diff options
| author | Simon Rettberg | 2015-04-23 17:40:24 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-04-23 17:40:24 +0200 |
| commit | 47517c76094834d582121b84098c84c0bcb8353f (patch) | |
| tree | 2d2d174956b0174e645ef246bb78ba1c683885b6 | |
| parent | +AGB, +DeleteUser feature (diff) | |
| download | bwlp-webadmin-47517c76094834d582121b84098c84c0bcb8353f.tar.gz bwlp-webadmin-47517c76094834d582121b84098c84c0bcb8353f.tar.xz bwlp-webadmin-47517c76094834d582121b84098c84c0bcb8353f.zip | |
Add AddUser mask for creating test accounts
| -rw-r--r-- | inc/user.inc.php | 17 | ||||
| -rw-r--r-- | index.php | 1 | ||||
| -rw-r--r-- | modules/adduser.inc.php | 81 | ||||
| -rw-r--r-- | templates/adduser/_page.html | 68 | ||||
| -rw-r--r-- | templates/main-menu.html | 6 |
5 files changed, 172 insertions, 1 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php index e2b7e43..3325421 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -76,6 +76,16 @@ class User { return isset(self::$user['role']) && self::$user['role'] === 'tutor'; } + + public static function isAdmin() + { + // TODO: Not hardcoded; per Institution... + return in_array(self::getShibId(), array( + '5fb22037697816a70a847d15245c9f88', + '94e48d34587ab9963a2013ddc97e1e45', + 'fb91f270a95a5b006be916f2b2da305c', + ), true); + } public static function getOrganizationId() { @@ -111,6 +121,13 @@ class User } return self::$organization; } + + public static function getShibId() + { + if (empty(self::$user['shibid'])) + return false; + return self::$user['shibid']; + } public static function load() { @@ -106,6 +106,7 @@ User::load(); Render::addTemplate('main-menu', array( 'url' => urlencode($_SERVER['REQUEST_URI']), 'user' => User::getName(), + 'admin' => User::isAdmin(), )); Message::renderList(); diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php new file mode 100644 index 0000000..fc0dfa7 --- /dev/null +++ b/modules/adduser.inc.php @@ -0,0 +1,81 @@ +<?php + +class Page_AddUser extends Page +{ + + protected function doPreprocess() + { + User::load(); + if (!User::isShibbolethAuth()) { + Message::addError('Not bwIDM'); + Util::redirect('?do=Main'); + } + if (!User::isAdmin()) { + Message::addError('Not admin!'); + Util::redirect('?do=Main'); + } + // Add? + if (Request::post('action') === 'add') { + $organizationid = Request::post('organization', ''); + $firstname = Request::post('firstname', ''); + $lastname = Request::post('lastname', ''); + $password = Request::post('password', ''); + $login = Request::post('login', ''); + if (empty($organizationid)) { + Message::addError('Keine Einrichtung gewählt.'); + } else if (empty($firstname) || empty($lastname) + || empty($login) || empty($password)) { + Message:addError('Ein Feld wurde nicht ausgefüllt.'); + } else { + // Validate login + if (preg_match('/^[a-z0-9_\.\-]+@([a-z0-9_\.\-]+)$/i', $login, $out)) { + // Complete login + $suffix = $out[1]; + } else if (strpos($login, '@') !== false) { + // Has @ but invalid format + Message::addError('Ungültige Syntax für Login'); + $suffix = '<invalid>'; + } else { + // No @, try add orgid + $suffix = $organizationid; + $login .= "@$suffix"; + } + $ok = Database::queryFirst('SELECT organizationid FROM satellite_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array( + 'o' => $organizationid, + 's' => $suffix + )); + if ($ok === false) { + Message::addError('Login-Suffix @{{0}} ist ungültig.', $suffix); + } else { + Database::exec('INSERT INTO user (login, password, organizationid, firstname, lastname, email) ' + . ' VALUES (:login, :password, :organization, :firstname, :lastname, :email)', array( + 'login' => $login, + 'password' => Crypto::hash6($password), + 'organization' => $organizationid, + 'firstname' => $firstname, + 'lastname' => $lastname, + 'email' => Request::post('email') + )); + Message::addSuccess('Benutzer {{0}} angelegt', $login); + } + } + Util::redirect('?do=Main'); + } + } + + protected function doRender() + { + // Show mask + $res = Database::simpleQuery('SELECT organizationid, name FROM satellite ORDER BY name ASC'); + $orgs = array(); + $orgs[] = array( + 'organizationid' => '', + 'name' => ' -- Bitte wählen -- ' + ); + while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $orgs[] = $row; + } + Render::addTemplate('adduser/_page', array('orgs' => $orgs)); + } + +}
\ No newline at end of file diff --git a/templates/adduser/_page.html b/templates/adduser/_page.html new file mode 100644 index 0000000..857c2c4 --- /dev/null +++ b/templates/adduser/_page.html @@ -0,0 +1,68 @@ +<h2>Neuen Benutzer hinzufügen</h2> + +<form method="post" action="?do=AddUser"> + <input type="hidden" name="token" value="{{token}}"> + <input type="hidden" name="action" value="add"> + <div class="form-narrow"> + + <div class="input-group"> + <span class="input-group-addon slx-ga"> + Einrichtung + </span> + <select class="form-control" name="organization" onchange="setorg(this)"> + {{#orgs}} + <option value="{{organizationid}}">{{name}}</option> + {{/orgs}} + </select> + </div> + + <div class="input-group"> + <span class="input-group-addon slx-ga"> + Login + </span> + <input class="form-control" name="login" placeholder="mmuster@einrichtung" id="login"> + </div> + + <div class="input-group"> + <span class="input-group-addon slx-ga"> + Passwort + </span> + <input class="form-control" name="password" placeholder="letmein"> + </div> + + <div class="input-group"> + <span class="input-group-addon slx-ga"> + Vorname + </span> + <input class="form-control" name="firstname" placeholder="Max"> + </div> + + <div class="input-group"> + <span class="input-group-addon slx-ga"> + Nachname + </span> + <input class="form-control" name="lastname" placeholder="Muster"> + </div> + + <div class="input-group"> + <span class="input-group-addon slx-ga"> + Mail + </span> + <input class="form-control" name="email" placeholder="spam@aol.com"> + </div> + + <div class="pull-right"> + <button type="submit" class="btn btn-primary">Anlegen</button> + </div> + + </div> +</form> + +<script type="text/javascript"> +function setorg(e) { + var l = $('#login'); + if (l.val().length !== 0 && l.val().charAt(0) !== '@') + return; + l.val('@' + $(e).val()); +} +</script>
\ No newline at end of file diff --git a/templates/main-menu.html b/templates/main-menu.html index 8e78bc2..2cfe389 100644 --- a/templates/main-menu.html +++ b/templates/main-menu.html @@ -10,6 +10,11 @@ <a class="navbar-brand" href="?do=Main"><img src="/img/bwLehrpool_198x46.png" alt="bwLehrpool"></a> </div> <div class="navbar-collapse collapse"> + <ul class="nav navbar-nav"> + {{#admin}} + <li><a href="?do=AddUser">AddUser</a></li> + {{/admin}} + </ul> <ul class="nav navbar-nav navbar-right"> {{#user}} <li> @@ -28,4 +33,3 @@ </div> </div> </div> - |