client/auth: fix user forms reachable via URL

This commit is contained in:
rr- 2016-08-23 22:06:30 +02:00
parent 3c03c001e2
commit 9124639564

View file

@ -5,6 +5,7 @@ const views = require('../util/views.js');
const UserDeleteView = require('./user_delete_view.js'); const UserDeleteView = require('./user_delete_view.js');
const UserSummaryView = require('./user_summary_view.js'); const UserSummaryView = require('./user_summary_view.js');
const UserEditView = require('./user_edit_view.js'); const UserEditView = require('./user_edit_view.js');
const EmptyView = require('../views/empty_view.js');
const template = views.getTemplate('user'); const template = views.getTemplate('user');
@ -33,17 +34,25 @@ class UserView extends events.EventTarget {
ctx.hostNode = this._hostNode.querySelector('#user-content-holder'); ctx.hostNode = this._hostNode.querySelector('#user-content-holder');
if (ctx.section == 'edit') { if (ctx.section == 'edit') {
this._view = new UserEditView(ctx); if (!this._ctx.canEditAnything) {
this._view.addEventListener('submit', e => { this._view = new EmptyView();
this.dispatchEvent( this._view.showError(
new CustomEvent('submit', {detail: e.detail})); 'You don\'t have privileges to edit users.');
}); } else {
this._view = new UserEditView(ctx);
events.proxyEvent(this._view, this, 'submit');
}
} else if (ctx.section == 'delete') { } else if (ctx.section == 'delete') {
this._view = new UserDeleteView(ctx); if (!this._ctx.canDelete) {
this._view.addEventListener('submit', e => { this._view = new EmptyView();
this.dispatchEvent( this._view.showError(
new CustomEvent('delete', {detail: e.detail})); 'You don\'t have privileges to delete users.');
}); } else {
this._view = new UserDeleteView(ctx);
events.proxyEvent(this._view, this, 'submit', 'delete');
}
} else { } else {
this._view = new UserSummaryView(ctx); this._view = new UserSummaryView(ctx);
} }