liquid_feedback_frontend
view app/main/admin/member_list.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | 3bfb2fcf7ab9 |
| children | 46351752814f |
line source
1 slot.put_into("title", _"Member list")
3 slot.select("actions", function()
4 ui.link{
5 attr = { class = { "admin_only" } },
6 text = _"Register new member",
7 module = "admin",
8 view = "member_edit"
9 }
10 if param.get("show_locked") then
11 ui.link{
12 attr = { class = { "admin_only" } },
13 text = _"Show active members",
14 module = "admin",
15 view = "member_list"
16 }
17 else
18 ui.link{
19 attr = { class = { "admin_only" } },
20 text = _"Show locked members",
21 module = "admin",
22 view = "member_list",
23 params = { show_locked = true }
24 }
25 end
26 end)
28 local members_selector
30 if param.get("show_locked", atom.boolean) then
31 members_selector = Member:new_selector()
32 :add_where("not active")
33 :add_order_by("login")
34 else
35 members_selector = Member:new_selector()
36 :add_where("active")
37 :add_order_by("login")
38 end
40 ui.paginate{
41 selector = members_selector,
42 content = function()
43 ui.list{
44 records = members_selector:exec(),
45 columns = {
46 {
47 field_attr = { style = "text-align: right;" },
48 label = _"Id",
49 name = "id"
50 },
51 {
52 label = _"Login",
53 name = "login"
54 },
55 {
56 label = _"Name",
57 content = function(record)
58 util.put_highlighted_string(record.name)
59 end
60 },
61 {
62 label = _"Ident number",
63 name = "ident_number"
64 },
65 {
66 label = _"Admin?",
67 name = "admin"
68 },
69 {
70 content = function(record)
71 if app.session.member.admin and not record.active then
72 ui.field.text{ value = "locked" }
73 end
74 end
75 },
76 {
77 content = function(record)
78 if app.session.member.admin then
79 ui.link{
80 attr = { class = "action admin_only" },
81 text = _"Edit",
82 module = "admin",
83 view = "member_edit",
84 id = record.id
85 }
86 end
87 end
88 }
89 }
90 }
91 end
92 }