Add success and error message feedback for user profile operations (#8716)

* mws authentication

* add more tests and permission checkers

* add logic to ensure that only authenticated users' requests are handled

* add custom login page

* Implement user authentication as well as session handling

* work on user operations authorization

* add middleware to route handlers for bags & tiddlers routes

* add feature that only returns the tiddlers and bags which the user has permission to access on index page

* refactor auth routes & added user management page

* fix Ci Test failure issue

* fix users list page, add manage roles page

* add commands and scripts to create new user & assign roles and permissions

* resolved ci-test failure

* add ACL permissions to bags & tiddlers on creation

* fix comments and access control list bug

* fix indentation issues

* working on user profile edit

* remove list users command & added support for database in server options

* implement user profile update and password change feature

* update plugin readme

* implement command which triggers protected mode on the server

* revert server-wide auth flag. Implement selective authorization

* ACL management feature

* Complete Access control list implementation

* Added support to manage users' assigned role by admin

* fix comments

* fix comment

* Add user profile management and account deletion functionality

* add success and error message feedback for user profile operations

* fix indentation issues

* Add command to create admin user if none exists when the start command is executed

* refactor annonymous user flow with create admin implementation

* remove mws-add-user from start command

plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js

@@ -224,14 +224,6 @@ SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscon
 		$accesscontrol: accesscontrol,
 		$description: description
 	});
-
-	const admin = this.getRoleByName("ADMIN");
-	if(admin) {	
-		const readPermission = this.getPermissionByName("READ");
-		const writePermission = this.getPermissionByName("WRITE");
-		// this.createACL(bag_name, "bag", admin.role_id, readPermission.permission_id);
-		// this.createACL(bag_name, "bag", admin.role_id, writePermission.permission_id);
-	}
 	return updateBags.lastInsertRowid;
 };
 
@@ -296,15 +288,6 @@ SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,descr
 		$bag_names: JSON.stringify(bag_names)
 	});
 
-
-	// update the permissions on ACL records
-	const admin = this.getRoleByName("ADMIN");
-	if(admin) {
-		const readPermission = this.getPermissionByName("READ");
-		const writePermission = this.getPermissionByName("WRITE");
-		// this.createACL(recipe_name, "recipe", admin.role_id, readPermission.permission_id);
-		// this.createACL(recipe_name, "recipe", admin.role_id, writePermission.permission_id);
-	}
 	return updateRecipes.lastInsertRowid;
 };
 
@@ -825,6 +808,18 @@ SqlTiddlerDatabase.prototype.getUserByUsername = function(username) {
 	});
 };
 
+SqlTiddlerDatabase.prototype.listUsersByRoleId = function(roleId) {
+	return this.engine.runStatementGetAll(`
+			SELECT u.*
+			FROM users u
+			JOIN user_roles ur ON u.user_id = ur.user_id
+			WHERE ur.role_id = $roleId
+			ORDER BY u.username
+	`, {
+			$roleId: roleId
+	});
+};
+
 SqlTiddlerDatabase.prototype.updateUser = function (userId, username, email, roleId) {
 	const existingUser = this.engine.runStatement(`
 		SELECT user_id FROM users
@@ -1018,6 +1013,14 @@ SqlTiddlerDatabase.prototype.deleteUserSessions = function(userId) {
 	});
 };
 
+// Set the user as an admin
+SqlTiddlerDatabase.prototype.setUserAdmin = function(userId) {
+	var admin = this.getRoleByName("ADMIN");
+	if(admin) {	
+		this.addRoleToUser(userId, admin.role_id);
+	}
+};
+
 // Group CRUD operations
 SqlTiddlerDatabase.prototype.createGroup = function(groupName, description) {
 	const result = this.engine.runStatement(`