Ability to delete user in the user panel

static/default.css

@@ -107,10 +107,6 @@ input, kbd { font: inherit; color: inherit; }
 textarea {font-size:16px; font-family: 'PT Sans', 'Liberation Sans', sans-serif;}
 
 ::-webkit-file-upload-button,
-.btn { line-height: normal; display: inline-block; border: 1px #999 solid; border-radius: .25rem; text-decoration: none; padding: .25rem; font-size: 1rem; margin: 0; }
-.btn_weak { border: 1px #999 dashed; }
-.btn_accent { font-weight: bold; }
-.btn:hover, .btn:active { cursor: pointer; }
 
 .edit { min-height: 80vh; }
 .edit__title { margin-top: 0; }
@@ -300,10 +296,6 @@ article .codeblock,
 textarea,
 table { border: 0; background-color: #444444; color: #ddd; }
 .transclusion_stand-out { background-color: rgba(68, 68, 68, 0.5); }
-.btn:visited { color: #ddd;}
-
-	.btn { border: #444 solid 1px; border-radius: .25rem; }
-	.btn_weak { background-color: transparent; }
 
 .transclusion code,
 .transclusion .codeblock { background-color: #454545; }
@@ -446,23 +438,32 @@ kbd {
 }
 
 @media (min-width: 600px) {
-	.form-field {
+	.form--double .form-field {
 		display: grid;
 		grid-template-columns: 150px max-content;
 		grid-column-gap: 16px;
 	}
-	.form-field label {
+	.form--double .form-field label {
 		grid-column: 1;
 	}
-	.form-field input,
+	.form--double .form-field input,
-	.form-field button,
+	.form--double .form-field button,
-	.form-field select,
+	.form--double .form-field select,
-	.form-field textarea,
+	.form--double .form-field textarea,
-	.form-field .form-field__input {
+	.form--double .form-field__input {
 		grid-column: 2;
 	}
 }
 
+/*
+ * Form wrap
+ */
+
+.form-wrap h2 {
+	margin: 1.5em 0 0.25em;
+	font-size: 1.2em;
+}
+
 /*
  * Notices
  */
@@ -484,3 +485,55 @@ kbd {
 		background-color: #5b3535;
 	}
 }
+
+/*
+ * Buttons
+ */
+
+.btn {
+	line-height: normal;
+	display: inline-block;
+	border: 1px #999 solid;
+	border-radius: .15rem;
+	text-decoration: none;
+	padding: .25rem .5rem;
+	font-size: 1rem;
+	margin: 0;
+}
+
+.btn:hover {
+	cursor: pointer;
+}
+
+.btn_accent {
+	font-weight: bold;
+}
+
+.btn_weak {
+	border: 1px dashed #999;
+}
+
+.btn_destructive {
+	border-color: #aa1818;
+	background-color: #ee4343;
+	color: white;
+}
+
+@media (prefers-color-scheme: dark) {
+	.btn {
+		border-color: #444 solid 1px;
+	}
+
+	.btn:visited {
+		color: #ddd;
+	}
+
+	.btn_weak {
+		background-color: transparent;
+	}
+
+	.btn_destructive {
+		border-color: #e34343;
+		background-color: #b92828;
+	}
+}

user/users.go

@@ -60,6 +60,18 @@ func UserByName(username string) *User {
 	return EmptyUser()
 }
 
+func DeleteUser(name string) error {
+	user, loaded := users.LoadAndDelete(name)
+	if loaded {
+		u := user.(*User)
+		u.Name = "anon"
+		u.Group = "anon"
+		u.Password = ""
+		return SaveUserDatabase()
+	}
+	return nil
+}
+
 func commenceSession(username, token string) {
 	tokens.Store(token, username)
 	dumpTokens()

views/admin.qtpl

@@ -80,37 +80,37 @@
 </div>
 {% endfunc %}
 
-{% func AdminUserNewHTML(formData util.FormData) %}
+{% func AdminUserNewHTML(f util.FormData) %}
 <div class="layout">
-<main class="main-width">
+<main class="main-width form-wrap">
 	<h1>New user</h1>
 
-	{% if formData.HasError() %}
+	{% if f.HasError() %}
 	<div class="notice notice--error">
 		<strong>Error:</strong>
-		{%s formData.Error() %}
+		{%s f.Error() %}
 	</div>
 	{% endif %}
 
-	<form action="" method="post">
+	<form class="form--double" action="" method="post">
 		<div class="form-field">
 			<label for="name">Name:</label>
-			<input type="text" name="name" id="name" value="{%s formData.Get("name") %}" autofocus>
+			<input type="text" name="name" id="name" value="{%s f.Get("name") %}" autofocus>
 		</div>
 
 		<div class="form-field">
 			<label for="password">Password:</label>
-			<input type="password" name="password" id="password" value="{%s formData.Get("password") %}">
+			<input type="password" name="password" id="password" value="{%s f.Get("password") %}">
 		</div>
 
 		<div class="form-field">
 			<label for="group">Group:</label>
 			<select id="group" name="group">
-				<option{% if formData.Get("group") == "anon" %} selected{% endif %}>anon</option>
+				<option{% if f.Get("group") == "anon" %} selected{% endif %}>anon</option>
-				<option{% if formData.Get("group") == "editor" %} selected{% endif %}>editor</option>
+				<option{% if f.Get("group") == "editor" %} selected{% endif %}>editor</option>
-				<option{% if formData.Get("group") == "trusted" %} selected{% endif %}>trusted</option>
+				<option{% if f.Get("group") == "trusted" %} selected{% endif %}>trusted</option>
-				<option{% if formData.Get("group") == "moderator" %} selected{% endif %}>moderator</option>
+				<option{% if f.Get("group") == "moderator" %} selected{% endif %}>moderator</option>
-				<option{% if formData.Get("group") == "admin" %} selected{% endif %}>admin</option>
+				<option{% if f.Get("group") == "admin" %} selected{% endif %}>admin</option>
 			</select>
 		</div>
 
@@ -125,25 +125,65 @@
 </div>
 {% endfunc %}
 
-{% func AdminUsersUserHTML(u *user.User) %}
+{% func AdminUserEditHTML(u *user.User, f util.FormData) %}
 <div class="layout">
-<main class="main-width">
+<main class="main-width form-wrap">
-	<h1>{%s u.Name %}</h1>
+	<h1>
+		<a href="/admin/users/">&larr;</a>
+		{%s u.Name %}
+	</h1>
+
+	<h2>Change group</h2>
+
+	{% if f.HasError() %}
+	<div class="notice notice--error">
+		<strong>Error:</strong>
+		{%s f.Error() %}
+	</div>
+	{% endif %}
 
 	<form action="" method="post">
 		<div class="form-field">
-			<label for="group">Group:</label>
+			<select id="group" name="group" aria-label="Group">
-			<select id="group" name="group">
+				<option{% if f.Get("group") == "anon" %} selected{% endif %}>anon</option>
-				<option{% if u.Group == "anon" %} selected{% endif %}>anon</option>
+				<option{% if f.Get("group") == "editor" %} selected{% endif %}>editor</option>
-				<option{% if u.Group == "editor" %} selected{% endif %}>editor</option>
+				<option{% if f.Get("group") == "trusted" %} selected{% endif %}>trusted</option>
-				<option{% if u.Group == "trusted" %} selected{% endif %}>trusted</option>
+				<option{% if f.Get("group") == "moderator" %} selected{% endif %}>moderator</option>
-				<option{% if u.Group == "moderator" %} selected{% endif %}>moderator</option>
+				<option{% if f.Get("group") == "admin" %} selected{% endif %}>admin</option>
-				<option{% if u.Group == "admin" %} selected{% endif %}>admin</option>
 			</select>
 		</div>
 
+		<div class="form-field">
 			<button class="btn" type="submit">Update</button>
-		<a class="btn btn_weak" href="/admin/users/">Cancel</a>
+		</div>
+	</form>
+
+	<h2>Delete user</h2>
+	<p>Remove the user from the database. Changes made by the user will
+	be preserved.</p>
+	<a class="btn btn_destructive" href="/admin/users/{%u u.Name %}/delete">Delete</a>
+</main>
+</div>
+{% endfunc %}
+
+{% func AdminUserDeleteHTML(u *user.User, f util.FormData) %}
+<div class="layout">
+<main class="main-width form-wrap">
+	<h1>Delete user</h1>
+
+	{% if f.HasError() %}
+	<div class="notice notice--error">
+		<strong>Error:</strong>
+		{%s f.Error() %}
+	</div>
+	{% endif %}
+
+	<p>Are you sure you want to delete <strong>{%s u.Name %}</strong>
+	from the database? This action is irreversible.</p>
+
+	<form action="" method="post">
+		<button class="btn btn_destructive" type="submit">Delete</button>
+		<a class="btn btn_weak" href="/admin/users/{%u u.Name %}/edit">Cancel</a>
 	</form>
 </main>
 </div>

views/admin.qtpl.go

@@ -211,23 +211,23 @@ func AdminUsersPanelHTML(userList []*user.User) string {
 }
 
 //line views/admin.qtpl:83
-func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
+func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, f util.FormData) {
 //line views/admin.qtpl:83
 	qw422016.N().S(`
 <div class="layout">
-<main class="main-width">
+<main class="main-width form-wrap">
 	<h1>New user</h1>
 
 	`)
 //line views/admin.qtpl:88
-	if formData.HasError() {
+	if f.HasError() {
 //line views/admin.qtpl:88
 		qw422016.N().S(`
 	<div class="notice notice--error">
 		<strong>Error:</strong>
 		`)
 //line views/admin.qtpl:91
-		qw422016.E().S(formData.Error())
+		qw422016.E().S(f.Error())
 //line views/admin.qtpl:91
 		qw422016.N().S(`
 	</div>
@@ -237,12 +237,12 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 //line views/admin.qtpl:93
 	qw422016.N().S(`
 
-	<form action="" method="post">
+	<form class="form--double" action="" method="post">
 		<div class="form-field">
 			<label for="name">Name:</label>
 			<input type="text" name="name" id="name" value="`)
 //line views/admin.qtpl:98
-	qw422016.E().S(formData.Get("name"))
+	qw422016.E().S(f.Get("name"))
 //line views/admin.qtpl:98
 	qw422016.N().S(`" autofocus>
 		</div>
@@ -251,7 +251,7 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 			<label for="password">Password:</label>
 			<input type="password" name="password" id="password" value="`)
 //line views/admin.qtpl:103
-	qw422016.E().S(formData.Get("password"))
+	qw422016.E().S(f.Get("password"))
 //line views/admin.qtpl:103
 	qw422016.N().S(`">
 		</div>
@@ -261,7 +261,7 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 			<select id="group" name="group">
 				<option`)
 //line views/admin.qtpl:109
-	if formData.Get("group") == "anon" {
+	if f.Get("group") == "anon" {
 //line views/admin.qtpl:109
 		qw422016.N().S(` selected`)
 //line views/admin.qtpl:109
@@ -270,7 +270,7 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 	qw422016.N().S(`>anon</option>
 				<option`)
 //line views/admin.qtpl:110
-	if formData.Get("group") == "editor" {
+	if f.Get("group") == "editor" {
 //line views/admin.qtpl:110
 		qw422016.N().S(` selected`)
 //line views/admin.qtpl:110
@@ -279,7 +279,7 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 	qw422016.N().S(`>editor</option>
 				<option`)
 //line views/admin.qtpl:111
-	if formData.Get("group") == "trusted" {
+	if f.Get("group") == "trusted" {
 //line views/admin.qtpl:111
 		qw422016.N().S(` selected`)
 //line views/admin.qtpl:111
@@ -288,7 +288,7 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 	qw422016.N().S(`>trusted</option>
 				<option`)
 //line views/admin.qtpl:112
-	if formData.Get("group") == "moderator" {
+	if f.Get("group") == "moderator" {
 //line views/admin.qtpl:112
 		qw422016.N().S(` selected`)
 //line views/admin.qtpl:112
@@ -297,7 +297,7 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 	qw422016.N().S(`>moderator</option>
 				<option`)
 //line views/admin.qtpl:113
-	if formData.Get("group") == "admin" {
+	if f.Get("group") == "admin" {
 //line views/admin.qtpl:113
 		qw422016.N().S(` selected`)
 //line views/admin.qtpl:113
@@ -321,22 +321,22 @@ func StreamAdminUserNewHTML(qw422016 *qt422016.Writer, formData util.FormData) {
 }
 
 //line views/admin.qtpl:126
-func WriteAdminUserNewHTML(qq422016 qtio422016.Writer, formData util.FormData) {
+func WriteAdminUserNewHTML(qq422016 qtio422016.Writer, f util.FormData) {
 //line views/admin.qtpl:126
 	qw422016 := qt422016.AcquireWriter(qq422016)
 //line views/admin.qtpl:126
-	StreamAdminUserNewHTML(qw422016, formData)
+	StreamAdminUserNewHTML(qw422016, f)
 //line views/admin.qtpl:126
 	qt422016.ReleaseWriter(qw422016)
 //line views/admin.qtpl:126
 }
 
 //line views/admin.qtpl:126
-func AdminUserNewHTML(formData util.FormData) string {
+func AdminUserNewHTML(f util.FormData) string {
 //line views/admin.qtpl:126
 	qb422016 := qt422016.AcquireByteBuffer()
 //line views/admin.qtpl:126
-	WriteAdminUserNewHTML(qb422016, formData)
+	WriteAdminUserNewHTML(qb422016, f)
 //line views/admin.qtpl:126
 	qs422016 := string(qb422016.B)
 //line views/admin.qtpl:126
@@ -347,100 +347,207 @@ func AdminUserNewHTML(formData util.FormData) string {
 }
 
 //line views/admin.qtpl:128
-func StreamAdminUsersUserHTML(qw422016 *qt422016.Writer, u *user.User) {
+func StreamAdminUserEditHTML(qw422016 *qt422016.Writer, u *user.User, f util.FormData) {
 //line views/admin.qtpl:128
 	qw422016.N().S(`
 <div class="layout">
-<main class="main-width">
+<main class="main-width form-wrap">
-	<h1>`)
+	<h1>
-//line views/admin.qtpl:131
+		<a href="/admin/users/">&larr;</a>
+		`)
+//line views/admin.qtpl:133
 	qw422016.E().S(u.Name)
-//line views/admin.qtpl:131
+//line views/admin.qtpl:133
-	qw422016.N().S(`</h1>
+	qw422016.N().S(`
+	</h1>
+
+	<h2>Change group</h2>
+
+	`)
+//line views/admin.qtpl:138
+	if f.HasError() {
+//line views/admin.qtpl:138
+		qw422016.N().S(`
+	<div class="notice notice--error">
+		<strong>Error:</strong>
+		`)
+//line views/admin.qtpl:141
+		qw422016.E().S(f.Error())
+//line views/admin.qtpl:141
+		qw422016.N().S(`
+	</div>
+	`)
+//line views/admin.qtpl:143
+	}
+//line views/admin.qtpl:143
+	qw422016.N().S(`
 
 	<form action="" method="post">
 		<div class="form-field">
-			<label for="group">Group:</label>
+			<select id="group" name="group" aria-label="Group">
-			<select id="group" name="group">
 				<option`)
-//line views/admin.qtpl:137
+//line views/admin.qtpl:148
-	if u.Group == "anon" {
+	if f.Get("group") == "anon" {
-//line views/admin.qtpl:137
+//line views/admin.qtpl:148
 		qw422016.N().S(` selected`)
-//line views/admin.qtpl:137
+//line views/admin.qtpl:148
 	}
-//line views/admin.qtpl:137
+//line views/admin.qtpl:148
 	qw422016.N().S(`>anon</option>
 				<option`)
-//line views/admin.qtpl:138
+//line views/admin.qtpl:149
-	if u.Group == "editor" {
+	if f.Get("group") == "editor" {
-//line views/admin.qtpl:138
+//line views/admin.qtpl:149
 		qw422016.N().S(` selected`)
-//line views/admin.qtpl:138
+//line views/admin.qtpl:149
 	}
-//line views/admin.qtpl:138
+//line views/admin.qtpl:149
 	qw422016.N().S(`>editor</option>
 				<option`)
-//line views/admin.qtpl:139
+//line views/admin.qtpl:150
-	if u.Group == "trusted" {
+	if f.Get("group") == "trusted" {
-//line views/admin.qtpl:139
+//line views/admin.qtpl:150
 		qw422016.N().S(` selected`)
-//line views/admin.qtpl:139
+//line views/admin.qtpl:150
 	}
-//line views/admin.qtpl:139
+//line views/admin.qtpl:150
 	qw422016.N().S(`>trusted</option>
 				<option`)
-//line views/admin.qtpl:140
+//line views/admin.qtpl:151
-	if u.Group == "moderator" {
+	if f.Get("group") == "moderator" {
-//line views/admin.qtpl:140
+//line views/admin.qtpl:151
 		qw422016.N().S(` selected`)
-//line views/admin.qtpl:140
+//line views/admin.qtpl:151
 	}
-//line views/admin.qtpl:140
+//line views/admin.qtpl:151
 	qw422016.N().S(`>moderator</option>
 				<option`)
-//line views/admin.qtpl:141
+//line views/admin.qtpl:152
-	if u.Group == "admin" {
+	if f.Get("group") == "admin" {
-//line views/admin.qtpl:141
+//line views/admin.qtpl:152
 		qw422016.N().S(` selected`)
-//line views/admin.qtpl:141
+//line views/admin.qtpl:152
 	}
-//line views/admin.qtpl:141
+//line views/admin.qtpl:152
 	qw422016.N().S(`>admin</option>
 			</select>
 		</div>
 
+		<div class="form-field">
 			<button class="btn" type="submit">Update</button>
-		<a class="btn btn_weak" href="/admin/users/">Cancel</a>
+		</div>
+	</form>
+
+	<h2>Delete user</h2>
+	<p>Remove the user from the database. Changes made by the user will
+	be preserved.</p>
+	<a class="btn btn_destructive" href="/admin/users/`)
+//line views/admin.qtpl:164
+	qw422016.N().U(u.Name)
+//line views/admin.qtpl:164
+	qw422016.N().S(`/delete">Delete</a>
+</main>
+</div>
+`)
+//line views/admin.qtpl:167
+}
+
+//line views/admin.qtpl:167
+func WriteAdminUserEditHTML(qq422016 qtio422016.Writer, u *user.User, f util.FormData) {
+//line views/admin.qtpl:167
+	qw422016 := qt422016.AcquireWriter(qq422016)
+//line views/admin.qtpl:167
+	StreamAdminUserEditHTML(qw422016, u, f)
+//line views/admin.qtpl:167
+	qt422016.ReleaseWriter(qw422016)
+//line views/admin.qtpl:167
+}
+
+//line views/admin.qtpl:167
+func AdminUserEditHTML(u *user.User, f util.FormData) string {
+//line views/admin.qtpl:167
+	qb422016 := qt422016.AcquireByteBuffer()
+//line views/admin.qtpl:167
+	WriteAdminUserEditHTML(qb422016, u, f)
+//line views/admin.qtpl:167
+	qs422016 := string(qb422016.B)
+//line views/admin.qtpl:167
+	qt422016.ReleaseByteBuffer(qb422016)
+//line views/admin.qtpl:167
+	return qs422016
+//line views/admin.qtpl:167
+}
+
+//line views/admin.qtpl:169
+func StreamAdminUserDeleteHTML(qw422016 *qt422016.Writer, u *user.User, f util.FormData) {
+//line views/admin.qtpl:169
+	qw422016.N().S(`
+<div class="layout">
+<main class="main-width form-wrap">
+	<h1>Delete user</h1>
+
+	`)
+//line views/admin.qtpl:174
+	if f.HasError() {
+//line views/admin.qtpl:174
+		qw422016.N().S(`
+	<div class="notice notice--error">
+		<strong>Error:</strong>
+		`)
+//line views/admin.qtpl:177
+		qw422016.E().S(f.Error())
+//line views/admin.qtpl:177
+		qw422016.N().S(`
+	</div>
+	`)
+//line views/admin.qtpl:179
+	}
+//line views/admin.qtpl:179
+	qw422016.N().S(`
+
+	<p>Are you sure you want to delete <strong>`)
+//line views/admin.qtpl:181
+	qw422016.E().S(u.Name)
+//line views/admin.qtpl:181
+	qw422016.N().S(`</strong>
+	from the database? This action is irreversible.</p>
+
+	<form action="" method="post">
+		<button class="btn btn_destructive" type="submit">Delete</button>
+		<a class="btn btn_weak" href="/admin/users/`)
+//line views/admin.qtpl:186
+	qw422016.N().U(u.Name)
+//line views/admin.qtpl:186
+	qw422016.N().S(`/edit">Cancel</a>
 	</form>
 </main>
 </div>
 `)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 }
 
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
-func WriteAdminUsersUserHTML(qq422016 qtio422016.Writer, u *user.User) {
+func WriteAdminUserDeleteHTML(qq422016 qtio422016.Writer, u *user.User, f util.FormData) {
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 	qw422016 := qt422016.AcquireWriter(qq422016)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
-	StreamAdminUsersUserHTML(qw422016, u)
+	StreamAdminUserDeleteHTML(qw422016, u, f)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 	qt422016.ReleaseWriter(qw422016)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 }
 
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
-func AdminUsersUserHTML(u *user.User) string {
+func AdminUserDeleteHTML(u *user.User, f util.FormData) string {
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 	qb422016 := qt422016.AcquireByteBuffer()
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
-	WriteAdminUsersUserHTML(qb422016, u)
+	WriteAdminUserDeleteHTML(qb422016, u, f)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 	qs422016 := string(qb422016.B)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 	qt422016.ReleaseByteBuffer(qb422016)
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 	return qs422016
-//line views/admin.qtpl:150
+//line views/admin.qtpl:190
 }

web/admin.go

@@ -90,44 +90,76 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		// User edit page
+		if len(parts) != 2 {
-		if len(parts) == 2 && parts[1] == "edit" {
+			util.HTTP404Page(w, "404 page not found")
-			u := user.UserByName(parts[0])
-
-			if u != nil && u.Name != "anon" {
-				if r.Method == http.MethodGet {
-					html := views.AdminUsersUserHTML(u)
-					html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(r))
-
-					w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
-					if _, err := io.WriteString(w, html); err != nil {
-						log.Println(err)
-					}
 			return
-				} else if r.Method == http.MethodPost {
+		}
+
+		u := user.UserByName(parts[0])
+		if u == nil {
+			util.HTTP404Page(w, "404 page not found")
+			return
+		}
+
+		switch parts[1] {
+		case "edit":
+			f := util.FormDataFromRequest(r, []string{"group"})
+
+			if r.Method == http.MethodPost {
 				oldGroup := u.Group
-					newGroup := r.PostFormValue("group")
+				newGroup := f.Get("group")
+
 				if user.ValidGroup(newGroup) {
 					u.Group = newGroup
 					if err := user.SaveUserDatabase(); err != nil {
 						u.Group = oldGroup
 						log.Println(err)
-							w.WriteHeader(http.StatusInternalServerError)
+						f = f.WithError(err)
-							io.WriteString(w, err.Error())
 					} else {
 						http.Redirect(w, r, "/admin/users/", http.StatusSeeOther)
-						}
-					} else {
-						w.WriteHeader(http.StatusBadRequest)
-						io.WriteString(w, "invalid group")
-					}
 						return
 					}
-			}
+				} else {
+					f = f.WithError(fmt.Errorf("invalid group \"%s\"", newGroup))
 				}
 			}
 
+			f.Put("group", u.Group)
+
+			html := views.AdminUserEditHTML(u, f)
+			html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(r))
+
+			if f.HasError() {
+				w.WriteHeader(http.StatusBadRequest)
+			}
+			w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
+			io.WriteString(w, html)
+			return
+		case "delete":
+			f := util.NewFormData()
+
+			if r.Method == http.MethodPost {
+				f = f.WithError(user.DeleteUser(u.Name))
+				if !f.HasError() {
+					http.Redirect(w, r, "/admin/users/", http.StatusSeeOther)
+				} else {
+					log.Println(f.Error())
+				}
+			}
+
+			html := views.AdminUserDeleteHTML(u, util.NewFormData())
+			html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(r))
+
+			if f.HasError() {
+				w.WriteHeader(http.StatusBadRequest)
+			}
+			w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
+			io.WriteString(w, html)
+			return
+		}
+
 		util.HTTP404Page(w, "404 page not found")
+	}
 }
 
 func handlerAdminUserNew(w http.ResponseWriter, r *http.Request) {