update

2024-02-29 15:10:57 +01:00 · 2024-02-29 15:10:57 +01:00 · 298e78ab1b
parent e0f01bbbd9
commit 298e78ab1b
5 changed files with 33 additions and 11 deletions
--- a/backend/apis/BlinkApiUsageExample.json
+++ b/backend/apis/BlinkApiUsageExample.json
--- a/backend/apis/nodejs/src/app.js
+++ b/backend/apis/nodejs/src/app.js
@ -60,7 +60,7 @@ publicRoutes.get('/organization/:id', organizationRoutes.getOrganization);
 const protectedRoutes = express.Router();
 protectedRoutes.use(jwtUtils.verifyToken);
 protectedRoutes.get('/person/myself', personRoutes.getMyself);
-protectedRoutes.put('/person/:id', personRoutes.updatePerson);
+protectedRoutes.put('/person/', personRoutes.updatePerson);
 protectedRoutes.delete('/person/delete', personRoutes.deletePerson);
 protectedRoutes.post('/organization/admin', organizationAdminRoutes.addOrganizationAdmin);
 protectedRoutes.delete('/organization/removeadmin', organizationAdminRoutes.removeOrganizationAdmin);
--- a/backend/apis/nodejs/src/routes/person_routes.js
+++ b/backend/apis/nodejs/src/routes/person_routes.js
@ -145,17 +145,14 @@ async function getMyself (req, res) {
 * PUT request
 *
 * Updates a Person's details. If some details are
- * not present, they shall be ignored.
+ * not present, they shall be ignored. An user can
+ * only update themselves
 *
 * Required field(s): none. Both old_password and
 * new_password if updating the password.
 *
 */
 async function updatePerson (req, res) {
-  if (req.jwt.person_id != req.params.id) {
-    return res.status(403).json({ error: 'Forbidden' });
-  }
-
  const updatePerson = {};

  if (req.body.display_name) {
@ -179,7 +176,13 @@ async function updatePerson (req, res) {
  }

  // If we are tying to change password, the old password must be provided
-  if (req.body.old_password && req.body.new_password) {
+  if (req.body.old_password || req.body.new_password) {
+    if(!req.body.old_password){
+      return res.status(401).json({ error: 'The old password must be specified' });
+    }
+    if(!req.body.new_password){
+      return res.status(401).json({ error: 'The new password must be specified' });
+    }
    const user = await personModel.getPersonById(req.jwt.person_id);
    const passwordMatches = await bcrypt.compare(req.body.old_password, user.password);
    if (passwordMatches) {
@ -194,7 +197,7 @@ async function updatePerson (req, res) {
  }

  try {
-    await personModel.updatePerson(updatePerson, req.params.id);
+    await personModel.updatePerson(updatePerson, req.jwt.person_id);
    return res.status(200).json({ success: 'true' });
  } catch (error) {
    console.error(`Error in function ${updatePerson.name}: ${error}`);
--- a/frontend/vanilla/css/profile.css
+++ b/frontend/vanilla/css/profile.css
@ -12,6 +12,7 @@ body {
    padding: 20px;
    border-radius: 5px;
    box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+    position: relative;
 }

 header {
@ -60,3 +61,15 @@ footer {
    margin-bottom: 10px;
 }

+.edit-badge {
+    position: absolute;
+    top: 20px;
+    right: 20px;
+    background-color: #008CFF;
+    color: #fff;
+    padding: 5px 10px;
+    border-radius: 5px;
+    font-weight: bold;
+    cursor: pointer;
+}
+
--- a/frontend/vanilla/html/userprofile.html
+++ b/frontend/vanilla/html/userprofile.html
@ -8,6 +8,7 @@
 </head>
 <body style="display: none;">
    <div class="container">
+        <div class="edit-badge" style="display: none;" id="editBadge" onclick="editProfile()">Edit</div>
        <header>
            <img src="../content/profile-picture-example.jpg" alt="Profile Picture" class="profile-picture">
            <h1 id="displayName">Name Surname</h1>
@ -56,6 +57,7 @@

            // Retrieving the logged in user's profile
            if(!idToDisplay || idToDisplay === 'myself'){
+                document.getElementById('editBadge').style.display = 'block'; // show edit button
                const token = getCookie('token');
                // Check whether the token exists
                if(!token){
@ -79,19 +81,23 @@
            const data = await response.json();
            if(response.ok){
                populateFields(data.display_name, data.email);
-                document.body.style.display = "block"; // Show page
+                document.body.style.display = 'block'; // Show page
            }
            else{
                alert(data.error);
            }
        }

-        function populateFields(displayName, email){
+        function populateFields (displayName, email) {
            document.getElementById('displayName').textContent = displayName;
            document.title = `${displayName} - Blink`
            document.getElementById('email').textContent = email;
        }

+        function editProfile () {
+            alert('Editing');
+        }
+
    </script>

 </body>