[admin] manage roles

locale/pl/translations.suml

@@ -783,6 +783,7 @@ admin:
         email: 'Email'
         roles: 'Role'
         profiles: 'Profile'
+        confirmRole: 'Czy na pewno chcesz zmienić rolę osoby @%username% na "%role%"?'
 
 table:
     empty: 'Pusto…'

routes/admin.vue

@@ -6,7 +6,7 @@
             <T>admin.header</T>
         </h2>
 
-        <Table :data="users" :columns="4">
+        <Table :data="Object.values(users)" :columns="4">
             <template v-slot:header>
                 <th class="text-nowrap">
                     <T>admin.user.user</T>
@@ -40,9 +40,10 @@
                     </ul>
                 </td>
                 <td>
-                    <span :class="['badge', s.el.roles === 'admin' ? 'badge-primary' : 'badge-light']">
+                    <a href="#" :class="['badge', s.el.roles === 'admin' ? 'badge-primary' : 'badge-light']"
+                       @click.prevent="setRole(s.el.id, s.el.roles === 'admin' ? 'user' : 'admin')">
                         {{s.el.roles}}
-                    </span>
+                    </a>
                 </td>
                 <td>
                     <ul class="list-unstyled">
@@ -76,9 +77,18 @@
             } });
 
             return {
-                users: Object.values(users),
+                users,
             };
         },
+        methods: {
+            async setRole(userId, role) {
+                await this.$confirm(this.$t('admin.user.confirmRole', {username: this.users[userId].username, role}));
+
+                const response = await this.$axios.$post(`/user/${userId}/set-roles`, { roles: role });
+
+                this.users[userId].roles = role;
+            }
+        },
         head() {
             return head({
                 title: this.$t('admin.header'),

server/routes/user.js

@@ -273,6 +273,16 @@ router.post('/user/delete', async (req, res) => {
     return res.json(true);
 });
 
+router.post('/user/:id/set-roles', async (req, res) => {
+    if (!req.admin) {
+        return res.status(401).json({error: 'Unauthorised'});
+    }
+
+    await req.db.get(SQL`UPDATE users SET roles = ${req.body.roles} WHERE id = ${req.params.id}`);
+
+    return res.json('ok');
+});
+
 router.get('/user/social/:provider', async (req, res) => {
     if (!req.session.grant || !req.session.grant.response || !req.session.grant.response.access_token || !socialLoginHandlers[req.params.provider]) {
         return res.status(400).redirect('/' + config.user.route);