fix borked user page updates

bin/tcms-useradd

@@ -13,6 +13,7 @@ use List::Util qw{first};
 use Trog::Auth;
 use Trog::Data;
 use Trog::Config;
+use Trog::Log;
 
 # Don't murder our terminal when done
 $ENV{NOHUP} = 1;
@@ -61,6 +62,8 @@ Display this output.
 =cut
 
 sub main {
+    Trog::Log::log_init();
+
     my %options;
     Getopt::Long::GetOptionsFromArray(
         \@_,
@@ -97,7 +100,7 @@ sub main {
     # We don't want the password in plain text
     delete $merged{password};
 
-    # The ACLs a user posesses is not necessarily what ACLs you need to view a user's profile.
+    # The ACLs a user posesses is not necessarily what ACLs you need to view or edit a user's profile.
     delete $merged{acl};
 
     $data->add( \%merged );

lib/Trog/Auth.pm

@@ -122,6 +122,7 @@ The 'admin' ACL is the only special one, as it allows for authoring posts, confi
 sub acls4user ($username) {
     my $dbh     = _dbh();
     my $records = $dbh->selectall_arrayref( "SELECT acl FROM user_acl WHERE username = ?", { Slice => {} }, $username );
+
     return () unless ref $records eq 'ARRAY' && @$records;
     my @acls = map { $_->{acl} } @$records;
     return \@acls;

lib/Trog/DataModule.pm

@@ -3,6 +3,8 @@ package Trog::DataModule;
 use strict;
 use warnings;
 
+use FindBin::libs;
+
 use List::Util;
 use File::Copy;
 use Mojo::File;
@@ -282,6 +284,11 @@ my $valid_cb = sub {
     return is_coderef($ref);
 };
 
+my $hashref_or_string = sub {
+    my $subj = shift;
+    return Ref::Util::is_hashref($subj) || $not_ref->($subj);
+};
+
 # TODO more strict validation of strings?
 our %schema = (
     ## Parameters which must be in every single post
@@ -320,14 +327,16 @@ our %schema = (
     'username'       => $not_ref,
     'display_name'   => $not_ref,
     'contact_email'  => $not_ref,
-    'wallpaper_file' => $not_ref,
+    'wallpaper_file' => $hashref_or_string,
+    'wallpaper'      => $not_ref,
 
     # user avatar, but does double duty in content posts as preview images on videos, etc
-    'preview_file' => $not_ref,
+    'preview_file' => $hashref_or_string,
+    'preview'      => $not_ref,
     ## Content specific parameters
     'audio_href' => $not_ref,
     'video_href' => $not_ref,
-    'file'       => $not_ref,
+    'file'       => $hashref_or_string,
 );
 
 sub add ( $self, @posts ) {

lib/Trog/Routes/HTML.pm

@@ -904,10 +904,19 @@ sub profile ($query) {
     return see_also('/login') unless $query->{user};
     return Trog::Routes::HTML::forbidden($query) unless grep { $_ eq 'admin' } @{ $query->{user_acls} };
 
-    #TODO allow new users to do something OTHER than be admins
-    #TODO allow username changes
-    if ( $query->{password} || $query->{contact_email} ) {
-        my @acls = Trog::Auth::acls4user( $query->{username} ) || qw{admin};
+    # Find the user's post and edit it
+    state $data;
+    $data //= Trog::Data->new($conf);
+
+    my @userposts = $data->get( tags => ['about'], acls => [qw{admin}] );
+    # Users are always self-authored, you see
+
+    my $user_obj  = List::Util::first { ( $_->{user} || '' ) eq $query->{username} } @userposts;
+
+    if ( $query->{username} ne $user_obj->{user} || $query->{password} || $query->{contact_email} ne $user_obj->{contact_email} || $query->{display_name} ne $user_obj->{display_name} ) {
+        my $for_user = Trog::Auth::acls4user( $query->{username} );
+        #TODO support non-admin users
+        my @acls = @$for_user ? @$for_user : qw{admin};
         Trog::Auth::useradd( $query->{username}, $query->{display_name}, $query->{password}, \@acls, $query->{contact_email} );
     }
 
@@ -915,7 +924,16 @@ sub profile ($query) {
     $query->{user} = delete $query->{username};
     delete $query->{password};
 
-    return post_save($query);
+    # Use the display name as the title
+    $query->{title} = $query->{display_name};
+
+    my %merged    = (
+        %$user_obj,
+        %$query,
+        $query->{display_name} ? ( local_href => "/users/$query->{display_name}" ) : ( local_href => $user_obj->{local_href} ),
+    );
+
+    return post_save(\%merged);
 }
 
 =head2 post_delete

www/templates/html/components/acls.tx

@@ -1,12 +1,6 @@
-Visibility<br />
-<select id="<: $post.id :>-visibility" class="cooltext" name="visibility">
-    : for $post_visibilities -> $visibility {
-        <option <: $post.visibility == $visibility ? 'selected' : '' :> value="<: $visibility :>"><: $visibility :></option>
-    : }
-</select>
 <div id="<: $post.id :>-aclselect" >
-    ACLs / Series<br/ >
-    <select class="cooltext" name="acls">
+    ACLs - if This is unset, only admins can edit this post.  This allows 'series authors' to edit only their pages.<br/ >
+    <select multiple class="cooltext" name="acls">
         : for $acls -> $acl {
             <option value="<: $acl.aclname :>" <: $acl.selected :> ><: $acl.aclname :></option>
         : }

www/templates/html/components/forms/blog.tx

@@ -18,6 +18,7 @@
         <form class="Submissions" action="/post/save" method="POST" enctype="multipart/form-data">
             Title *<br /><input required class="cooltext" type="text" name="title" placeholder="Iowa Man Destroys Moon" value="<: $post.title :>" />
             : include "preview.tx";
+            : include "visibility.tx";
             : include "acls.tx";
             : include "tags.tx";
             : include "form_common.tx";

www/templates/html/components/forms/file.tx

@@ -52,6 +52,7 @@
         <input type="hidden" name="href" value="<: $post.href :>" />
         : }
         : include "preview.tx";
+        : include "visibility.tx";
         : include "acls.tx";
         : include "tags.tx";
         : include "form_common.tx";

www/templates/html/components/forms/microblog.tx

@@ -35,6 +35,7 @@
             : include "preview.tx";
             Audio<br /><input class="cooltext" type="url" name="audio_href" placeholder="https://soundclod.com/static.mp3" value="<: $post.audio_href :>" />
             Video<br /><input class="cooltext" type="url" name="video_href" placeholder="https://youvimeo.tv/infomercial.mp4" value="<: $post.video_href :>" />
+            : include "visibility.tx";
             : include "acls.tx";
             : include "tags.tx";
             : include "form_common.tx";

www/templates/html/components/forms/profile.tx

@@ -35,10 +35,8 @@
         : if ( $post.wallpaper ) {
         <input type="hidden" name="wallpaper" value="<: $post.wallpaper :>" />
         : }
-        Title  <br /><input class="cooltext" type="text" name="title" value="<: $post.title :>" />
         <input type="hidden" name="callback" value="Trog::Routes::HTML::users" />
-        : include "acls.tx";
-        : include "tags.tx";
+        : include "visibility.tx";
         : include "form_common.tx";
     </form>
     : include "edit_foot.tx";

www/templates/html/components/forms/series.tx

@@ -57,6 +57,7 @@
         </select>
         <input type="hidden" name="callback" value="Trog::Routes::HTML::series" />
         : include "preview.tx";
+        : include "visibility.tx";
         : include "acls.tx";
         : include "tags.tx";
         : include "form_common.tx";

www/templates/html/components/visibility.tx

@@ -0,0 +1,6 @@
+Visibility<br />
+<select id="<: $post.id :>-visibility" class="cooltext" name="visibility">
+    : for $post_visibilities -> $visibility {
+        <option <: $post.visibility == $visibility ? 'selected' : '' :> value="<: $visibility :>"><: $visibility :></option>
+    : }
+</select>

www/templates/toolong.tx

@@ -1,3 +0,0 @@
-419 Excessive URL length
-<br /><br />
-Please send URLs shorter than 2048 characters.