fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jschan - Anonymous imageboard software. Classic look, modern features and feel. Works without JavaScript and supports Tor, I2P, Lokinet, etc.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3028 Commits
5 Branches
68 Tags
54 MiB
 
 
 
 
 
Tag: Branch: Tree: 4b732a2360
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4b732a2360'
${ noResults }
jschan/controllers/forms/editaccount.js

62 lines
2.6 KiB
Raw Blame History

'use strict';
const editAccount = require(__dirname+'/../../models/forms/editaccount.js')
, { Accounts } = require(__dirname+'/../../db/')
, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
, paramConverter = require(__dirname+'/../../lib/middleware/input/paramconverter.js')
, roleManager = require(__dirname+'/../../lib/permission/rolemanager.js')
, { Permissions } = require(__dirname+'/../../lib/permission/permissions.js')
, Permission = require(__dirname+'/../../lib/permission/permission.js')
, { alphaNumericRegex, checkSchema, lengthBody, inArrayBody, existsBody } = require(__dirname+'/../../lib/input/schema.js');
module.exports = {
paramConverter: paramConverter({
trimFields: ['username'],
}),
controller: async (req, res, next) => {
const { __ } = res.locals;
const errors = await checkSchema([
{ result: existsBody(req.body.username), expected: true, error: __('Missing username') },
{ result: lengthBody(req.body.username, 1, 50), expected: false, error: __('Username must be 50 characters or less') },
{ result: alphaNumericRegex.test(req.body.username), expected: true, error: __('Username must contain a-z 0-9 only') },
{ result: async () => {
res.locals.editingAccount = await Accounts.findOne(req.body.username);
return res.locals.editingAccount != null;
}, expected: true, blocking: true, error: __('Invalid account username') },
{ result: (res.locals.user.username === req.body.username), expected: false, error: __('You can\'t edit your own permissions') },
{ result: !existsBody(req.body.template) //no template, OR the template is a valid one
|| inArrayBody(req.body.template, [roleManager.roles.ANON.base64, roleManager.roles.GLOBAL_STAFF.base64,
roleManager.roles.ADMIN.base64, roleManager.roles.BOARD_STAFF.base64, roleManager.roles.BOARD_OWNER.base64]),
expected: true, error: __('Invalid template selection') },
{ result: () => {
//not applying a template, OR the user doesn't have root perms, has to be a function to execute after the async result above.
if (!existsBody(req.body.template)) {
return true;
}
const editingPermission = new Permission(res.locals.editingAccount.permissions);
return !editingPermission.get(Permissions.ROOT);
},
expected: true, error: __('You can\'t apply template permissions to a ROOT user.') },
]);
if (errors.length > 0) {
return dynamicResponse(req, res, 400, 'message', {
'title': __('Bad request'),
'errors': errors,
'redirect': req.headers.referer || `/${req.params.board}/manage/staff.html`,
});
}
try {
await editAccount(req, res, next);
} catch (err) {
return next(err);
}
}
};