    <h3>Read Token</h3>
    <div class="token"><code>{{ $database->read_token }}</code></div>
  </div>

 </div>
  @if ($database->created_by == session('user_id'))
  <div class="panel">
    <h3>Write Token</h3>
    <div class="token"><code>{{ $database->write_token }}</code></div>
  </div>
  @endif

  <div class="panel">
    <h3>Users with Access</h3>

    <ul class="users">
      @foreach($users as $user)
      <li class="user">
        @if($user->id != session('user_id'))
          <a href="#" data-user="{{ $user->url }}" class="remove-user hidden">&times;</a>
        @endif
        {{ $user->url }}
      </li>
      @endforeach
      <li>
        <a href="javascript:$('.users .create').removeClass('hidden');$('.create-link').addClass('hidden');" class="pure-button create-link {{ session('create-error') ? 'hidden' : '' }}">New User</a>
        @if(session('create-error'))
          <div class="error">{{ session('create-error') }}</div>
        @endif
        <span class="create {{ session('create-error') ? '' : 'hidden' }}">
          <form action="/settings/{{ $database->name }}" method="post" class="pure-form">
            <input type="url" name="add_user" value="{{ session('add-user-url') }}" placeholder="github or indieauth url">
            <button type="submit" class="pure-button pure-button-primary">Add User</button>
          </form>
        </span>
      </li>
    </ul>

  </div>

 </div>
 <script>
 jQuery(function($){
  $(".users .user").hover(function(){
    $(this).children(".remove-user").removeClass("hidden");
  }, function(){
    $(this).children(".remove-user").addClass("hidden");
  });
  $(".remove-user").click(function(){
    $.post("/settings/{{ $database->name }}", {
      database: "{{ $database->name }}",
      remove_user: $(this).data('user')
    }, function(data){
      window.location = window.location;
    });
    return false;
  });
 });
 </script>
@endsection