nutzer einladen + sesssion cache correct clear

2025-10-29 17:25:32 +00:00 · 2025-05-24 10:57:31 +02:00
parent a46e2bc474
commit 74de26f560
7 changed files with 226 additions and 124 deletions
--- a/helpers/collections/session_cache.go
+++ b/helpers/collections/session_cache.go
@@ -99,6 +99,28 @@ func (c *UserSessionCache) Delete(sessionTokenClear string) {
 	}
 }
 func (c *UserSessionCache) DeleteSessionByUserID(uid string) {
 	if uid == "" {
 		return
 	}
 	c.cache.Range(func(key, value any) bool {
 		entry, ok := value.(*cacheEntry)
 		if !ok {
 			c.cache.Delete(key)
 			return true
 		}
 		if entry.user.Id == uid {
 			c.cache.Delete(key)
 			c.mu.Lock()
 			c.approximateSize--
 			c.mu.Unlock()
 		}
 		return true
 	})
 }
 func (c *UserSessionCache) Clear() {
 	c.cache.Clear()
 	c.mu.Lock()
--- a/pages/user_edit.go
+++ b/pages/user_edit.go
@@ -6,6 +6,7 @@ import (
 	"github.com/Theodor-Springmann-Stiftung/musenalm/middleware"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/pagemodels"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
 	"github.com/pocketbase/dbx"
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/tools/router"
 )
@@ -76,6 +77,32 @@ func (p *UserEditPage) GET(engine *templating.Engine, app core.App) HandleFunc {
 	}
 }
 func DeleteSessionsForUser(app core.App, uid string) error {
 	defer middleware.SESSION_CACHE.DeleteSessionByUserID(uid)
 	records := []*core.Record{}
 	err := app.RecordQuery(dbmodels.SESSIONS_TABLE).
 		Where(dbx.HashExp{dbmodels.SESSIONS_USER_FIELD: uid}).
 		All(&records)
 	if err != nil {
 		return err
 	}
 	err = app.RunInTransaction(func(tx core.App) error {
 		for _, r := range records {
 			if err := tx.Delete(r); err != nil {
 				return err
 			}
 		}
 		return nil
 	})
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func InvalidDataResponse(engine *templating.Engine, e *core.RequestEvent, error string, user *dbmodels.FixedUser) error {
 	data := make(map[string]any)
 	data["error"] = error
@@ -153,10 +180,12 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 		user_proxy.SetEmail(formdata.Email)
 		user_proxy.SetName(formdata.Name)
 		rolechanged := false
 		if formdata.Role != "" && formdata.Role != user_proxy.Role() {
 			if user.Role == "Admin" &&
 				(formdata.Role == "User" || formdata.Role == "Editor" || formdata.Role == "Admin") {
 				user_proxy.SetRole(formdata.Role)
 				rolechanged = true
 			} else {
 				return InvalidDataResponse(engine, e, "Rolle nicht erlaubt", &fu)
 			}
@@ -180,8 +209,16 @@ func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc
 			return InvalidDataResponse(engine, e, err.Error(), &fu)
 		}
-		// TODO: this is lazy, we just need to delete the sessions of the changed user
+		if rolechanged {
-		middleware.SESSION_CACHE.Clear()
+			if err := DeleteSessionsForUser(app, user_proxy.Id); err != nil {
 				return InvalidDataResponse(engine, e, "Fehler beim Löschen der Sitzungen: "+err.Error(), &fu)
 			}
 			if user_proxy.Id == user.Id {
 				// INFO: user changed his own role, so we log him out
 				return e.Redirect(303, "/login/")
 			}
 		}
 		fu = user_proxy.Fixed()
 		data["user"] = &fu
--- a/views/assets/style.css
+++ b/views/assets/style.css
--- a/views/routes/user/edit/body.gohtml
+++ b/views/routes/user/edit/body.gohtml
@@ -33,7 +33,7 @@
 		{{ end }}
 		<form class="w-full grid grid-cols-3 gap-4" method="POST" x-data="{ openpw: false }">
 			<div
-				class="col-span-3 border-2 border-transparent px-2
+				class="rounded-xs col-span-3 border-2 border-transparent px-3
 				py-1 pb-1.5 border-l-2 focus-within:border-l-slate-600
 				bg-slate-200 focus-within:bg-slate-100 transition-all duration-100">
 				<label for="username" class="text-sm text-gray-700 font-bold">
@@ -43,7 +43,7 @@
 					type="text"
 					name="name"
 					id="name"
-					class="mt-1 block w-full rounded-md focus:border-none focus:outline-none"
+					class="mt-1 block w-full focus:border-none focus:outline-none"
 					placeholder=""
 					required
 					autocomplete="off"
@@ -51,7 +51,7 @@
 					autofocus />
 			</div>
 			<div
-				class="col-span-3 border-2 border-transparent px-2
+				class="rounded-xs col-span-3 border-2 border-transparent px-3
 				py-1 pb-1.5 border-l-2 focus-within:border-l-slate-600
 				bg-slate-200 focus-within:bg-slate-100 transition-all duration-100">
 				<label for="username" class="text-sm text-gray-700 font-bold">
@@ -68,7 +68,7 @@
 					value="{{ $model.user.Email }}" />
 			</div>
 			<div
-				class="col-span-3 border-2 border-transparent px-2
+				class="rounded-xs col-span-3 border-2 border-transparent px-3
 				py-1 pb-1.5 border-l-2 focus-within:border-l-slate-600
 				bg-slate-200 focus-within:bg-slate-100 transition-all duration-100">
 				<label for="role" class="text-sm text-gray-700 font-bold">
@@ -94,6 +94,32 @@
 					</option>
 				</select>
 			</div>
 			{{- if and
 				(eq $model.request.user.Role "Admin")
 				(eq $model.request.user.Id
 				$model.user.Id)
 			-}}
 				<div class="flex flex-row col-span-3">
 					<div class="align-top">
 						<i class="ri-information-line text-gray-700 mt-2 mr-2 align-top"></i>
 					</div>
 					<p class="text-sm text-gray-700 max-w-[80ch]">
 						Achtung! Wenn Sie Ihre eigenen Berechtigungen ändern, verlieren Sie die Möglichkeit,
 						diese Änderungen rückgängig zu machen. Weiter werden Sie von allen laufenden Sitzungen
 						abgemeldet und müssen sich erneut anmelden.
 					</p>
 				</div>
 			{{- else if (eq $model.request.user.Role "Admin") -}}
 				<div class="flex flex-row col-span-3">
 					<div class="align-top">
 						<i class="ri-information-line text-gray-700 mt-2 mr-2 align-top"></i>
 					</div>
 					<p class="text-sm text-gray-700 max-w-[80ch]">
 						Achtung! Wenn Sie die Rolle eines Benutzers ändern, wird dieser von allen laufenden
 						Sitzungen abgemeldet und muss sich erneut anmelden.
 					</p>
 				</div>
 			{{- end -}}
 			<div class="col-span-3">
 				<div class="flex items-center">
 					<input type="checkbox" name="openpw" id="openpw" x-model="openpw" class="mr-2" />
@@ -105,7 +131,7 @@
 			{{- if not (eq $model.request.user.Role "Admin") -}}
 				<div
 					x-bind:style="!openpw ? 'display:none' : ''"
-					class="col-span-3 border-2 border-transparent px-2
+					class="rounded-xs col-span-3 border-2 border-transparent px-3
 				py-1 pb-1.5 border-l-2 focus-within:border-l-slate-600
 				bg-slate-200 focus-within:bg-slate-100 transition-all duration-100">
 					<label for="password_old" class="text-sm text-gray-700 font-bold"> Altes Passwort </label>
@@ -120,7 +146,7 @@
 			{{- end -}}
 			<div
 				x-bind:style="!openpw ? 'display:none' : ''"
-				class="col-span-3 border-2 border-transparent px-2
+				class="rounded-xs col-span-3 border-2 border-transparent px-3
 				py-1 pb-1.5 border-l-2 focus-within:border-l-slate-600
 				bg-slate-200 focus-within:bg-slate-100 transition-all duration-100">
 				<label for="password" class="text-sm text-gray-700 font-bold"> Neues Passwort </label>
@@ -135,7 +161,7 @@
 			</div>
 			<div
 				x-bind:style="!openpw ? 'display:none' : ''"
-				class="col-span-3 border-2 border-transparent px-2
+				class="rounded-xs col-span-3 border-2 border-transparent px-3
 				py-1 pb-1.5 border-l-2 focus-within:border-l-slate-600
 				bg-slate-200 focus-within:bg-slate-100 transition-all duration-100">
 				<label for="password_repeat" class="text-sm text-gray-700 font-bold">
--- a/views/routes/user/management/access/body.gohtml
+++ b/views/routes/user/management/access/body.gohtml
@@ -88,39 +88,15 @@
 		</div>
 	</div>
 </div>
 <div class="user-invites flex container-normal mx-auto px-8 mt-4">
 	<div class="flex flex-row w-full">
 		<div class="flex-col max-w-xl w-full">
-		<div
+			<!-- QR Code -->
-			class="col-span-9 grid grid-cols-3 justify-between mb-4 py-1 px-1 border rounded-xs gap-x-2
+			<div class="mb-4 p-4 border rounded-xs hidden" id="qr"></div>
-		bg-slate-200 user-chooser">
+
-			<a
+			<!-- Access URL and Token -->
-				href="/user/management/access/User?redirectTo={{ $model.redirect_url }}"
+			<div class="mb-6 flex flex-col">
 				class="text-center px-4 text-gray-700 hover:text-slate-950 block"
 				{{ if eq $model.role "User" }}aria-current="page"{{ end }}>
 				Benutzer
 			</a>
 			<a
 				href="/user/management/access/Editor?redirectTo={{ $model.redirect_url }}"
 				class="text-gray-700 hover:text-slate-950 block px-4 text-center"
 				{{ if eq $model.role "Editor" }}aria-current="page"{{ end }}>
 				Redakteur
 			</a>
 			<a
 				href="/user/management/access/Admin?redirectTo={{ $model.redirect_url }}"
 				class="text-gray-700 hover:text-slate-950 text-center px-4 block"
 				{{ if eq $model.role "Admin" }}aria-current="page"{{ end }}>
 				Admin
 			</a>
 		</div>
 		<!--
 		<div class="flex justify-center mt-8 items-baseline">
 			<div>
 				<img class="h-20 w-20 border" src="/assets/favicon.png" />
 			</div>
 		</div>
 		-->
 		<div class="col-span-7 col-start-2 mb-4 p-4 border rounded-xs hidden" id="qr"></div>
 		<div class="col-span-9 mb-6 flex flex-col">
 				<div class="flex flex-row">
 					<input
 						type="text"
@@ -164,7 +140,6 @@
 							id="csrf_token"
 							required
 							value="{{ $model.csrf_token }}" />
 						<div class="col-span-9 flex flex-row items-center justify-center">
 							<button
 								type="submit"
@@ -178,12 +153,26 @@
 						</div>
 					</form>
 				</div>
-			<div class="col-span-9 text-right text-slate-400 mb-1 mt-3">
+				<div class="text-right text-slate-400 mb-1 mt-3">
 					Gültig bis
 					{{ $model.validUntil }}
 				</div>
 			</div>
 			<!-- End of Access URL and Token -->
 		</div>
 		<!-- End of First Column -->
 		<!-- Second column -->
 		<div class="ml-12 flex flex-col">
 			<!-- User Role Chooser -->
 			<div class="user-chooser flex flex-col gap-y-3">
 				<a
 					href="/user/management/access/User?redirectTo={{ $model.redirect_url }}"
 					{{ if eq $model.role "User" }}aria-current="page"{{ end }}>
 					Benutzer
 				</a>
 				{{ if eq $model.role "User" }}
-				<div class="max-w-[60ch] mt-1 text-sm text-blue-600 flex flex-row gap-x-2 hyphens-auto">
+					<div class="max-w-[60ch] text-sm text-blue-600 flex flex-row gap-x-2 hyphens-auto">
 						<div>
 							<i class="ri-error-warning-line"></i>
 						</div>
@@ -192,18 +181,14 @@
 							löschen.
 						</div>
 					</div>
-			{{ else if eq $model.role "Admin" }}
+				{{- end -}}
-				<div class="max-w-[60ch] mt-1 text-sm text-red-600 flex flex-row gap-x-2 hyphens-auto">
+				<a
-					<div>
+					href="/user/management/access/Editor?redirectTo={{ $model.redirect_url }}"
-						<i class="ri-error-warning-line"></i>
+					{{ if eq $model.role "Editor" }}aria-current="page"{{ end }}>
-					</div>
+					Redakteur
-					<div>
+				</a>
-						Administratoren können alle Felder und Datensätze einsehen, bearbeiten und löschen.
+				{{- if eq $model.role "Editor" -}}
-						Administratoren können Passwörter setzen, Nutzer einladen und deaktivieren.
+					<div class="max-w-[60ch] text-sm text-orange-600 flex flex-row gap-x-2 hyphens-auto">
 					</div>
 				</div>
 			{{ else if eq $model.role "Editor" }}
 				<div class="max-w-[60ch] mt-1 text-sm text-orange-600 flex flex-row gap-x-2 hyphens-auto">
 						<div>
 							<i class="ri-error-warning-line"></i>
 						</div>
@@ -213,6 +198,25 @@
 						</div>
 					</div>
 				{{- end -}}
 				<a
 					href="/user/management/access/Admin?redirectTo={{ $model.redirect_url }}"
 					{{ if eq $model.role "Admin" }}aria-current="page"{{ end }}>
 					Admin
 				</a>
 				{{- if eq $model.role "Admin" -}}
 					<div class="max-w-[60ch] text-sm text-red-600 flex flex-row gap-x-2 hyphens-auto">
 						<div>
 							<i class="ri-error-warning-line"></i>
 						</div>
 						<div>
 							Administratoren können alle Felder und Datensätze einsehen, bearbeiten und löschen.
 							Administratoren können Passwörter setzen, Nutzer einladen und deaktivieren.
 						</div>
 					</div>
 				{{- end -}}
 			</div>
 			<!-- End of User Role Chooser -->
 		</div>
 		<!-- End of second column -->
 	</div>
 </div>
--- a/views/routes/user/management/access/head.gohtml
+++ b/views/routes/user/management/access/head.gohtml
@@ -0,0 +1 @@
 <title>Musenalm &ndash; Nutzer einladen</title>
--- a/views/transform/site.css
+++ b/views/transform/site.css
@@ -512,12 +512,24 @@
 		@apply !text-slate-900 bg-stone-50;
 	}
-	.user-invites .user-chooser a {
+	.user-chooser a {
-		@apply py-1 rounded-xs no-underline;
+		@apply px-4 py-2 no-underline text-gray-500 hover:text-slate-900 font-serif font-bold border-l-4 border-transparent hover:bg-slate-100 transition-all duration-75 rounded-xs;
 	}
-	.user-invites .user-chooser a[aria-current="page"] {
+	.user-chooser a[aria-current="page"] {
-		@apply font-bold !bg-stone-50 relative border-b z-20 shadow;
+		@apply text-slate-900 font-bold bg-slate-100 border-slate-900 shadow-sm;
 	}
 	.user-chooser a[aria-current="page"]:nth-child(1) {
 		@apply border-blue-500;
 	}
 	.user-chooser a[aria-current="page"]:nth-child(2) {
 		@apply border-orange-600;
 	}
 	.user-chooser a[aria-current="page"]:nth-child(3) {
 		@apply border-red-600;
 	}
 	@keyframes spin {
		`@@ -0,0 +1 @@`
							`<title>Musenalm – Nutzer einladen</title>`