admin groups

Author: devksingh4

config.js

@@ -1,7 +1,9 @@
 require('dotenv').config()
 
 
-exports.groups_permitted = process.env.GROUPS_PERMITTED ? process.env.GROUPS_PERMITTED.split(',') : ['ACM Link Shortener Managers', 'ACM Exec', 'ACM Infra Leadership'];
+exports.groups_permitted = process.env.GROUPS_PERMITTED ? process.env.GROUPS_PERMITTED.split(',') : ['ACM Link Shortener Managers', 'ACM Exec', 'ACM Officers', 'ACM Infra Leadership'];
+
+exports.admin_groups = process.env.ADMIN_GROUPS ? process.env.ADMIN_GROUPS.split(',') : ['ACM Infra Leadership'];
 
 exports.branding = {
   title: process.env.brandTitle || "ACM Link Shortener",

index.js

@@ -166,6 +166,7 @@ async function addURLToDB(name, url, email, groups) {
     })
   })
 }
+
 async function getDataForEmail(email) {
   return new Promise(function(resolve, reject) {
     db.serialize(function() {
@@ -181,6 +182,22 @@ async function getDataForEmail(email) {
   })
 }
 
+async function getAllLinks() {
+  return new Promise(function(resolve, reject) {
+    db.serialize(function() {
+      const stmt = db.prepare("SELECT * FROM urlData");
+      stmt.all([], function(err, data) {
+        if (err) {
+          reject(err)
+        } else {
+          resolve(data)
+        }
+      })
+    })
+  })
+}
+
+
 async function getDelegatedLinks(userGroups) {
   return new Promise(function(resolve, reject) {
     db.serialize(function() {
@@ -332,12 +349,22 @@ app.use(async (req, res, next) => {
   if (!req.user) {return next();}
   req.user._json.groups = await getUserGroups(req.user.oid, gat);
   const intserect = validateArray(config.groups_permitted, req.user._json.groups);
-  if (!intserect){
+  const intersect2 = validateArray(config.admin_groups, req.user._json.groups)
+  if (!intserect && !intersect2){
     return res.status(401).redirect("/unauthorized");
   }
   next();
 })
 
+app.use('/admin/', async (req, res, next) => {
+  if (!req.user) {return next();}
+  req.user._json.groups = await getUserGroups(req.user.oid, gat);
+  const intersect2 = validateArray(config.admin_groups, req.user._json.groups)
+  if (!intersect2){
+    return res.status(401).redirect("/unauthorized");
+  }
+  next();
+})
 // begin business logic
 
 app.get('/', async function (req, res) {
@@ -426,6 +453,32 @@ app.get('/mylinks', ensureAuthenticated, async function (req, res) {
   })
 })
 
+app.get('/admin/links', ensureAuthenticated, async function (req, res) {
+  const email = req.user._json.preferred_username;
+  const name = req.user.displayName;
+  const userGroups =  req.user._json.groups !== undefined ? req.user._json.groups : [];
+  let data = await getAllLinks().catch(() => {res.status(500).render('500', {productName: config.branding.title, logoPath: config.branding.logoPath, copyrightOwner: config.branding.copyrightOwner, statusURL: config.branding.statusURL,}); return});
+  data = data.map((item) => {
+    const d = item;
+    d.url = atob(d.url);
+    d.groups = d.groups.replace(',', "<br />")
+    return d;
+  })
+  res.render('adminlinks', {
+    partials,
+    productName: config.branding.title, 
+    logoPath: config.branding.logoPath,
+    copyrightOwner: config.branding.copyrightOwner,
+    statusURL: config.branding.statusURL,
+    orgHome: config.branding.orgHome,
+    data,
+    name,
+    email,
+    baseURL,
+    productName: config.branding.title
+  })
+})
+
 app.delete('/deleteLink', ensureAuthenticated, async function (req, res) {
   const name = req.query.name;
   removeURLfromDB(name).then(() => {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "linkry-link-shortener",
-  "version": "1.4.1",
+  "version": "1.5.0",
   "description": "",
   "main": "index.js",
   "scripts": {

view/adminlinks.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html lang="en">
+<noscript>Your browser does not support JavaScript, but this site requires JavaScript!</noscript>
+
+<head>
+    <title>{{{productName}}}</title>
+    <meta property="og:title" content="{{{productName}}}" />
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet"
+        integrity="sha384-giJF6kkoqNQ00vy+HMDP7azOuL0xtbfIcaT9wjKHr8RbDVddVHyTfAAsrekwKmP1" crossorigin="anonymous">
+    <link rel="stylesheet" href="/static/css/epoch.css">
+    <script src="/static/js/mylinks.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
+</head>
+<script>
+    async function handleRemove(name) {
+        const sure = confirm(`Are you sure you would like to remove this link? Anyone visiting {{baseURL}}/${name} will recieve an error!`);
+        if (!sure) {
+            alert("Remove cancelled.")
+            return
+        }
+        const response = await fetch(`/deleteLink?name=${name}`, {
+            method: "DELETE"
+        })
+        const parsed = await response.json()
+        if (response.status !== 200) {
+            alert(parsed.message)
+        } else {
+            alert("URL removed successfully!")
+            document.getElementById(`urldata-${name}`).parentNode.removeChild(document.getElementById(`urldata-${name}`))
+        }
+    }
+</script>
+
+<body class="epoch-dark epoch-font epoch-child-light">
+    {{>fullNavbar}}
+    <br />
+    <div class="container">
+        <h1 style="text-align: center;">All shortened links</h1>
+        <br />
+        <table style="width:100%" class="table table-striped">
+            <tr>
+                <th style="text-align: center;" scope="col">Original</th>
+                <th style="text-align: center;" scope="col">Shortened</th>
+                <th style="text-align: center;" scope="col">Owner</th>
+                <th style="text-align: center;" scope="col">Groups</th>
+                <th style="text-align: center;" scope="col">Actions</th>
+            </tr>
+            {{#data}}
+            <tr id="urldata-{{name}}">
+                <td style="text-align: center;"><a id="urldata-{{name}}-url" href="{{url}}">{{url}}</a></td>
+                <td style="text-align: center;"><a href="/{{name}}">{{baseURL}}/{{name}}</a></td>
+                <td style="text-align: center;"><a>{{email}}</a></td>
+                <td style="text-align: center;"><a>{{{groups}}}</a></td>
+                <td style="text-align: center;"><button type="button" class="btn btn-danger"
+                        onclick="handleRemove('{{name}}', '{{url}}')">Remove Link</button><a>&nbsp;</a><button
+                        type="button" class="btn btn-warning" onclick="handleEdit('{{name}}')">Edit Link</button></a>
+                </td>
+            </tr>
+            {{/data}}
+        </table>
+    </div>
+    {{> footer}}
+
+</body>
+
+</html>