TiddlyWiki5/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/update-role.js

/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/update-role.js
type: application/javascript
module-type: mws-route

POST /admin/roles/:id

\*/
(function() {

/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";

exports.method = "POST";

exports.path = /^\/admin\/roles\/([^\/]+)\/?$/;

exports.bodyFormat = "www-form-urlencoded";

exports.csrfDisable = true;

exports.handler = function(request, response, state) {
  var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
  var role_id = state.params[0];
  var role_name = state.data.role_name;
  var role_description = state.data.role_description;

  if(!state.authenticatedUser.isAdmin) {
    response.writeHead(403, "Forbidden");
    response.end();
    return;
  }

  // get the role
  var role = sqlTiddlerDatabase.getRoleById(role_id);

  if(!role) {
    response.writeHead(404, "Role not found");
    response.end();
    return;
  }

  if(role.role_name.toLowerCase().includes("admin")) {
    response.writeHead(400, "Admin role cannot be updated");
    response.end();
    return;
  }

  try {
    sqlTiddlerDatabase.updateRole(
      role_id,
      role_name,
      role_description
    );

    response.writeHead(302, { "Location": "/admin/roles" });
    response.end();
  } catch(error) {
    console.error("Error updating role:", error);
    response.writeHead(500, "Internal Server Error");
    response.end();
  }
};

}());
Add user profile management and account deletion functionality (#8712) * mws authentication * add more tests and permission checkers * add logic to ensure that only authenticated users' requests are handled * add custom login page * Implement user authentication as well as session handling * work on user operations authorization * add middleware to route handlers for bags & tiddlers routes * add feature that only returns the tiddlers and bags which the user has permission to access on index page * refactor auth routes & added user management page * fix Ci Test failure issue * fix users list page, add manage roles page * add commands and scripts to create new user & assign roles and permissions * resolved ci-test failure * add ACL permissions to bags & tiddlers on creation * fix comments and access control list bug * fix indentation issues * working on user profile edit * remove list users command & added support for database in server options * implement user profile update and password change feature * update plugin readme * implement command which triggers protected mode on the server * revert server-wide auth flag. Implement selective authorization * ACL management feature * Complete Access control list implementation * Added support to manage users' assigned role by admin * fix comments * fix comment * Add user profile management and account deletion functionality 2024-10-30 18:38:21 +00:00			`/*\`
			`title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/update-role.js`
			`type: application/javascript`
			`module-type: mws-route`

			`POST /admin/roles/:id`

			`\*/`
			`(function() {`

			`/jslint node: true, browser: true /`
			`/global $tw: false /`
			`"use strict";`

			`exports.method = "POST";`

			`exports.path = /^\/admin\/roles\/([^\/]+)\/?$/;`

			`exports.bodyFormat = "www-form-urlencoded";`

			`exports.csrfDisable = true;`

			`exports.handler = function(request, response, state) {`
			`var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;`
			`var role_id = state.params[0];`
			`var role_name = state.data.role_name;`
			`var role_description = state.data.role_description;`

			`if(!state.authenticatedUser.isAdmin) {`
			`response.writeHead(403, "Forbidden");`
			`response.end();`
			`return;`
			`}`

			`// get the role`
			`var role = sqlTiddlerDatabase.getRoleById(role_id);`

			`if(!role) {`
			`response.writeHead(404, "Role not found");`
			`response.end();`
			`return;`
			`}`

			`if(role.role_name.toLowerCase().includes("admin")) {`
			`response.writeHead(400, "Admin role cannot be updated");`
			`response.end();`
			`return;`
			`}`

			`try {`
			`sqlTiddlerDatabase.updateRole(`
			`role_id,`
			`role_name,`
			`role_description`
			`);`

			`response.writeHead(302, { "Location": "/admin/roles" });`
			`response.end();`
			`} catch(error) {`
			`console.error("Error updating role:", error);`
			`response.writeHead(500, "Internal Server Error");`
			`response.end();`
			`}`
			`};`

			`}());`