working on user lost for admin

frontend/src/App.svelte

@@ -17,11 +17,8 @@
 
     function loadTheme(name){
         if (!name) return;
-        console.log({theme:name});
         const url = `${location.protocol}//${location.host.replace('5173','8080')}/css/${name}.css`;
-        fetch(url).then(resp => resp.text()).then(css => {
+        fetch(url).then(resp => resp.text()).then(css => document.getElementById('usercss').innerText = css);
-            document.getElementById('usercss').innerText = css;
-        });
     }
 
     $effect(() => loadTheme(user.theme));

frontend/src/routes/user/List.svelte

@@ -0,0 +1,44 @@
+<script>
+    import { onMount } from 'svelte';
+    import { t } from '../../translations.svelte.js';
+    import { user } from '../../user.svelte.js';
+    let users = $state([]);
+
+    onMount(async () => {
+        const url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/list`;
+        const resp = await fetch(url,{credentials:'include'});
+        if (resp.ok){
+            const json = await resp.json();
+            for (let user of json) users.push(user);
+        }
+    });
+</script>
+
+<fieldset>
+    <legend>{t('user.list')}</legend>
+    <table>
+        <thead>
+            <tr>
+                <th>{t('user.id')}</th>
+                <th>{t('user.name')}</th>
+                <th>{t('user.email')}</th>
+                <th>{t('user.language')}</th>
+                <th>{t('user.actions')}</th>
+            </tr>
+        </thead>
+        <tbody>
+        {#each users as u,i}
+            <tr>
+                <td>{u.id}</td>
+                <td>{u.name}</td>
+                <td>{u.email}</td>
+                <td>{u.language}</td>
+                <td>
+                    Check permissions, add button here
+                </td>
+            </tr>
+        {/each}
+
+        </tbody>
+    </table>
+</fieldset>

frontend/src/routes/user/User.svelte

@@ -4,6 +4,7 @@
     import ClickInput from '../../Components/ClickInput.svelte';
     import ClickSelect from '../../Components/ClickSelect.svelte';
     import EditPassword from './EditPassword.svelte';
+    import UserList from './List.svelte';
     let editPassword = false;
 
     async function patch(changeset){
@@ -92,9 +93,6 @@
 </fieldset>
 
 {#if user.permissions.includes('LIST_USERS')}
-<fieldset>
+<UserList />
-    <legend>{t('user.list')}</legend>
-    User list goes here…
-</fieldset>
 {/if}
 

frontend/src/translations.svelte.js

@@ -12,7 +12,7 @@ export function t(key,...args){
     let keys = key.split('.');
     for (let token of keys){
         if (!set[token]){
-            console.log('Missing translation for '+key);
+            console.warn('Missing translation for '+key);
             return keys[keys.length-1].replaceAll('_',' ');
         }
         set = set[token];

frontend/src/user.svelte.js

@@ -4,7 +4,6 @@ export const user = $state({
 })
 
 export async function checkUser(){
-    console.log('checkUser()');
     const url = `${location.protocol}//${location.host.replace('5173','8080')}/api/user/whoami`;
     const response = await fetch(url,{
         credentials: 'include'

user/src/main/java/de/srsoftware/umbrella/user/UserModule.java

@@ -3,13 +3,14 @@ package de.srsoftware.umbrella.user;
 
 import static de.srsoftware.tools.Optionals.*;
 import static de.srsoftware.umbrella.core.Constants.*;
+import static de.srsoftware.umbrella.core.Paths.LIST;
 import static de.srsoftware.umbrella.core.Paths.LOGOUT;
 import static de.srsoftware.umbrella.core.ResponseCode.*;
 import static de.srsoftware.umbrella.user.Constants.*;
 import static de.srsoftware.umbrella.user.Paths.LOGIN;
 import static de.srsoftware.umbrella.user.Paths.WHOAMI;
+import static de.srsoftware.umbrella.user.model.DbUser.PERMISSION.LIST_USERS;
 import static de.srsoftware.umbrella.user.model.DbUser.PERMISSION.UPDATE_USERS;
-import static java.lang.System.Logger.Level.DEBUG;
 import static java.lang.System.Logger.Level.WARNING;
 import static java.time.temporal.ChronoUnit.DAYS;
 
@@ -24,9 +25,9 @@ import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.time.Instant;
 import java.util.List;
-import java.util.Set;
+import java.util.Optional;
+
 import org.json.JSONObject;
-import org.sqlite.core.DB;
 
 
 public class UserModule extends PathHandler {
@@ -63,12 +64,20 @@ public class UserModule extends PathHandler {
 
 	@Override
 	public boolean doGet(Path path, HttpExchange ex) throws IOException {
-		var p = path.toString();
+		UmbrellaUser user = null;
-		switch (p){
+		var sessionToken = SessionToken.from(ex).map(Token::of);
-			case LOGOUT: return logout(ex);
+		if (sessionToken.isPresent()) try {
-			case WHOAMI: return getUser(ex);
+			user = users.load(users.load(sessionToken.get()));
+		} catch (UmbrellaException e) {
+			LOG.log(WARNING,e);
 		}
-		return super.doGet(path,ex);
+		addCors(ex);
+		return switch (path.toString()) {
+			case LIST -> getUserList(ex, user);
+			case LOGOUT -> logout(ex, sessionToken);
+			case WHOAMI -> getUser(ex, user);
+			default -> super.doGet(path, ex);
+		};
 	}
 
 	@Override
@@ -127,6 +136,19 @@ public class UserModule extends PathHandler {
 		}
 	}
 
+	private boolean getUserList(HttpExchange ex, UmbrellaUser user) throws IOException {
+
+		if (user instanceof DbUser dbUser && dbUser.permissions().contains(LIST_USERS)){
+			try {
+				var list = users.list(0, null).stream().map(UmbrellaUser::toMap).toList();
+				return sendContent(ex,list);
+			} catch (UmbrellaException e) {
+				return sendContent(ex,e.statusCode(),e.getMessage());
+			}
+		}
+		return sendContent(ex,FORBIDDEN,"You are not allowed to list users!");
+	}
+
 	private boolean patchPassword(HttpExchange ex, UmbrellaUser requestingUser) throws IOException {
 		if (!(requestingUser instanceof DbUser user)) return sendContent(ex,SERVER_ERROR,"DbUser expected");
 		JSONObject json;
@@ -160,22 +182,12 @@ public class UserModule extends PathHandler {
 		return super.doPost(path, ex);
 	}
 
-	private boolean getUser(HttpExchange ex) throws IOException {
+	private boolean getUser(HttpExchange ex, UmbrellaUser user) throws IOException {
-		addCors(ex);
+		if (user != null) return sendContent(ex,OK,user);
-		var sessionToken = SessionToken.from(ex);
+		return sendEmptyResponse(UNAUTHORIZED,ex);
-		if (sessionToken.isEmpty()) return sendEmptyResponse(UNAUTHORIZED,ex);
-		try {
-			Session session = users.load(Token.of(sessionToken.get()));
-			UmbrellaUser user = users.load(session);
-			return sendContent(ex,OK,user);
-		} catch (UmbrellaException e) {
-			return sendContent(ex,e.statusCode(),e.getMessage());
-		}
 	}
 
-	public boolean logout(HttpExchange ex) throws IOException {
+	public boolean logout(HttpExchange ex, Optional<Token> optToken) throws IOException {
-		addCors(ex);
-		var optToken = SessionToken.from(ex).map(Token::of);
 		if (optToken.isPresent()){
 			var token = optToken.get();
 			try {

web/src/main/resources/web/css/winter.css

@@ -35,9 +35,14 @@ button{
     border-color: darkgray black black darkgray;
 }
 footer {
-  position: absolute;
+  position: sticky;
   bottom: 0;
   width: 100%;
   text-align: center;
-  margin: 5px;
+  padding: 5px;
+  margin-top: 5px;
+  background: white;
+  border-color: cyan;
+  border-style: dashed;
+  border-width: 1px 0 0;
 }