Usually, deleting user is allowed only for Admin, other users will not be allowed to do so. It follows the same procedures with the other ones we have seen so far. We need to define a get route with user id as parameter. This route will be linked to a controller that in turn will be linked to a model.
// route/admin/user.js
import express from 'express'
const userRoute = express.Router()
import user from '../../controller/admin/user.js'
userRoute.get('/',async (req,res)=>{
if(req.session.user){
user.getItem(req,res)
}else{
res.redirect('/login')
}
})
userRoute.post('/',async (req,res)=>{
if(req.session.user){
user.postItem(req,res)
}else{
res.redirect('/login')
}
})
userRoute.get('/edit/:id',async (req,res)=>{
if(req.session.user){
user.getEditItem(req,res)
}else{
res.redirect('/login')
}
})
userRoute.post('/edit/:id',async (req,res)=>{
if(req.session.user){
user.updateItem(req,res)
}else{
res.redirect('/login')
}
})
userRoute.get('/delete/:id',async (req,res)=>{
if(req.session.user){
user.deleteItem(req,res)
}else{
res.redirect('/login')
}
})
export default userRoute
// controller/admin/user.js
import config from '../../config.js'
import userDB from '../../model/user.js'
class User{
constructor(){
(async ()=>{
this.config = await config()
})()
}
async getItem(req,res){
this.config.pageTitle = 'ទំព័រអ្នកប្រើប្រាស់'
this.config.route = '/admin/user'
this.config.type = 'user'
this.config.count = await userDB.count(req)
this.config.items = await userDB.getItem(req,this.config.maxPosts)
res.render('base',{data:this.config})
}
async postItem(req,res){
if(req.session.user.role === 'Admin'){
userDB.postItem(req,res)
}
res.redirect('/admin/user')
}
async getEditItem(req,res){
this.config.pageTitle = 'ទំព័រកែប្រែអ្នកប្រើប្រាស់'
this.config.route = '/admin/user'
this.config.type = 'user'
this.config.count = await userDB.count(req)
this.config.items = await userDB.getItem(req,this.config.maxPosts)
this.config.item = await userDB.getSingle(req)
res.render('base',{data:this.config})
}
async updateItem(req,res){
let item = await userDB.getSingle(req)
if((req.session.user.role === 'Admin')||(req.session.user.id === item.id)){
await userDB.updateItem(req)
}
res.redirect('/admin/user')
}
async deleteItem(req,res){
if(req.session.user.role === 'Admin'){
userDB.deleteItem(req)
}
res.redirect('/admin/user')
}
}
export default await new User()
// model/user.js
import bcrypt from 'bcryptjs'
class User{
async count(req){
return await req.mydb.collection('users').countDocuments()
}
async postItem(req){
const id = Date.now() + Math.round(Math.random() * 1E9).toString()
const hashPassword = bcrypt.hashSync(req.body.password, 12)
let newUser = {
id: id,
title: req.body.title,
content: req.body.content,
thumb: req.body.thumb,
postdate: req.body.datetime,
role: req.body.category,
email: req.body.email,
password: hashPassword,
}
await req.mydb.collection("users").insertOne(newUser)
}
async getItem(req,amount){
return await req.mydb.collection('users').find().sort({date:-1,_id:-1}).limit(amount).toArray()
}
async getSingle(req){
return await req.mydb.collection('users').findOne({id:req.params.id})
}
async updateItem(req){
const myquery = {id: req.params.id}
if(req.session.user.password !== req.body.password){
var hashPassword = bcrypt.hashSync(req.body.password, 12)
}else{
var hashPassword = req.body.password
}
let newvalue = {$set: {
title: req.body.title,
content: req.body.content,
thumb: req.body.thumb,
postdate: req.body.datetime,
role: req.body.category,
email: req.body.email,
password: hashPassword,
}}
await req.mydb.collection('users').updateOne(myquery,newvalue)
}
async deleteItem(req){
await req.mydb.collection('users').deleteOne({id: req.params.id})
}
}
export default new User()
