User delete feature

7 years ago · c6853a0315
9 changed files with 51 additions and 14 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -7,5 +7,5 @@ charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true

-[*.{jade,pug}]
-trim_trailing_whitespace = false
+[*.{jade,pug,md}]
+trim_trailing_whitespace = false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,10 +3,13 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).

 ## [Unreleased]
+
+## [v1.0-beta.3] - 2017-02-10
 ### Added
 - Change log
 - Added .editorconfig, .eslintrc.json and .pug-lintrc.json for code linting
 - Added Create / Authorize User feature
+- Added Delete / De-authorize User feature
 - Added Login as... button to Forbidden page

 ### Fixed
@ -16,6 +19,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Changed
 - Updated dependencies + snyk policy
 - Conversion to Standard JS compliant code
+- Accounts that are not pre-authorized are no longer added with no rights

 ## [v1.0-beta.2] - 2017-01-30
 ### Added
@ -24,5 +28,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Changed
 - Updated dependencies + snyk policy

-[Unreleased]: https://github.com/Requarks/wiki/compare/v1.0-beta.2...HEAD
+[Unreleased]: https://github.com/Requarks/wiki/compare/v1.0-beta.3...HEAD
+[v1.0-beta.3]: https://github.com/Requarks/wiki/releases/tag/v1.0-beta.3
 [v1.0-beta.2]: https://github.com/Requarks/wiki/releases/tag/v1.0-beta.2
--- a/README.md
+++ b/README.md
@ -11,6 +11,7 @@
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/1d0217a3153c4595bdedb322263e55c8)](https://www.codacy.com/app/Requarks/wiki)
 [![Dependency Status](https://gemnasium.com/badges/github.com/Requarks/wiki.svg)](https://gemnasium.com/github.com/Requarks/wiki)
 [![Known Vulnerabilities](https://snyk.io/test/github/requarks/wiki/badge.svg)](https://snyk.io/test/github/requarks/wiki)
+[![Standard - JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)

 ##### A modern, lightweight and powerful wiki app built on NodeJS, Git and Markdown
 *Under active development*
@ -66,8 +67,8 @@

 ### Special Thanks

-![Browserstack](https://wiki.requarks.io/assets/images/logo_browserstack.png)
+![Browserstack](https://wiki.requarks.io/assets/images/logo_browserstack.png)  
 [Browserstack](https://www.browserstack.com/) for providing access to their great cross-browser testing tools.

-![DigitalOcean](https://wiki.requarks.io/assets/images/logo_digitalocean.png)
+![DigitalOcean](https://wiki.requarks.io/assets/images/logo_digitalocean.png)  
 [DigitalOcean](https://www.digitalocean.com/) for providing hosting of the Wiki.js documentation site.
--- a/assets/js/app.js
+++ b/assets/js/app.js
--- a/client/js/modals/admin-users-delete.js
+++ b/client/js/modals/admin-users-delete.js
@ -1,11 +1,11 @@
-/* global $, Vue */
+/* global $, Vue, usrData, alerts */

 // Vue Delete User instance

 let vueDeleteUser = new Vue({
  el: '#modal-admin-users-delete',
  data: {
-
+    loading: false
  },
  methods: {
    open: (ev) => {
@ -15,7 +15,18 @@ let vueDeleteUser = new Vue({
      $('#modal-admin-users-delete').removeClass('is-active')
    },
    deleteUser: (ev) => {
-      vueDeleteUser.cancel()
+      vueDeleteUser.loading = true
+      $.ajax('/admin/users/' + usrData._id, {
+        dataType: 'json',
+        method: 'DELETE'
+      }).then((rData, rStatus, rXHR) => {
+        vueDeleteUser.loading = false
+        vueDeleteUser.cancel()
+        window.location.assign('/admin/users')
+      }, (rXHR, rStatus, err) => {
+        vueDeleteUser.loading = false
+        alerts.pushError('Error', rXHR.responseJSON.msg)
+      })
    }
  }
 })
--- a/controllers/admin.js
+++ b/controllers/admin.js
@ -194,6 +194,25 @@ router.post('/users/:id', (req, res) => {
  })
 })

+/**
+ * Delete / Deauthorize a user
+ */
+router.delete('/users/:id', (req, res) => {
+  if (!res.locals.rights.manage) {
+    return res.status(401).json({ msg: 'Unauthorized' })
+  }
+
+  if (!validator.isMongoId(req.params.id)) {
+    return res.status(400).json({ msg: 'Invalid User ID' })
+  }
+
+  return db.User.findByIdAndRemove(req.params.id).then(() => {
+    return res.json({ msg: 'OK' })
+  }).catch((err) => {
+    res.status(500).json({ msg: err.message })
+  })
+})
+
 router.get('/settings', (req, res) => {
  if (!res.locals.rights.manage) {
    return res.render('error-forbidden')
--- a/models/user.js
+++ b/models/user.js
@ -63,10 +63,9 @@ userSchema.statics.processProfile = (profile) => {
    providerId: profile.id,
    name: profile.displayName || _.split(primaryEmail, '@')[0]
  }, {
-    new: true,
-    upsert: true
+    new: true
  }).then((user) => {
-    return user || Promise.reject(new Error('User Upsert failed.'))
+    return user || Promise.reject(new Error('You have not been authorized to login to this site yet.'))
  })
 }

--- a/package.json
+++ b/package.json
@ -83,7 +83,7 @@
    "pug": "^2.0.0-beta11",
    "read-chunk": "^2.0.0",
    "remove-markdown": "^0.1.0",
-    "requarks-core": "^0.2.0",
+    "requarks-core": "^0.2.1",
    "request": "^2.79.0",
    "search-index": "^0.9.9",
    "serve-favicon": "^2.3.2",
--- a/views/modals/admin-deleteuser.pug
+++ b/views/modals/admin-deleteuser.pug
@ -2,7 +2,9 @@
  .modal-background
  .modal-container
    .modal-content
-      header.is-red Delete User Account?
+      header.is-red
+        span Delete User Account?
+        p.modal-notify(v-bind:class='{ "is-active": loading }'): i
      section
        span Are you sure you want to delete this user account? This action cannot be undone!
      footer