From 19b2deda2a7f28d286cdbc7f86c44ad3b237f6cf Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Thu, 1 Jun 2023 15:54:48 -0400
Subject: [PATCH] feat: mod promotion/demotion

---
 public/admin/users.php       | 32 +++++++++++++++++++++++++++++---
 public/user.php              | 14 +++++++++++++-
 theme/bulma/user_profile.php | 10 ++++++++--
 3 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/public/admin/users.php b/public/admin/users.php
index 9f2fe91..8060779 100644
--- a/public/admin/users.php
+++ b/public/admin/users.php
@@ -11,6 +11,27 @@ list($per_page, $current_page) = pp_setup_pagination();
 
 $total_users = User::count();
 $all_users = User::limit($per_page)->offset($current_page * $per_page)->get();
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (!verifyCsrfToken()) {
+        flashError('Invalid CSRF token.');
+        goto Render;
+    } elseif (!isset($_POST['user_id'])) {
+        flashError('No user ID specified.');
+        goto Render;
+    }
+
+    $user = User::find($_POST['user_id']);
+
+    if (!$user) {
+        flashError('User not found.');
+        goto Render;
+    }
+}
+
+Render:
+
+$csrf_token = setupCsrfToken();
 ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -111,9 +132,7 @@ $all_users = User::limit($per_page)->offset($current_page * $per_page)->get();
                                 <tr>
                                     <th>Username</th>
                                     <th>Date Registered</th>
-                                    <th>Ban User</th>
-                                    <th>Profile</th>
-                                    <th>Delete</th>
+                                    <th>Actions</th>
                                 </tr>
                                 </thead>
                                 <tbody>
@@ -123,6 +142,13 @@ $all_users = User::limit($per_page)->offset($current_page * $per_page)->get();
                                                 <a href="<?= urlForMember($user); ?>"><?= pp_html_escape($user->username); ?></a>
                                             </td>
                                             <td><?= pp_html_escape($user->created_at); ?> </td>
+                                            <td>
+                                                <form method="post">
+                                                    <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
+                                                    <input type="hidden" name="user_id" value="<?= $user->id ?>">
+                                                    <button class="button is-small is-danger" type="submit" name="ban">Ban</button>
+                                                </form>
+                                            </td>
                                         </tr>
                                     <?php endforeach; ?>
                                 </tbody>
diff --git a/public/user.php b/public/user.php
index 56d937e..d6081d0 100644
--- a/public/user.php
+++ b/public/user.php
@@ -17,7 +17,7 @@ $profile_username = trim($_GET['user']);
 
 $profile_info = User::with('favourites')
     ->where('username', $profile_username)
-    ->select('id', 'created_at', 'badge')
+    ->select('id', 'created_at', 'badge', 'role')
     ->first();
 
 if (!$profile_info) {
@@ -39,6 +39,18 @@ if ($can_administrate) {
 
             flashSuccess('Password reset to ' . $new_password);
         }
+    } elseif (isset($_POST['change_role'])) {
+        if (!verifyCsrfToken()) {
+            flashError('Invalid CSRF token (do you have cookies enabled?)');
+        } else {
+            if ($profile_info->role === User::ROLE_MODERATOR) {
+                $profile_info->role = 0;
+            } elseif ($profile_info->role === 0) {
+                $profile_info->role = User::ROLE_MODERATOR;
+            }
+            $profile_info->save();
+            flashSuccess('Role changed.');
+        }
     }
 }
 
diff --git a/theme/bulma/user_profile.php b/theme/bulma/user_profile.php
index c9dc100..fb6877d 100644
--- a/theme/bulma/user_profile.php
+++ b/theme/bulma/user_profile.php
@@ -1,7 +1,8 @@
 <?php
-    use PonePaste\Models\Paste;
+use PonePaste\Models\Paste;
+use PonePaste\Models\User;
 
-    $public_paste_badges = [
+$public_paste_badges = [
         50 => '[ProbablyAutistic] Have more than fifty pastes',
         25 => '[Writefag] Have twenty-five or more pastes',
         5  => '[NewWritefag] Have five or more pastes',
@@ -53,6 +54,11 @@
                             <form method="post">
                                 <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
                                 <button class="button is-small is-success" type="submit" name="reset_password">Reset Password</button>
+                                <?php if ($profile_info->role === User::ROLE_MODERATOR): ?>
+                                    <button class="button is-small is-warning" type="submit" name="change_role">Demote Moderator</button>
+                                <?php elseif ($profile_info->role === 0): ?>
+                                    <button class="button is-small is-warning" type="submit" name="change_role">Promote to Moderator</button>
+                                <?php endif; ?>
                             </form>
                         </div>
                     <?php endif; ?>