From 76e6a6deb9e1435321ad3e0e999aa7be4aeb8da7 Mon Sep 17 00:00:00 2001
From: David Hoppenbrouwers <david@salt-inc.org>
Date: Mon, 10 Oct 2022 23:40:34 +0200
Subject: [PATCH 1/3] Implement set user role from admin panel

---
 db/sqlite.py |  9 +++++++++
 main.py      | 13 +++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/db/sqlite.py b/db/sqlite.py
index 22b252e..527b95e 100644
--- a/db/sqlite.py
+++ b/db/sqlite.py
@@ -466,6 +466,15 @@ class DB:
             (until, user_id)
         )
 
+    def set_user_role(self, user_id, role):
+        return self.change_one('''
+            update users
+            set role = ?
+            where user_id = ?
+            ''',
+            (role, user_id)
+        )
+
     def change_one(self, query, values):
         db = self._db()
         c = db.cursor()
diff --git a/main.py b/main.py
index 0e77861..a7acda1 100644
--- a/main.py
+++ b/main.py
@@ -530,6 +530,19 @@ def admin_new_user():
         flash(str(e), 'error')
     return redirect(url_for('admin'))
 
+@app.route('/admin/user/<int:user_id>/edit/role/', methods = ['POST'])
+def admin_set_role(user_id):
+    try:
+        role = request.form['role']
+        if role not in ('0', '1', '2'):
+            flash(f'Invalid role type ({role})', 'error')
+        else:
+            db.set_user_role(user_id, role)
+            flash('Set user role', 'success')
+    except Exception as e:
+        flash(str(e), 'error')
+    return redirect(url_for('admin'))
+
 @app.route('/admin/restart/', methods = ['POST'])
 def admin_restart():
     chk, user = _admin_check()

From 1969615a289f97898555ef9351cc2ea1dd3a4205 Mon Sep 17 00:00:00 2001
From: David Hoppenbrouwers <david@salt-inc.org>
Date: Mon, 10 Oct 2022 23:41:27 +0200
Subject: [PATCH 2/3] Fix user unban

---
 main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.py b/main.py
index a7acda1..20af56a 100644
--- a/main.py
+++ b/main.py
@@ -508,7 +508,7 @@ def admin_unban_user(user_id):
         return user
 
     try:
-        if db.set_user_ban(user_id, None):
+        if db.set_user_ban(user_id, 0):
             flash('Unbanned user', 'success')
         else:
             flash('Failed to unban user', 'error')

From 531c9fba6415a841a06a9f742a77a7178fa52bba Mon Sep 17 00:00:00 2001
From: David Hoppenbrouwers <david@salt-inc.org>
Date: Tue, 11 Oct 2022 00:17:48 +0200
Subject: [PATCH 3/3] Allow moderators to ban and unban users

---
 db/sqlite.py               |  2 +-
 main.py                    | 42 +++++++++++++++++++++++++++++---------
 templates/admin/index.html |  4 ++--
 templates/user_info.html   | 19 +++++++++++++++--
 4 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/db/sqlite.py b/db/sqlite.py
index 527b95e..0d72f44 100644
--- a/db/sqlite.py
+++ b/db/sqlite.py
@@ -158,7 +158,7 @@ class DB:
 
     def get_user_public_info(self, user_id):
         return self._db().execute('''
-            select name, about
+            select name, about, banned_until
             from users
             where user_id = ?
             ''',
diff --git a/main.py b/main.py
index 20af56a..848180a 100644
--- a/main.py
+++ b/main.py
@@ -166,13 +166,15 @@ def user_edit_password():
 
 @app.route('/user/<int:user_id>/')
 def user_info(user_id):
-    name, about = db.get_user_public_info(user_id)
+    name, about, banned_until = db.get_user_public_info(user_id)
     return render_template(
         'user_info.html',
         title = 'Profile',
         config = config,
         user = get_user(),
         name = name,
+        id = user_id,
+        banned_until = banned_until,
         about = about
     )
 
@@ -480,9 +482,8 @@ def admin_new_secrets():
         flash(str(e), 'error')
     return redirect(url_for('admin'))
 
-@app.route('/admin/user/<int:user_id>/ban/', methods = ['POST'])
-def admin_ban_user(user_id):
-    chk, user = _admin_check()
+def ban_user(user_id):
+    chk, user = _moderator_check()
     if not chk:
         return user
 
@@ -490,7 +491,7 @@ def admin_ban_user(user_id):
     d = 0 if d == '' else int(d)
     h, m = (0, 0) if t == '' else map(int, t.split(':'))
     until = time.time_ns() + (d * 24 * 60 + h * 60 + m) * (60 * 10**9)
-    until = min(until, 0xffff_ffff_ffff_ffff)
+    until = min(until, 0x7fff_ffff_ffff_ffff)
 
     try:
         if db.set_user_ban(user_id, until):
@@ -499,11 +500,17 @@ def admin_ban_user(user_id):
             flash('Failed to ban user', 'error')
     except Exception as e:
         flash(str(e), 'error')
-    return redirect(url_for('admin'))
 
-@app.route('/admin/user/<int:user_id>/unban/', methods = ['POST'])
-def admin_unban_user(user_id):
-    chk, user = _admin_check()
+@app.route('/user/<int:user_id>/ban/', methods = ['POST'])
+def moderator_ban_user(user_id):
+    return ban_user(user_id) or redirect(url_for('user_info', user_id = user_id))
+
+@app.route('/admin/user/<int:user_id>/ban/', methods = ['POST'])
+def admin_ban_user(user_id):
+    return ban_user(user_id) or redirect(url_for('admin'))
+
+def unban_user(user_id):
+    chk, user = _moderator_check()
     if not chk:
         return user
 
@@ -514,7 +521,14 @@ def admin_unban_user(user_id):
             flash('Failed to unban user', 'error')
     except Exception as e:
         flash(str(e), 'error')
-    return redirect(url_for('admin'))
+
+@app.route('/user/<int:user_id>/unban/', methods = ['POST'])
+def moderator_unban_user(user_id):
+    return unban_user(user_id) or redirect(url_for('user_info', user_id = user_id))
+
+@app.route('/admin/user/<int:user_id>/unban/', methods = ['POST'])
+def admin_unban_user(user_id):
+    return unban_user(user_id) or redirect(url_for('admin'))
 
 @app.route('/admin/user/new/', methods = ['POST'])
 def admin_new_user():
@@ -561,6 +575,14 @@ def help():
         user = get_user(),
     )
 
+def _moderator_check():
+    user = get_user()
+    if user is None:
+        return False, redirect(url_for('login'))
+    if not user.is_moderator():
+        return False, ('<h1>Forbidden</h1>', 403)
+    return True, user
+
 def _admin_check():
     user = get_user()
     if user is None:
diff --git a/templates/admin/index.html b/templates/admin/index.html
index 90a0447..ba8f779 100644
--- a/templates/admin/index.html
+++ b/templates/admin/index.html
@@ -100,12 +100,12 @@
 </td>
 <td>
 {%- if banned_until > 0 -%}
-<form method=post action="user/{{ id }}/unban/">
+<form method=post action="{{ url_for('admin_ban_user', user_id = id) }}">
 {{- format_time(banned_until) }}
 <input type=submit value=Unban>
 </form>
 {%- endif -%}
-<form method=post action="user/{{ id }}/ban/">
+<form method=post action="{{ url_for('admin_ban_user', user_id = id) }}">
 <input type=number name=days placeholder=days>
 <input type=time name=time>
 <input type=submit value=Ban>
diff --git a/templates/user_info.html b/templates/user_info.html
index b5c70bc..c4b91ca 100644
--- a/templates/user_info.html
+++ b/templates/user_info.html
@@ -1,6 +1,21 @@
 {% extends 'base.html' %}
 
-{% block content %}
+{%- block content %}
+{%- if user is not none and user.is_moderator -%}
+<p>
+<form method=post action="{{ url_for('moderator_ban_user', user_id = id) }}">
+<input type=number name=days placeholder=days>
+<input type=time name=time>
+<input type=submit value=Ban>
+</form>
+{%- if banned_until > 0 -%}
+<form method=post action="{{ url_for('moderator_unban_user', user_id = id) }}">
+{{- format_time(banned_until) -}}
+<input type=submit value=Unban>
+</form>
+{%- endif -%}
+</p>
+{%- endif -%}
 <p><sup><i>{{ name }}</i></sup></p>
 <p>{{ minimd(about) | safe }}<p>
-{% endblock %}
+{%- endblock %}