diff --git a/admin.go b/admin.go index fdbb82f..ec40c6c 100644 --- a/admin.go +++ b/admin.go @@ -123,6 +123,7 @@ func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Requ *UserPage Config config.AppCfg Message string + Flashes []string Users *[]User CurPage int @@ -134,6 +135,7 @@ func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Requ Message: r.FormValue("m"), } + p.Flashes, _ = getSessionFlashes(app, w, r, nil) p.TotalUsers = app.db.GetAllUsersCount() ttlPages := p.TotalUsers / adminUsersPerPage p.TotalPages = []int{} @@ -230,6 +232,37 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque return nil } +func handleAdminDeleteUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error { + if !u.IsAdmin() { + return impart.HTTPError{http.StatusForbidden, "Administrator privileges required for this action"} + } + + vars := mux.Vars(r) + username := vars["username"] + confirmUsername := r.PostFormValue("confirm-username") + + if confirmUsername != username { + return impart.HTTPError{http.StatusBadRequest, "Username was not confirmed"} + } + + user, err := app.db.GetUserForAuth(username) + if err == ErrUserNotFound { + return impart.HTTPError{http.StatusNotFound, fmt.Sprintf("User '%s' was not found", username)} + } else if err != nil { + log.Error("get user for deletion: %v", err) + return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user with username '%s': %v", username, err)} + } + + err = app.db.DeleteAccount(user.ID) + if err != nil { + log.Error("delete user %s: %v", user.Username, err) + return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not delete user account for '%s': %v", username, err)} + } + + _ = addSessionFlash(app, w, r, fmt.Sprintf("Account for user \"%s\" was deleted successfully.", username), nil) + return impart.HTTPError{http.StatusFound, "/admin/users"} +} + func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error { p := struct { *UserPage diff --git a/routes.go b/routes.go index 0113e93..3d2a714 100644 --- a/routes.go +++ b/routes.go @@ -144,6 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router { write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET") write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET") write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET") + write.HandleFunc("/admin/user/{username}/delete", handler.Admin(handleAdminDeleteUser)).Methods("POST") write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET") write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET") write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST") diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl index b59104c..8476f78 100644 --- a/templates/user/admin/users.tmpl +++ b/templates/user/admin/users.tmpl @@ -4,6 +4,12 @@
{{template "admin-header" .}} + + {{if .Flashes}} +

+ {{range .Flashes}}{{.}}{{end}} +

+ {{end}}

Users {{.TotalUsers}} total

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl index 2a74e5b..e457889 100644 --- a/templates/user/admin/view-user.tmpl +++ b/templates/user/admin/view-user.tmpl @@ -81,6 +81,18 @@ h3 { {{end}}
{{end}} + + {{ if not .User.IsAdmin }} +
+

Delete Account

+

Danger Zone - This cannot be undone

+

This will delete the user {{.User.Username}} and all their blogs AND posts.

+
+

Type their username to confirm deletion.

+ + +

+ {{end}}
{{template "footer" .}}