From f73a41753d2608187a0c85a28e419b8ea839d671 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 23 Feb 2018 15:26:17 +0100 Subject: [adduser] Extend module to simple user manager (add/edit/remove) TODO: Assign roles --- modules-available/adduser/templates/header.html | 3 + .../adduser/templates/page-adduser.html | 35 +++++++---- .../adduser/templates/page-edituser.html | 72 +++++++++++++++++++++ .../adduser/templates/page-userlist.html | 73 ++++++++++++++++++++++ 4 files changed, 171 insertions(+), 12 deletions(-) create mode 100644 modules-available/adduser/templates/header.html create mode 100644 modules-available/adduser/templates/page-edituser.html create mode 100644 modules-available/adduser/templates/page-userlist.html (limited to 'modules-available/adduser/templates') diff --git a/modules-available/adduser/templates/header.html b/modules-available/adduser/templates/header.html new file mode 100644 index 00000000..34011e29 --- /dev/null +++ b/modules-available/adduser/templates/header.html @@ -0,0 +1,3 @@ +
+

{{lang_userManagement}}

+
\ No newline at end of file diff --git a/modules-available/adduser/templates/page-adduser.html b/modules-available/adduser/templates/page-adduser.html index deb911c0..58d705f8 100644 --- a/modules-available/adduser/templates/page-adduser.html +++ b/modules-available/adduser/templates/page-adduser.html @@ -1,28 +1,39 @@
-

{{lang_createUser}}

+

{{lang_createUser}}

-
{{lang_username}} *
-
+
+
+
-
{{lang_password}} *
-
+
+
+
-
{{lang_fullName}} *
-
+
+
+
-
{{lang_telephone}}
-
+
+
+
-
E-Mail
-
+
+
+
+
+
+
+
+ +
- +
diff --git a/modules-available/adduser/templates/page-edituser.html b/modules-available/adduser/templates/page-edituser.html new file mode 100644 index 00000000..b8e51b5c --- /dev/null +++ b/modules-available/adduser/templates/page-edituser.html @@ -0,0 +1,72 @@ +
+ + +

{{lang_editUser}}

+ +
+
+
+
+
+
+
+

+ {{lang_changeLoginHint}} +

+
+
+ +
+
+
+
+
+
+ {{#password_disabled}} +
+
+
+

+ {{lang_changeOwnPasswordHint}} +

+
+
+ {{/password_disabled}} +
+ +
+
+
+
+
+ +
+
+
+
+
+ +
+
+
+
+
+
+ +
+
+
+ +
+
+ + + +
diff --git a/modules-available/adduser/templates/page-userlist.html b/modules-available/adduser/templates/page-userlist.html new file mode 100644 index 00000000..5b14f7e5 --- /dev/null +++ b/modules-available/adduser/templates/page-userlist.html @@ -0,0 +1,73 @@ +

{{lang_userlist}}

+ +{{{pagenav}}} + +
+ + + + + + + + + + + + + + {{#list}} + + + + + + + + {{/list}} + +
{{lang_login}}{{lang_name}}{{lang_phone}}{{lang_email}}
{{login}}{{fullname}}{{phone}}{{email}} + + {{^hide_delete}} + + {{/hide_delete}} +
+
+ + + {{lang_addUser}} + +
+
+ + + \ No newline at end of file -- cgit v1.2.3-55-g7522 From 00851bd25e57938a79356d2efb36c2bea1697760 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 23 Feb 2018 18:41:49 +0100 Subject: [adduser] Support setting user's roles on add/edit --- modules-available/adduser/page.inc.php | 33 ++++++ .../adduser/templates/page-adduser.html | 74 +++++++------ .../adduser/templates/page-edituser.html | 120 ++++++++++----------- .../adduser/templates/user-permissions.html | 24 +++++ .../inc/permissiondbupdate.inc.php | 28 ++++- .../permissionmanager/inc/permissionutil.inc.php | 23 ++++ 6 files changed, 198 insertions(+), 104 deletions(-) create mode 100644 modules-available/adduser/templates/user-permissions.html (limited to 'modules-available/adduser/templates') diff --git a/modules-available/adduser/page.inc.php b/modules-available/adduser/page.inc.php index a4edcf59..d1615828 100644 --- a/modules-available/adduser/page.inc.php +++ b/modules-available/adduser/page.inc.php @@ -61,6 +61,7 @@ class Page_AddUser extends Page EventLog::info(User::getName() . ' created user ' . $login); } Message::addInfo('adduser-success'); + $this->saveRoles($id); return; } } @@ -113,6 +114,7 @@ class Page_AddUser extends Page Database::exec('UPDATE user SET passwd = :pass WHERE userid = :userid', $data); Message::addSuccess('password-changed'); } + $this->saveRoles($userid); } } Util::redirect('?do=adduser&show=edituser&userid=' . $userid); @@ -141,6 +143,19 @@ class Page_AddUser extends Page Message::addSuccess('user-deleted', $userid); } + private function saveRoles($userid) + { + if (!Module::isAvailable('permissionmanager')) + return; + if (!User::hasPermission('.permissionmanager.users.edit-roles')) + return; + $roles = Request::post('roles', [], 'array'); + $ret = PermissionDbUpdate::setRolesForUser([$userid], $roles); + if ($ret > 0) { + Message::addSuccess('roles-updated'); + } + } + protected function doRender() { Render::addTemplate('header'); @@ -151,7 +166,12 @@ class Page_AddUser extends Page if ($hasUsers) { User::assertPermission('user.add'); } + Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']); Render::addTemplate('page-adduser'); + if ($hasUsers) { + $this->showPermissions(); + } + Render::closeTag('form'); } elseif ($show === 'edituser') { User::assertPermission('user.edit'); $userid = Request::get('userid', false, 'int'); @@ -165,7 +185,10 @@ class Page_AddUser extends Page Message::addError('user-not-found', $userid); } else { // TODO: LDAP -> disallow pw change, maybe other fields too? + Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']); Render::addTemplate('page-edituser', $user); + $this->showPermissions($userid); + Render::closeTag('form'); } } elseif ($show === 'list') { User::assertPermission('list.view'); @@ -181,4 +204,14 @@ class Page_AddUser extends Page } } + private function showPermissions($userid = false) + { + if (!Module::isAvailable('permissionmanager')) + return; + if (!User::hasPermission('.permissionmanager.users.edit-roles')) + return; + $data = ['roles' => PermissionUtil::getRoles($userid, false)]; + Render::addTemplate('user-permissions', $data); + } + } diff --git a/modules-available/adduser/templates/page-adduser.html b/modules-available/adduser/templates/page-adduser.html index 58d705f8..bd16dbbf 100644 --- a/modules-available/adduser/templates/page-adduser.html +++ b/modules-available/adduser/templates/page-adduser.html @@ -1,39 +1,37 @@ -
- - -

{{lang_createUser}}

-
-
-
+ + +

{{lang_createUser}}

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- -
-
- - - +
+ + diff --git a/modules-available/adduser/templates/page-edituser.html b/modules-available/adduser/templates/page-edituser.html index b8e51b5c..36293b11 100644 --- a/modules-available/adduser/templates/page-edituser.html +++ b/modules-available/adduser/templates/page-edituser.html @@ -1,72 +1,70 @@ -
- - -

{{lang_editUser}}

+ + +

{{lang_editUser}}

-
-
-
-
-
-
-
-

- {{lang_changeLoginHint}} -

-
+
+
+
+
+
+
+
+

+ {{lang_changeLoginHint}} +

+
-
-
-
-
-
+
+
+
- {{#password_disabled}} -
-
-
-

- {{lang_changeOwnPasswordHint}} -

-
+
+
+{{#password_disabled}} +
+
+
+

+ {{lang_changeOwnPasswordHint}} +

- {{/password_disabled}} -
+
+{{/password_disabled}} +
-
-
-
-
-
+
+
+
+
+
-
-
-
-
-
+
+
+
+
+
-
-
-
-
+
+
+
-
+
+
-
-
-
- -
+
+
+
+
- - - - +
+ + + diff --git a/modules-available/adduser/templates/user-permissions.html b/modules-available/adduser/templates/user-permissions.html new file mode 100644 index 00000000..ce51630f --- /dev/null +++ b/modules-available/adduser/templates/user-permissions.html @@ -0,0 +1,24 @@ +

{{lang_assignRoles}}

+ + + + + + + + + + + {{#roles}} + + + + + {{/roles}} + +
{{lang_role}}
{{rolename}} +
+ + +
+
\ No newline at end of file diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php index 1f56f4ea..5f528a37 100644 --- a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php +++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php @@ -7,17 +7,19 @@ class PermissionDbUpdate * Insert all user/role combinations into the role_x_user table. * * @param int[] $users userids - * @param string[] $roles roleids + * @param int[] $roles roleids */ public static function addRoleToUser($users, $roles) { + if (empty($users) || empty($roles)) + return 0; $arg = array(); foreach ($users AS $userid) { foreach ($roles AS $roleid) { $arg[] = compact('userid', 'roleid'); } } - Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", + return Database::exec("INSERT IGNORE INTO role_x_user (userid, roleid) VALUES :arg", ['arg' => $arg]); } @@ -25,12 +27,28 @@ class PermissionDbUpdate * Remove all user/role combinations from the role_x_user table. * * @param int[] $users userids - * @param string[] $roles roleids + * @param int[] $roles roleids */ public static function removeRoleFromUser($users, $roles) { + if (empty($users) || empty($roles)) + return 0; $query = "DELETE FROM role_x_user WHERE userid IN (:users) AND roleid IN (:roles)"; - Database::exec($query, array("users" => $users, "roles" => $roles)); + return Database::exec($query, array("users" => $users, "roles" => $roles)); + } + + /** + * Assign the specified roles to given users, removing any roles from the users + * that are not in the given set. + * + * @param int[] $users list of user ids + * @param int[] $roles list of role ids + */ + public static function setRolesForUser($users, $roles) + { + $count = Database::exec("DELETE FROM role_x_user WHERE userid in (:users) AND roleid NOT IN (:roles)", + compact('users', 'roles')); + return $count + self::addRoleToUser($users, $roles); } /** @@ -40,7 +58,7 @@ class PermissionDbUpdate */ public static function deleteRole($roleid) { - Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); + return Database::exec("DELETE FROM role WHERE roleid = :roleid", array("roleid" => $roleid)); } /** diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 29663ed9..a3a2b610 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -231,6 +231,28 @@ class PermissionUtil return $permissions; } + /** + * Get all existing roles. + * + * @param int|false $userid Which user to consider, false = none + * @param bool $onlyMatching true = filter roles the user doesn't have + * @return array list of roles + */ + public static function getRoles($userid = false, $onlyMatching = true) + { + if ($userid === false) { + return Database::queryAll('SELECT roleid, rolename FROM role ORDER BY rolename ASC'); + } + $ret = Database::queryAll('SELECT r.roleid, r.rolename, u.userid AS hasRole FROM role r + LEFT JOIN role_x_user u ON (r.roleid = u.roleid AND u.userid = :userid) + GROUP BY r.roleid + ORDER BY rolename ASC', ['userid' => $userid]); + foreach ($ret as &$role) { + settype($role['hasRole'], 'bool'); + } + return $ret; + } + /** * Place a permission into the given permission tree. * @@ -252,4 +274,5 @@ class PermissionUtil } $tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true); } + } \ No newline at end of file -- cgit v1.2.3-55-g7522 From 3945fad76dc623e784cfb4fedee1978e99958a4e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 20 Mar 2018 11:31:25 +0100 Subject: [adduser] Fix delete message, add translations --- modules-available/adduser/lang/de/messages.json | 3 +++ .../adduser/lang/de/template-tags.json | 4 ++++ modules-available/adduser/lang/en/messages.json | 3 +++ .../adduser/lang/en/template-tags.json | 4 ++++ .../adduser/templates/page-userlist.html | 24 ++++++++++++++++------ 5 files changed, 32 insertions(+), 6 deletions(-) (limited to 'modules-available/adduser/templates') diff --git a/modules-available/adduser/lang/de/messages.json b/modules-available/adduser/lang/de/messages.json index 0ab4571f..207e8056 100644 --- a/modules-available/adduser/lang/de/messages.json +++ b/modules-available/adduser/lang/de/messages.json @@ -1,8 +1,11 @@ { "adduser-success": "Benutzer erfolgreich hinzugef\u00fcgt", + "cannot-delete-1-self": "Sie k\u00f6nnen nicht den Benutzer mit der ID 1 oder sich selbst l\u00f6schen", "db-error": "Datenbankfehler: {{0}}", "password-changed": "Passwort ge\u00e4ndert", "password-mismatch": "Passwort und Passwortbest\u00e4tigung stimmen nicht \u00fcberein", + "roles-updated": "Rollen aktualisiert", + "user-deleted": "Benutzer {{0}} gel\u00f6scht", "user-edited": "Benutzerdaten wurden ge\u00e4ndert", "user-not-found": "Benutzer mit ID {{0}} nicht gefunden" } \ No newline at end of file diff --git a/modules-available/adduser/lang/de/template-tags.json b/modules-available/adduser/lang/de/template-tags.json index 0b6b2530..31a7871e 100644 --- a/modules-available/adduser/lang/de/template-tags.json +++ b/modules-available/adduser/lang/de/template-tags.json @@ -1,8 +1,10 @@ { "lang_addUser": "Nutzer hinzuf\u00fcgen", + "lang_assignRoles": "Rollen zuweisen", "lang_changeLoginHint": "Sie k\u00f6nnen den Namen, den der Nutzer beim Login angeben muss, \u00e4ndern. Dies ist nur bei lokalen Nutzern m\u00f6glich, die nicht \u00fcber LDAP\/AD authentifiziert werden.", "lang_changeOwnPasswordHint": "Ihr eigenes Passwort k\u00f6nnen Sie \u00fcber den Button \"Passwort \u00e4ndern\" im Men\u00fc \u00e4ndern.", "lang_changePassword": "Neues Passwort", + "lang_confirmDelete": "L\u00f6schen best\u00e4tigen", "lang_confirmation": "Wiederholen", "lang_createUser": "Benutzer anlegen", "lang_editUser": "Benutzer bearbeiten", @@ -11,6 +13,8 @@ "lang_login": "Login", "lang_name": "Name", "lang_phone": "Telefon", + "lang_role": "Rolle", + "lang_userDeleteConfirm": "M\u00f6chten Sie diesen Benutzer wirklich l\u00f6schen?", "lang_userManagement": "Benutzerverwaltung", "lang_userlist": "Benutzerliste" } \ No newline at end of file diff --git a/modules-available/adduser/lang/en/messages.json b/modules-available/adduser/lang/en/messages.json index 69af3227..d55e0ec6 100644 --- a/modules-available/adduser/lang/en/messages.json +++ b/modules-available/adduser/lang/en/messages.json @@ -1,8 +1,11 @@ { "adduser-success": "User successfully added", + "cannot-delete-1-self": "Cannot delete user with ID 1 or yourself", "db-error": "Database error: {{0}}", "password-changed": "Password changed", "password-mismatch": "Password and password confirmation do not match", + "roles-updated": "Roles have been updated", + "user-deleted": "Deleted user {{0}}", "user-edited": "User data has been updated", "user-not-found": "User with ID {{0}} not found" } \ No newline at end of file diff --git a/modules-available/adduser/lang/en/template-tags.json b/modules-available/adduser/lang/en/template-tags.json index 2c9b8b53..4fe03711 100644 --- a/modules-available/adduser/lang/en/template-tags.json +++ b/modules-available/adduser/lang/en/template-tags.json @@ -1,8 +1,10 @@ { "lang_addUser": "Add user", + "lang_assignRoles": "Assign roles", "lang_changeLoginHint": "You can change the login identifier used for logging in. This is only enabled for local acounts that are not linked to LDAP\/AD servers.", "lang_changeOwnPasswordHint": "You can change your own password by clicking the \"change password\" button in the menu.", "lang_changePassword": "Change password", + "lang_confirmDelete": "Confirm delete", "lang_confirmation": "Confirm Password", "lang_createUser": "Create User", "lang_editUser": "Edit user", @@ -11,6 +13,8 @@ "lang_login": "Login", "lang_name": "Name", "lang_phone": "Phone", + "lang_role": "Role", + "lang_userDeleteConfirm": "Do you want to delete this user?", "lang_userManagement": "User management", "lang_userlist": "User list" } \ No newline at end of file diff --git a/modules-available/adduser/templates/page-userlist.html b/modules-available/adduser/templates/page-userlist.html index 5b14f7e5..8d9c6de0 100644 --- a/modules-available/adduser/templates/page-userlist.html +++ b/modules-available/adduser/templates/page-userlist.html @@ -18,7 +18,7 @@ {{#list}} - {{login}} + {{login}} {{fullname}} {{phone}} {{email}} @@ -27,8 +27,8 @@ {{^hide_delete}} - {{/hide_delete}} @@ -44,6 +44,19 @@
+