fixed user update

CDH-Studio · Jun 17, 2019 · 86638a3 · 86638a3
1 parent 02ea9f3
commit 86638a3
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 38 deletions.
diff --git a/app/Controllers/Http/UserController.js b/app/Controllers/Http/UserController.js
@@ -97,52 +97,76 @@ class UserController {
 	 *
 	 * @param {Object} Context The context object.
 	 */
-	async edit ({ params, view, auth, response }) {
-		// Retrieves user object
-		const user = await User.findOrFail(params.id);
-		const userRole = await auth.user.getUserRole();
-		var isAdmin;
-
-		let formOptions = {};
+	async edit ({ params, view, auth, response, request }) {
+
+		//try{
+			// Retrieves user object
+			const profile = await User.findOrFail(params.id);
+			const profileRole = await profile.getUserRole();
+			const userRole = await auth.user.getUserRole();
+			let isAdmin, selectedBuilding, allBuildings;
+			// check if admin is editing their own profile
+			if (userRole === 'admin') {
+				isAdmin = true;
+				selectedBuilding = request.cookie('selectedBuilding');
+				// get all builig info admin nav bar since this route is shared with regular users and admin
+				// therefore, the admin middle-ware can't retrieve building info to pass to view
+				allBuildings = await Building.all();
+				allBuildings = allBuildings.toJSON();
+			// check if user is editing their own profile
+			} else if (auth.user.id === Number(params.id) && userRole === 'user') {
+				isAdmin = false;
+			// check if user is editing someone elses profile
+			} else {
+				return response.redirect('/');
+			}
+
 
-		var buildingOptions = await Building.all();
-		formOptions.buildings = buildingOptions.toJSON();
+			let formOptions = {};
 
-		var towerOptions = await Tower.all();
-		formOptions.towers = towerOptions.toJSON();
+			if( profileRole==="user" ){
+				var buildingOptions = await Building.all();
+				formOptions.buildings = buildingOptions.toJSON();
 
-		var floorOptions = await Floor.all();
-		formOptions.floors = floorOptions.toJSON();
+				var towerOptions = await Tower.all();
+				formOptions.towers = towerOptions.toJSON();
 
-		// check if admin is editing their own profile
-		if (userRole === 'admin') {
-			isAdmin = true;
-		// check if user is editing their own profile
-		} else if (auth.user.id === Number(params.id) && userRole === 'user') {
-			isAdmin = false;
-		// check if user is editing someone elses profile
-		} else {
-			return response.redirect('/');
-		}
+				var floorOptions = await Floor.all();
+				formOptions.floors = floorOptions.toJSON();
+			}
 
-		return view.render('auth.editProfile', { user, isAdmin, formOptions });
+			return view.render('auth.editProfile', { user: profile, isAdmin, profileRole, formOptions, selectedBuilding,
+				allBuildings });
+		//} catch (err) {
+		//	Logger.debug(err);
+		//	return response.route('home');
+		//}
 	}
 
 	/**
 	 * Updates a user's information in the database.
 	 *
 	 * @param {Object} Context The context object.
 	 */
-	async update ({ request, session, params, response }) {
+	async update ({ auth, request, session, params, response }) {
 		try {
-		// Retrieves user input
+
+			if( auth.user.id != params.id && auth.user.getUserRole() === 'user'){
+				return response.redirect('/');
+			}
+
+			// Retrieves user input
 			const body = request.all();
 
-			// test if selected building, tower, and floor exist
-			await Floor.findOrFail(body.floor);
-			await Tower.findOrFail(body.tower);
-			await Building.findOrFail(body.building);
+			const profile = await User.findOrFail(params.id);
+			const profileRole = await profile.getUserRole();
 
+			// test if selected building, tower, and floor exist
+			if(profileRole === "user"){
+				await Floor.findOrFail(body.floor);
+				await Tower.findOrFail(body.tower);
+				await Building.findOrFail(body.building);
+			}
 			// Updates user information in database
 			await User
 				.query()
@@ -389,7 +413,7 @@ class UserController {
 		return response.redirect('/login');
 	}
 
-	async show ({ auth, params, view, response }) {
+	async show ({ auth, params, view, response, request }) {
 		let user = await User
 			.query()
 			.where('id', params.id)
@@ -401,6 +425,17 @@ class UserController {
 
 		var canEdit = 0;
 		const userRole = await auth.user.getUserRole();
+		user = user.toJSON();
+
+		let selectedBuilding, allBuildings;
+
+		if(userRole === 'admin'){
+			selectedBuilding = request.cookie('selectedBuilding');
+			// get all builig info admin nav bar since this route is shared with regular users and admin
+			// therefore, the admin middle-ware can't retrieve building info to pass to view
+			allBuildings = await Building.all();
+			allBuildings = allBuildings.toJSON();
+		}
 
 		// check if user is viewing their own profile or is admin
 		if (auth.user.id === Number(params.id) || userRole === 'admin') {
@@ -409,9 +444,9 @@ class UserController {
 			return response.redirect('/');
 		}
 
-		user = user.toJSON();
+
 
-		return view.render('auth.showProfile', { auth, user, canEdit });
+		return view.render('auth.showProfile', { auth, user, canEdit, allBuildings, selectedBuilding });
 	}
 
 	/**

diff --git a/resources/views/auth/editProfile.edge b/resources/views/auth/editProfile.edge
@@ -8,15 +8,15 @@
             <div class="card shadow mb-4 p-3">
                 <div class="card-body">
                     <div class="row">
-                        <div class='col-md-5'>
-                            @if(isAdmin)
+                        <div class='col-md-7'>
+                            @if(profileRole === "admin")
                                 <form action='{{ route('saveAdmin', {id: user.id}) }}' method='POST' enctype='multipart/form-data'>
                             @else
                                 <form action='{{ route('saveUser', {id: user.id}) }}' method='POST' enctype='multipart/form-data'>
                             @endif
                                 {{ csrfField() }}
                                 <div class='form-group'>
-                                    <label for='firstName'>First name</label>
+                                    <label for='firstName'>First name </label>
                                     @if(hasErrorFor('firstName'))
                                         <input type='text' class='form-control is-invalid' id='{{ antl.formatMessage('updateUser.firstname') }}' name='firstName' value='{{ user.firstname }}' oninput='removeErrorClass("firstName")'>
                                         <div class='invalid-feedback'>{{ getErrorFor('firstName') }}</div>
@@ -44,7 +44,7 @@
                                     @endif
                                 </div>
 
-                                @if(!isAdmin)
+                                @if(profileRole != "admin")
                                     <div class='form-row'>
                                         <div class='col'>
                                             <div class='form-group mb-2'>

diff --git a/start/routes.js b/start/routes.js
@@ -50,7 +50,7 @@ Route.get('/user/:id', 'UserController.show').as('viewProfile').middleware(['aut
 Route.get('/allUsers', 'UserController.getAllUsers').as('allUsers').middleware(['isAdmin']);
 Route.get('/allAdmins', 'UserController.getAllAdmins').as('allAdmins').middleware(['isAdmin']);
 Route.get('/user/:id/edit', 'UserController.edit').as('editUser').middleware(['auth']);
-Route.post('/user/:id/edit', 'UserController.update').as('saveUser').validator('EditUser').middleware(['isUser']);
+Route.post('/user/:id/edit', 'UserController.update').as('saveUser').validator('EditUser').middleware(['auth']);
 Route.post('/user/:id/editAdmin', 'UserController.update').as('saveAdmin').validator('EditAdmin').middleware(['isAdmin']);
 Route.post('/user/updatepassword', 'UserController.changePassword').as('changePassword').middleware(['auth']).validator('ResetPassword');