func (controller *usersController) newPost(rw http.ResponseWriter, req *http.Request) (int, error) {
err := req.ParseForm()
if err != nil {
return http.StatusInternalServerError, err
}
decoder := schema.NewDecoder()
// Ignore unknown keys to prevent errors from the CSRF token.
decoder.IgnoreUnknownKeys(true)
formUser := new(viewmodels.UsersEditViewModel)
err = decoder.Decode(formUser, req.PostForm)
if err != nil {
return http.StatusInternalServerError, err
}
valErrors := validateUserForm(formUser, false)
if len(valErrors) > 0 {
isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
vm := viewmodels.NewUserViewModel(formUser, controller.roles, isAuthenticated, user, valErrors)
vm.CsrfField = csrf.TemplateField(req)
return http.StatusOK, controller.newTemplate.Execute(rw, vm)
}
var user httpauth.UserData
user.Username = formUser.Username
user.Email = formUser.Email
password := formUser.Password
user.Role = formUser.Role
err = controller.authorizer.Register(rw, req, user, password)
if err != nil {
return http.StatusInternalServerError, err
}
http.Redirect(rw, req, "/settings/users", http.StatusSeeOther)
return http.StatusSeeOther, nil
}
func adminUsersHandler(w http.ResponseWriter, r *http.Request, admin Location) {
isAuth(w, r, admin, "admin")
if r.Method == "POST" {
var user httpauth.UserData
user.Username = r.PostFormValue("username")
user.Email = r.PostFormValue("email")
password := r.PostFormValue("password")
user.Role = r.PostFormValue("role")
if err := aaa.Register(w, r, user, password); err != nil {
// maybe something
}
}
if user, err := aaa.CurrentUser(w, r); err == nil {
type data struct {
User httpauth.UserData
Roles map[string]httpauth.Role
Users []httpauth.UserData
Msg []string
}
messages := aaa.Messages(w, r)
users, err := backend.Users()
if err != nil {
panic(err)
}
d := data{User: user, Roles: roles, Users: users, Msg: messages}
var templates = template.Must(template.ParseGlob("admin/templates/*"))
t_err := templates.ExecuteTemplate(w, "manage-accounts.html", d)
if t_err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}
func postAddUser(rw http.ResponseWriter, req *http.Request) {
var user httpauth.UserData
user.Username = req.PostFormValue("username")
user.Email = req.PostFormValue("email")
password := req.PostFormValue("password")
user.Role = req.PostFormValue("role")
if err := aaa.Register(rw, req, user, password); err != nil {
// maybe something
}
http.Redirect(rw, req, "/admin", http.StatusSeeOther)
}
